diff options
| author | kumvijaya <kuvmijaya@gmail.com> | 2024-09-26 11:31:07 +0530 |
|---|---|---|
| committer | kumvijaya <kuvmijaya@gmail.com> | 2024-09-26 11:31:07 +0530 |
| commit | a950059053f7394acfb453cc0d8194aa3dc721fa (patch) | |
| tree | eb0acf278f649b5d1417e18e34d728efcd16e745 /interface-definitions/include | |
| parent | f0815f3e9b212f424f5adb0c572a71119ad4a8a0 (diff) | |
| download | vyos-workflow-test-temp-a950059053f7394acfb453cc0d8194aa3dc721fa.tar.gz vyos-workflow-test-temp-a950059053f7394acfb453cc0d8194aa3dc721fa.zip | |
T6732: added same as vyos 1x
Diffstat (limited to 'interface-definitions/include')
566 files changed, 19367 insertions, 0 deletions
diff --git a/interface-definitions/include/accel-ppp/auth-local-users.xml.i b/interface-definitions/include/accel-ppp/auth-local-users.xml.i new file mode 100644 index 0000000..1b40a9e --- /dev/null +++ b/interface-definitions/include/accel-ppp/auth-local-users.xml.i @@ -0,0 +1,54 @@ +<!-- include start from accel-ppp/auth-local-users.xml.i --> +<node name="local-users"> + <properties> + <help>Local user authentication for PPPoE server</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>User name for authentication</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="password"> + <properties> + <help>Password for authentication</help> + </properties> + </leafNode> + <leafNode name="static-ip"> + <properties> + <help>Static client IP address</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <defaultValue>*</defaultValue> + </leafNode> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="upload"> + <properties> + <help>Upload bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-10000000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="download"> + <properties> + <help>Download bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-10000000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i new file mode 100644 index 0000000..ccaed6f --- /dev/null +++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i @@ -0,0 +1,26 @@ +<!-- include start from accel-ppp/auth-mode.xml.i --> +<leafNode name="mode"> + <properties> + <help>Authentication mode used by this server</help> + <valueHelp> + <format>local</format> + <description>Use local username/password configuration</description> + </valueHelp> + <valueHelp> + <format>radius</format> + <description>Use RADIUS server for user autentication</description> + </valueHelp> + <valueHelp> + <format>noauth</format> + <description>Authentication disabled</description> + </valueHelp> + <constraint> + <regex>(local|radius|noauth)</regex> + </constraint> + <completionHelp> + <list>local radius noauth</list> + </completionHelp> + </properties> + <defaultValue>local</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/auth-protocols.xml.i b/interface-definitions/include/accel-ppp/auth-protocols.xml.i new file mode 100644 index 0000000..4ab4753 --- /dev/null +++ b/interface-definitions/include/accel-ppp/auth-protocols.xml.i @@ -0,0 +1,31 @@ +<!-- include start from accel-ppp/auth-protocols.xml.i --> +<leafNode name="protocols"> + <properties> + <help>Authentication protocol for remote access peer</help> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> + <valueHelp> + <format>pap</format> + <description>Authentication via PAP (Password Authentication Protocol)</description> + </valueHelp> + <valueHelp> + <format>chap</format> + <description>Authentication via CHAP (Challenge Handshake Authentication Protocol)</description> + </valueHelp> + <valueHelp> + <format>mschap</format> + <description>Authentication via MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)</description> + </valueHelp> + <valueHelp> + <format>mschap-v2</format> + <description>Authentication via MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)</description> + </valueHelp> + <constraint> + <regex>(pap|chap|mschap|mschap-v2)</regex> + </constraint> + <multi/> + </properties> + <defaultValue>pap chap mschap mschap-v2</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i new file mode 100644 index 0000000..b30a5ee --- /dev/null +++ b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i @@ -0,0 +1,50 @@ +<!-- include start from accel-ppp/client-ip-pool.xml.i --> +<tagNode name="client-ip-pool"> + <properties> + <help>Client IP pool</help> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> + <children> + <leafNode name="range"> + <properties> + <help>Range of IP addresses</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range inside /24 network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + <validator name="ipv4-range-mask" argument="-m 24 -r"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="next-pool"> + <properties> + <help>Next pool name</help> + <completionHelp> + <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-4}</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i new file mode 100644 index 0000000..0c8c2e3 --- /dev/null +++ b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i @@ -0,0 +1,69 @@ +<!-- include start from accel-ppp/client-ipv6-pool.xml.i --> +<tagNode name="client-ipv6-pool"> + <properties> + <help>Pool of client IPv6 addresses</help> + <valueHelp> + <format>txt</format> + <description>Name of IPv6 pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> + <children> + <tagNode name="prefix"> + <properties> + <help>Pool of addresses used to assign to clients</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="mask"> + <properties> + <help>Prefix length used for individual client</help> + <valueHelp> + <format>u32:48-128</format> + <description>Client prefix length</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-128"/> + </constraint> + </properties> + <defaultValue>64</defaultValue> + </leafNode> + </children> + </tagNode> + <tagNode name="delegate"> + <properties> + <help>Subnet used to delegate prefix through DHCPv6-PD (RFC3633)</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="delegation-prefix"> + <properties> + <help>Prefix length delegated to client</help> + <valueHelp> + <format>u32:32-64</format> + <description>Delegated prefix length</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 32-64"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i new file mode 100644 index 0000000..1093f67 --- /dev/null +++ b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i @@ -0,0 +1,17 @@ +<!-- include start from accel-ppp/default-pool.xml.i --> +<leafNode name="default-ipv6-pool"> + <properties> + <help>Default client IPv6 pool name</help> + <completionHelp> + <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ipv6-pool</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Default IPv6 pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/default-pool.xml.i b/interface-definitions/include/accel-ppp/default-pool.xml.i new file mode 100644 index 0000000..e06642c --- /dev/null +++ b/interface-definitions/include/accel-ppp/default-pool.xml.i @@ -0,0 +1,17 @@ +<!-- include start from accel-ppp/default-pool.xml.i --> +<leafNode name="default-pool"> + <properties> + <help>Default client IP pool name</help> + <completionHelp> + <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ip-pool</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Default IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/extended-scripts.xml.i b/interface-definitions/include/accel-ppp/extended-scripts.xml.i new file mode 100644 index 0000000..53ff6d5 --- /dev/null +++ b/interface-definitions/include/accel-ppp/extended-scripts.xml.i @@ -0,0 +1,41 @@ +<!-- include start from accel-ppp/extended-scripts.xml.i --> +<node name="extended-scripts"> + <properties> + <help>Extended script execution</help> + </properties> + <children> + <leafNode name="on-pre-up"> + <properties> + <help>Script to run before session interface comes up</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-up"> + <properties> + <help>Script to run when session interface is completely configured and started</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-down"> + <properties> + <help>Script to run when session interface going to terminate</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-change"> + <properties> + <help>Script to run when session interface changed by RADIUS CoA handling</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i new file mode 100644 index 0000000..dcc58b9 --- /dev/null +++ b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i @@ -0,0 +1,17 @@ +<!-- include start from accel-ppp/gateway-address-multi.xml.i --> +<leafNode name="gateway-address"> + <properties> + <help>Gateway IP address</help> + <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage> + <valueHelp> + <format>ipv4net</format> + <description>Default Gateway, mask send to the client</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/gateway-address.xml.i b/interface-definitions/include/accel-ppp/gateway-address.xml.i new file mode 100644 index 0000000..59f8b50 --- /dev/null +++ b/interface-definitions/include/accel-ppp/gateway-address.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/gateway-address.xml.i --> +<leafNode name="gateway-address"> + <properties> + <help>Gateway IP address</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage> + <valueHelp> + <format>ipv4</format> + <description>Default Gateway send to the client</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/lcp-echo-interval-failure.xml.i b/interface-definitions/include/accel-ppp/lcp-echo-interval-failure.xml.i new file mode 100644 index 0000000..dd7ae12 --- /dev/null +++ b/interface-definitions/include/accel-ppp/lcp-echo-interval-failure.xml.i @@ -0,0 +1,20 @@ +<!-- include start from accel-ppp/lcp-echo-interval-failure.xml.i --> +<leafNode name="lcp-echo-interval"> + <properties> + <help>LCP echo-requests/sec</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> +</leafNode> +<leafNode name="lcp-echo-failure"> + <properties> + <help>Maximum number of Echo-Requests may be sent without valid reply</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/lcp-echo-timeout.xml.i b/interface-definitions/include/accel-ppp/lcp-echo-timeout.xml.i new file mode 100644 index 0000000..a630bec --- /dev/null +++ b/interface-definitions/include/accel-ppp/lcp-echo-timeout.xml.i @@ -0,0 +1,11 @@ +<!-- include start from accel-ppp/lcp-echo-timeout.xml.i --> +<leafNode name="lcp-echo-timeout"> + <properties> + <help>Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/limits.xml.i b/interface-definitions/include/accel-ppp/limits.xml.i new file mode 100644 index 0000000..df72b79 --- /dev/null +++ b/interface-definitions/include/accel-ppp/limits.xml.i @@ -0,0 +1,28 @@ +<!-- include start from accel-ppp/limits.xml.i --> +<node name="limits"> + <properties> + <help>Limits the connection rate from a single source</help> + </properties> + <children> + <leafNode name="connection-limit"> + <properties> + <help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help> + <constraint> + <regex>[0-9]+\/(min|sec)</regex> + </constraint> + <constraintErrorMessage>illegal value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="burst"> + <properties> + <help>Burst count</help> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Timeout in seconds</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/log.xml.i b/interface-definitions/include/accel-ppp/log.xml.i new file mode 100644 index 0000000..96ce93f --- /dev/null +++ b/interface-definitions/include/accel-ppp/log.xml.i @@ -0,0 +1,42 @@ +<!-- include start from accel-ppp/log.xml.i --> +<node name="log"> + <properties> + <help>Server logging </help> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Specifies log level</help> + <valueHelp> + <format>0</format> + <description>Turn off logging</description> + </valueHelp> + <valueHelp> + <format>1</format> + <description>Log only error messages</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>Log error and warning messages</description> + </valueHelp> + <valueHelp> + <format>3</format> + <description>Log error, warning and minimum information messages</description> + </valueHelp> + <valueHelp> + <format>4</format> + <description>Log error, warning and full information messages</description> + </valueHelp> + <valueHelp> + <format>5</format> + <description>Log all messages including debug messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-5"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i new file mode 100644 index 0000000..f6ef410 --- /dev/null +++ b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/max-concurrent-sessions.xml.i --> +<leafNode name="max-concurrent-sessions"> + <properties> + <help>Maximum number of concurrent session start attempts</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Maximum number of concurrent session start attempts</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-65535"/> + </constraint> + <constraintErrorMessage>Maximum concurent sessions must be in range 0-65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i new file mode 100644 index 0000000..5661bdc --- /dev/null +++ b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i @@ -0,0 +1,11 @@ +<!-- include start from accel-ppp/mtu-128-16384.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + </properties> + <defaultValue>1492</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i new file mode 100644 index 0000000..019601c --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i @@ -0,0 +1,14 @@ +<!-- include start from accel-ppp/ppp-interface-cache.xml.i --> +<leafNode name="interface-cache"> + <properties> + <help>PPP interface cache</help> + <valueHelp> + <format>u32:1-256000</format> + <description>Count of interfaces to keep in cache</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256000"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-mppe.xml.i b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i new file mode 100644 index 0000000..4c2e84c --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i @@ -0,0 +1,26 @@ +<!-- include start from accel-ppp/ppp-mppe.xml.i --> +<leafNode name="mppe"> + <properties> + <help>Specifies mppe negotiation preferences</help> + <completionHelp> + <list>require prefer deny</list> + </completionHelp> + <valueHelp> + <format>require</format> + <description>send mppe request, if client rejects, drop the connection</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>send mppe request, if client rejects continue</description> + </valueHelp> + <valueHelp> + <format>deny</format> + <description>drop all mppe</description> + </valueHelp> + <constraint> + <regex>(require|prefer|deny)</regex> + </constraint> + </properties> + <defaultValue>prefer</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i new file mode 100644 index 0000000..a45390f --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i @@ -0,0 +1,23 @@ +<!-- include start from accel-ppp/ppp-options-ipv4.xml.i --> +<leafNode name="ipv4"> + <properties> + <help>IPv4 negotiation algorithm</help> + <constraint> + <regex>(deny|allow)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv4</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv4 only if client requests</description> + </valueHelp> + <completionHelp> + <list>deny allow</list> + </completionHelp> + </properties> + <defaultValue>allow</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i new file mode 100644 index 0000000..c4cf0a4 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i @@ -0,0 +1,54 @@ +<!-- include start from accel-ppp/ppp-options-ipv6-interface-id.xml.i --> +<leafNode name="ipv6-interface-id"> + <properties> + <help>Fixed or random interface identifier for IPv6</help> + <completionHelp> + <list>random</list> + </completionHelp> + <valueHelp> + <format>random</format> + <description>Random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>x:x:x:x</format> + <description>specify interface identifier for IPv6</description> + </valueHelp> + <constraint> + <regex>(random|((\d+){1,4}:){3}(\d+){1,4})</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="ipv6-peer-interface-id"> + <properties> + <help>Peer interface identifier for IPv6</help> + <completionHelp> + <list>random calling-sid ipv4-addr</list> + </completionHelp> + <valueHelp> + <format>x:x:x:x</format> + <description>Interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>random</format> + <description>Use a random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv4-addr</format> + <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description> + </valueHelp> + <valueHelp> + <format>calling-sid</format> + <description>Calculate interface identifier from calling-station-id</description> + </valueHelp> + <constraint> + <regex>(random|calling-sid|ipv4-addr|((\d+){1,4}:){3}(\d+){1,4})</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="ipv6-accept-peer-interface-id"> + <properties> + <help>Accept peer interface identifier</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i new file mode 100644 index 0000000..98abc11 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i @@ -0,0 +1,31 @@ +<!-- include start from accel-ppp/ppp-options-ipv6.xml.i --> +<leafNode name="ipv6"> + <properties> + <help>IPv6 (IPCP6) negotiation algorithm</help> + <constraint> + <regex>(deny|allow|prefer|require)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv6</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv6 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for IPv6 negotiation, do not fail if it rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Require IPv6 negotiation</description> + </valueHelp> + <completionHelp> + <list>deny allow prefer require</list> + </completionHelp> + </properties> + <defaultValue>deny</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-options.xml.i b/interface-definitions/include/accel-ppp/ppp-options.xml.i new file mode 100644 index 0000000..9b4f1d0 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options.xml.i @@ -0,0 +1,65 @@ +<!-- include start from accel-ppp/ppp-options.xml.i --> +<node name="ppp-options"> + <properties> + <help>Advanced protocol options</help> + </properties> + <children> + <leafNode name="min-mtu"> + <properties> + <help>Minimum acceptable MTU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mru"> + <properties> + <help>Preferred MRU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="disable-ccp"> + <properties> + <help>Disable Compression Control Protocol (CCP)</help> + <valueless /> + </properties> + </leafNode> + #include <include/accel-ppp/ppp-mppe.xml.i> + #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> + #include <include/accel-ppp/lcp-echo-timeout.xml.i> + #include <include/accel-ppp/ppp-interface-cache.xml.i> + <leafNode name="ipv4"> + <properties> + <help>IPv4 (IPCP) negotiation algorithm</help> + <constraint> + <regex>(deny|allow|prefer|require)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv4</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv4 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for IPv4 negotiation, do not fail if it rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Require IPv4 negotiation</description> + </valueHelp> + <completionHelp> + <list>deny allow prefer require</list> + </completionHelp> + </properties> + </leafNode> + #include <include/accel-ppp/ppp-options-ipv6.xml.i> + #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i b/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i new file mode 100644 index 0000000..311ef96 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/radius-accounting-interim-interval.xml.i --> +<leafNode name="accounting-interim-interval"> + <properties> + <help>Interval in seconds to send accounting information</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Interval in seconds to send accounting information</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + <constraintErrorMessage>Interval value must be between 1 and 3600 seconds</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-additions-disable-accounting.xml.i b/interface-definitions/include/accel-ppp/radius-additions-disable-accounting.xml.i new file mode 100644 index 0000000..c723c31 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-additions-disable-accounting.xml.i @@ -0,0 +1,8 @@ +<!-- include start from accel-ppp/radius-additions-disable-accounting.xml.i --> +<leafNode name="disable-accounting"> + <properties> + <help>Disable accounting</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i new file mode 100644 index 0000000..c0367b8 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i @@ -0,0 +1,40 @@ +<!-- include start from accel-ppp/radius-additions-rate-limit.xml.i --> +<node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="attribute"> + <properties> + <help>RADIUS attribute that contains rate information</help> + </properties> + <defaultValue>Filter-Id</defaultValue> + </leafNode> + <leafNode name="vendor"> + <properties> + <help>Vendor dictionary</help> + </properties> + </leafNode> + <leafNode name="enable"> + <properties> + <help>Enable bandwidth shaping via RADIUS</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="multiplier"> + <properties> + <help>Shaper multiplier</help> + <valueHelp> + <format><0.001-1000></format> + <description>Shaper multiplier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0.001-1000 --float"/> + </constraint> + <constraintErrorMessage>Multiplier needs to be between 0.001 and 1000</constraintErrorMessage> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i new file mode 100644 index 0000000..5222ba8 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -0,0 +1,158 @@ +<!-- include start from accel-ppp/radius-additions.xml.i --> +<node name="radius"> + <children> + <leafNode name="accounting-interim-interval"> + <properties> + <help>Interval in seconds to send accounting information</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Interval in seconds to send accounting information</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + <constraintErrorMessage>Interval value must be between 1 and 3600 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="acct-interim-jitter"> + <properties> + <help>Maximum jitter value in seconds to be applied to accounting information interval</help> + <valueHelp> + <format>u32:1-60</format> + <description>Maximum jitter value in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-60"/> + </constraint> + <constraintErrorMessage>Jitter value must be between 1 and 60 seconds</constraintErrorMessage> + </properties> + </leafNode> + <tagNode name="server"> + <children> + <leafNode name="acct-port"> + <properties> + <help>Accounting port</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1813</defaultValue> + </leafNode> + #include <include/accel-ppp/radius-additions-disable-accounting.xml.i> + <leafNode name="fail-time"> + <properties> + <help>Mark server unavailable for <n> seconds on failure</help> + <valueHelp> + <format>u32:0-600</format> + <description>Fail time penalty</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + #include <include/radius-priority.xml.i> + <leafNode name="backup"> + <properties> + <help>Use backup server if other servers are not available</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="timeout"> + <properties> + <help>Timeout in seconds to wait response from RADIUS server</help> + <valueHelp> + <format>u32:1-60</format> + <description>Timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + <leafNode name="acct-timeout"> + <properties> + <help>Timeout for Interim-Update packets, terminate session afterwards</help> + <valueHelp> + <format>u32:0-60</format> + <description>Timeout in seconds, 0 to keep active</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + <leafNode name="max-try"> + <properties> + <help>Number of tries to send Access-Request/Accounting-Request queries</help> + <valueHelp> + <format>u32:1-20</format> + <description>Maximum tries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20"/> + </constraint> + <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + #include <include/radius-nas-identifier.xml.i> + #include <include/radius-nas-ip-address.xml.i> + <leafNode name="preallocate-vif"> + <properties> + <help>Enable attribute NAS-Port-Id in Access-Request</help> + <valueless/> + </properties> + </leafNode> + <node name="dynamic-author"> + <properties> + <help>Dynamic Authorization Extension/Change of Authorization server</help> + </properties> + <children> + <leafNode name="server"> + <properties> + <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address for dynamic authorization server</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> + <valueHelp> + <format>u32:1-65535</format> + <description>TCP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1700</defaultValue> + </leafNode> + <leafNode name="key"> + <properties> + <help>Shared secret for Dynamic Authorization Extension server</help> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/shaper.xml.i b/interface-definitions/include/accel-ppp/shaper.xml.i new file mode 100644 index 0000000..b4f9536 --- /dev/null +++ b/interface-definitions/include/accel-ppp/shaper.xml.i @@ -0,0 +1,21 @@ +<!-- include start from accel-ppp/shaper.xml.i --> +<node name="shaper"> + <properties> + <help>Traffic shaper bandwidth parameters</help> + </properties> + <children> + <leafNode name="fwmark"> + <properties> + <help>Firewall mark value for traffic that excludes from shaping</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Match firewall mark value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/snmp.xml.i b/interface-definitions/include/accel-ppp/snmp.xml.i new file mode 100644 index 0000000..373ced1 --- /dev/null +++ b/interface-definitions/include/accel-ppp/snmp.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/snmp.xml.i --> +<node name="snmp"> + <properties> + <help>Enable SNMP</help> + </properties> + <children> + <leafNode name="master-agent"> + <properties> + <help>Enable SNMP master agent mode</help> + <valueless /> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/vlan-mon.xml.i b/interface-definitions/include/accel-ppp/vlan-mon.xml.i new file mode 100644 index 0000000..d5bacb0 --- /dev/null +++ b/interface-definitions/include/accel-ppp/vlan-mon.xml.i @@ -0,0 +1,8 @@ +<!-- include start from accel-ppp/vlan-mon.xml.i --> +<leafNode name="vlan-mon"> + <properties> + <help>Automatically create VLAN interfaces</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/vlan.xml.i b/interface-definitions/include/accel-ppp/vlan.xml.i new file mode 100644 index 0000000..5ef4de6 --- /dev/null +++ b/interface-definitions/include/accel-ppp/vlan.xml.i @@ -0,0 +1,20 @@ +<!-- include start from accel-ppp/vlan.xml.i --> +<leafNode name="vlan"> + <properties> + <help>VLAN monitor for automatic creation of VLAN interfaces</help> + <valueHelp> + <format>u32:1-4094</format> + <description>VLAN for automatic creation</description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>VLAN range for automatic creation (e.g. 1-4094)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 1-4094"/> + </constraint> + <constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/wins-server.xml.i b/interface-definitions/include/accel-ppp/wins-server.xml.i new file mode 100644 index 0000000..f7f483f --- /dev/null +++ b/interface-definitions/include/accel-ppp/wins-server.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/wins-server.xml.i --> +<leafNode name="wins-server"> + <properties> + <help>Windows Internet Name Service (WINS) servers propagated to client</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/address-ipv4-ipv6-single.xml.i b/interface-definitions/include/address-ipv4-ipv6-single.xml.i new file mode 100644 index 0000000..dc3d6fc --- /dev/null +++ b/interface-definitions/include/address-ipv4-ipv6-single.xml.i @@ -0,0 +1,18 @@ +<!-- include start from interface/address-ipv4-ipv6.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/allow-client.xml.i b/interface-definitions/include/allow-client.xml.i new file mode 100644 index 0000000..1b06e2c --- /dev/null +++ b/interface-definitions/include/allow-client.xml.i @@ -0,0 +1,35 @@ +<!-- include start from allow-client.xml.i --> +<node name="allow-client"> + <properties> + <help>Restrict to allowed IP client addresses</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Allowed IP client addresses</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ip-cidr"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/arp-ndp-table-size.xml.i b/interface-definitions/include/arp-ndp-table-size.xml.i new file mode 100644 index 0000000..dec86e9 --- /dev/null +++ b/interface-definitions/include/arp-ndp-table-size.xml.i @@ -0,0 +1,14 @@ +<!-- include start from arp-ndp-table-size.xml.i --> +<leafNode name="table-size"> + <properties> + <help>Maximum number of entries to keep in the cache</help> + <completionHelp> + <list>1024 2048 4096 8192 16384 32768</list> + </completionHelp> + <constraint> + <regex>(1024|2048|4096|8192|16384|32768)</regex> + </constraint> + </properties> + <defaultValue>8192</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/auth-local-users.xml.i b/interface-definitions/include/auth-local-users.xml.i new file mode 100644 index 0000000..9fb5074 --- /dev/null +++ b/interface-definitions/include/auth-local-users.xml.i @@ -0,0 +1,26 @@ +<!-- include start from auth-local-users.xml.i --> +<node name="local-users"> + <properties> + <help>Local user authentication</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>Username used for authentication</help> + <valueHelp> + <format>txt</format> + <description>Username used for authentication</description> + </valueHelp> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="password"> + <properties> + <help>Password used for authentication</help> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/babel/interface.xml.i b/interface-definitions/include/babel/interface.xml.i new file mode 100644 index 0000000..a122ef0 --- /dev/null +++ b/interface-definitions/include/babel/interface.xml.i @@ -0,0 +1,187 @@ +<!-- include start from babel/interface.xml.i --> +<tagNode name="interface"> + <properties> + <help>Interface name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <leafNode name="type"> + <properties> + <help>Interface type</help> + <completionHelp> + <list>auto wired wireless</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Automatically detect interface type</description> + </valueHelp> + <valueHelp> + <format>wired</format> + <description>Wired interface</description> + </valueHelp> + <valueHelp> + <format>wireless</format> + <description>Wireless interface</description> + </valueHelp> + <constraint> + <regex>(auto|wired|wireless)</regex> + </constraint> + </properties> + <defaultValue>auto</defaultValue> + </leafNode> + <leafNode name="split-horizon"> + <properties> + <help>Split horizon parameters</help> + <completionHelp> + <list>default enable disable</list> + </completionHelp> + <valueHelp> + <format>default</format> + <description>Enable on wired interfaces, and disable on wireless interfaces</description> + </valueHelp> + <valueHelp> + <format>enable</format> + <description>Enable split horizon processing</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable split horizon processing</description> + </valueHelp> + <constraint> + <regex>(default|enable|disable)</regex> + </constraint> + </properties> + <defaultValue>default</defaultValue> + </leafNode> + <leafNode name="hello-interval"> + <properties> + <help>Time between scheduled hellos</help> + <valueHelp> + <format>u32:20-655340</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 20-655340"/> + </constraint> + </properties> + <defaultValue>4000</defaultValue> + </leafNode> + <leafNode name="update-interval"> + <properties> + <help>Time between scheduled updates</help> + <valueHelp> + <format>u32:20-655340</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 20-655340"/> + </constraint> + </properties> + <defaultValue>20000</defaultValue> + </leafNode> + <leafNode name="rxcost"> + <properties> + <help>Base receive cost for this interface</help> + <valueHelp> + <format>u32:1-65534</format> + <description>Base receive cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65534"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rtt-decay"> + <properties> + <help>Decay factor for exponential moving average of RTT samples</help> + <valueHelp> + <format>u32:1-256</format> + <description>Decay factor, in units of 1/256</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + <defaultValue>42</defaultValue> + </leafNode> + <leafNode name="rtt-min"> + <properties> + <help>Minimum RTT</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="rtt-max"> + <properties> + <help>Maximum RTT</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="max-rtt-penalty"> + <properties> + <help>Maximum additional cost due to RTT</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Milliseconds (0 to disable the use of RTT-based cost)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>150</defaultValue> + </leafNode> + <leafNode name="enable-timestamps"> + <properties> + <help>Enable timestamps with each Hello and IHU message in order to compute RTT values</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="channel"> + <properties> + <help>Channel number for diversity routing</help> + <completionHelp> + <list>interfering non-interfering</list> + </completionHelp> + <valueHelp> + <format>u32:1-254</format> + <description>Interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number</description> + </valueHelp> + <valueHelp> + <format>interfering</format> + <description>Interfering interfaces are assumed to interfere with all other channels except non-interfering channels</description> + </valueHelp> + <valueHelp> + <format>non-interfering</format> + <description>Non-interfering interfaces only interfere with themselves</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + <regex>(interfering|non-interfering)</regex> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/bfd/bfd.xml.i b/interface-definitions/include/bfd/bfd.xml.i new file mode 100644 index 0000000..022956d --- /dev/null +++ b/interface-definitions/include/bfd/bfd.xml.i @@ -0,0 +1,10 @@ +<!-- include start from bfd/bfd.xml.i --> +<node name="bfd"> + <properties> + <help>Enable Bidirectional Forwarding Detection (BFD)</help> + </properties> + <children> + #include <include/bfd/profile.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bfd/common.xml.i b/interface-definitions/include/bfd/common.xml.i new file mode 100644 index 0000000..8e6999d --- /dev/null +++ b/interface-definitions/include/bfd/common.xml.i @@ -0,0 +1,90 @@ +<!-- include start from bfd/common.xml.i --> +<leafNode name="echo-mode"> + <properties> + <help>Enables the echo transmission mode</help> + <valueless/> + </properties> +</leafNode> +<node name="interval"> + <properties> + <help>Configure timer intervals</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Minimum interval of receiving control packets</help> + <valueHelp> + <format>u32:10-60000</format> + <description>Interval in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-60000"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + <leafNode name="transmit"> + <properties> + <help>Minimum interval of transmitting control packets</help> + <valueHelp> + <format>u32:10-60000</format> + <description>Interval in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-60000"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + <leafNode name="multiplier"> + <properties> + <help>Multiplier to determine packet loss</help> + <valueHelp> + <format>u32:2-255</format> + <description>Remote transmission interval will be multiplied by this value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-255"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + <leafNode name="echo-interval"> + <properties> + <help>Echo receive transmission interval</help> + <valueHelp> + <format>u32:10-60000</format> + <description>The minimal echo receive transmission interval that this system is capable of handling</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-60000"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="minimum-ttl"> + <properties> + <help>Expect packets with at least this TTL</help> + <valueHelp> + <format>u32:1-254</format> + <description>Minimum TTL expected</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + </constraint> + </properties> +</leafNode> +<leafNode name="passive"> + <properties> + <help>Do not attempt to start sessions</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="shutdown"> + <properties> + <help>Disable this peer</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bfd/profile.xml.i b/interface-definitions/include/bfd/profile.xml.i new file mode 100644 index 0000000..5ff0572 --- /dev/null +++ b/interface-definitions/include/bfd/profile.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bfd/profile.xml.i --> +<leafNode name="profile"> + <properties> + <help>Use settings from BFD profile</help> + <completionHelp> + <path>protocols bfd profile</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>BFD profile name</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-aggregate-address.xml.i b/interface-definitions/include/bgp/afi-aggregate-address.xml.i new file mode 100644 index 0000000..c1b7958 --- /dev/null +++ b/interface-definitions/include/bgp/afi-aggregate-address.xml.i @@ -0,0 +1,15 @@ +<!-- include start from bgp/afi-aggregate-address.xml.i --> +<leafNode name="as-set"> + <properties> + <help>Generate AS-set path information for this aggregate address</help> + <valueless/> + </properties> +</leafNode> +#include <include/route-map.xml.i> +<leafNode name="summary-only"> + <properties> + <help>Announce the aggregate summary network only</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-allowas-in.xml.i b/interface-definitions/include/bgp/afi-allowas-in.xml.i new file mode 100644 index 0000000..2df4b85 --- /dev/null +++ b/interface-definitions/include/bgp/afi-allowas-in.xml.i @@ -0,0 +1,21 @@ +<!-- include start from bgp/afi-allowas-in.xml.i --> +<node name="allowas-in"> + <properties> + <help>Accept route that contains the local-as in the as-path</help> + </properties> + <children> + <leafNode name="number"> + <properties> + <help>Number of occurrences of AS number</help> + <valueHelp> + <format>u32:1-10</format> + <description>Number of times AS is allowed in path</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-attribute-unchanged.xml.i b/interface-definitions/include/bgp/afi-attribute-unchanged.xml.i new file mode 100644 index 0000000..6d39e45 --- /dev/null +++ b/interface-definitions/include/bgp/afi-attribute-unchanged.xml.i @@ -0,0 +1,27 @@ +<!-- include start from bgp/afi-attribute-unchanged.xml.i --> +<node name="attribute-unchanged"> + <properties> + <help>BGP attributes are sent unchanged</help> + </properties> + <children> + <leafNode name="as-path"> + <properties> + <help>Send AS path unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="med"> + <properties> + <help>Send multi-exit discriminator unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="next-hop"> + <properties> + <help>Send nexthop unchanged</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-capability-orf.xml.i b/interface-definitions/include/bgp/afi-capability-orf.xml.i new file mode 100644 index 0000000..05c3368 --- /dev/null +++ b/interface-definitions/include/bgp/afi-capability-orf.xml.i @@ -0,0 +1,28 @@ +<!-- include start from bgp/afi-capability-orf.xml.i --> +<node name="orf"> + <properties> + <help>Advertise ORF capability to this peer</help> + </properties> + <children> + <node name="prefix-list"> + <properties> + <help>Advertise prefix-list ORF capability to this peer</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Capability to receive the ORF</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="send"> + <properties> + <help>Capability to send the ORF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-common-flowspec.xml.i b/interface-definitions/include/bgp/afi-common-flowspec.xml.i new file mode 100644 index 0000000..fb3308e --- /dev/null +++ b/interface-definitions/include/bgp/afi-common-flowspec.xml.i @@ -0,0 +1,7 @@ +<!-- include start from bgp/afi-common-flowspec.xml.i --> +#include <include/bgp/afi-filter-list.xml.i> +#include <include/bgp/afi-route-map.xml.i> +#include <include/bgp/afi-route-reflector-client.xml.i> +#include <include/bgp/afi-route-server-client.xml.i> +#include <include/bgp/afi-soft-reconfiguration.xml.i> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-default-originate.xml.i b/interface-definitions/include/bgp/afi-default-originate.xml.i new file mode 100644 index 0000000..ba1ec57 --- /dev/null +++ b/interface-definitions/include/bgp/afi-default-originate.xml.i @@ -0,0 +1,10 @@ +<!-- include start from bgp/afi-default-originate.xml.i --> +<node name="default-originate"> + <properties> + <help>Originate default route to this peer</help> + </properties> + <children> + #include <include/route-map.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-export-import.xml.i b/interface-definitions/include/bgp/afi-export-import.xml.i new file mode 100644 index 0000000..5223af0 --- /dev/null +++ b/interface-definitions/include/bgp/afi-export-import.xml.i @@ -0,0 +1,42 @@ +<!-- include start from bgp/afi-export-import.xml.i --> +<node name="export"> + <properties> + <help>Export routes from this address-family</help> + </properties> + <children> + <leafNode name="vpn"> + <properties> + <help>to/from default instance VPN RIB</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="import"> + <properties> + <help>Import routes to this address-family</help> + </properties> + <children> + <leafNode name="vpn"> + <properties> + <help>to/from default instance VPN RIB</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="vrf"> + <properties> + <help>VRF to import from</help> + <valueHelp> + <format>txt</format> + <description>VRF instance name</description> + </valueHelp> + <completionHelp> + <path>vrf name</path> + <list>default</list> + </completionHelp> + <multi/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-filter-list.xml.i b/interface-definitions/include/bgp/afi-filter-list.xml.i new file mode 100644 index 0000000..df7619a --- /dev/null +++ b/interface-definitions/include/bgp/afi-filter-list.xml.i @@ -0,0 +1,25 @@ +<!-- include start from bgp/afi-filter-list.xml.i --> +<node name="filter-list"> + <properties> + <help>as-path-list to filter route updates to/from this peer</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>As-path-list to filter outgoing route updates to this peer</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>As-path-list to filter incoming route updates from this peer</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i new file mode 100644 index 0000000..0f760da --- /dev/null +++ b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i @@ -0,0 +1,41 @@ +<!-- include start from bgp/afi-ipv4-prefix-list.xml.i --> +<node name="prefix-list"> + <properties> + <help>IPv4-Prefix-list to filter route updates to/from this peer</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>IPv4-Prefix-list to filter outgoing route updates to this peer</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv4 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>IPv4-Prefix-list to filter incoming route updates from this peer</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv4 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-ipv6-nexthop-local.xml.i b/interface-definitions/include/bgp/afi-ipv6-nexthop-local.xml.i new file mode 100644 index 0000000..c232545 --- /dev/null +++ b/interface-definitions/include/bgp/afi-ipv6-nexthop-local.xml.i @@ -0,0 +1,15 @@ +<!-- include start from bgp/afi-ipv6-nexthop-local.xml.i --> + <node name="nexthop-local"> + <properties> + <help>Nexthop attributes</help> + </properties> + <children> + <leafNode name="unchanged"> + <properties> + <help>Leave link-local nexthop unchanged for this peer</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i new file mode 100644 index 0000000..268d9cb --- /dev/null +++ b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i @@ -0,0 +1,41 @@ +<!-- include start from bgp/afi-ipv6-prefix-list.xml.i --> +<node name="prefix-list"> + <properties> + <help>Prefix-list to filter route updates to/from this peer</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Prefix-list to filter outgoing route updates to this peer</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv6 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Prefix-list to filter incoming route updates from this peer</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv6 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-l2vpn-advertise.xml.i b/interface-definitions/include/bgp/afi-l2vpn-advertise.xml.i new file mode 100644 index 0000000..caf0b6b --- /dev/null +++ b/interface-definitions/include/bgp/afi-l2vpn-advertise.xml.i @@ -0,0 +1,10 @@ +<!-- include start from bgp/bgp-afi-l2vpn-advertise.xml.i --> +<node name="unicast"> + <properties> + <help>IPv4 address family</help> + </properties> + <children> + #include <include/route-map.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i new file mode 100644 index 0000000..fef3daf --- /dev/null +++ b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i @@ -0,0 +1,61 @@ +<!-- include start from bgp/afi-l2vpn-common.xml.i --> +<leafNode name="advertise-default-gw"> + <properties> + <help>Advertise All default g/w mac-ip routes in EVPN</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="advertise-svi-ip"> + <properties> + <help>Advertise svi mac-ip routes in EVPN</help> + <valueless/> + </properties> +</leafNode> +#include <include/bgp/route-distinguisher.xml.i> +<node name="route-target"> + <properties> + <help>Route Target</help> + </properties> + <children> + <leafNode name="both"> + <properties> + <help>Route Target both import and export</help> + <valueHelp> + <format>txt</format> + <description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Route Target import</help> + <valueHelp> + <format>txt</format> + <description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="export"> + <properties> + <help>Route Target export</help> + <valueHelp> + <format>txt</format> + <description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-label.xml.i b/interface-definitions/include/bgp/afi-label.xml.i new file mode 100644 index 0000000..2c5eed1 --- /dev/null +++ b/interface-definitions/include/bgp/afi-label.xml.i @@ -0,0 +1,49 @@ +<!-- include start from bgp/afi-label.xml.i --> +<node name="label"> + <properties> + <help>Label value for VRF</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current address-family and VPN</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current address-family to VPN</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Automatically assign a label</description> + </valueHelp> + <valueHelp> + <format>u32:0-1048575</format> + <description>Label Value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-1048575"/> + <regex>(auto)</regex> + </constraint> + </properties> + </leafNode> + <node name="allocation-mode"> + <properties> + <help>Label allocation mode</help> + </properties> + <children> + <leafNode name="per-nexthop"> + <properties> + <help>Allocate a label per connected next-hop in the VRF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-maximum-paths.xml.i b/interface-definitions/include/bgp/afi-maximum-paths.xml.i new file mode 100644 index 0000000..5358bb7 --- /dev/null +++ b/interface-definitions/include/bgp/afi-maximum-paths.xml.i @@ -0,0 +1,33 @@ +<!-- include start from bgp/afi-maximum-paths.xml.i --> +<node name="maximum-paths"> + <properties> + <help>Forward packets over multiple paths</help> + </properties> + <children> + <leafNode name="ebgp"> + <properties> + <help>eBGP maximum paths</help> + <valueHelp> + <format>u32:1-256</format> + <description>Number of paths to consider</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ibgp"> + <properties> + <help>iBGP maximum paths</help> + <valueHelp> + <format>u32:1-256</format> + <description>Number of paths to consider</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-nexthop-self.xml.i b/interface-definitions/include/bgp/afi-nexthop-self.xml.i new file mode 100644 index 0000000..36a7512 --- /dev/null +++ b/interface-definitions/include/bgp/afi-nexthop-self.xml.i @@ -0,0 +1,15 @@ +<!-- include start from bgp/afi-nexthop-self.xml.i --> +<node name="nexthop-self"> + <properties> + <help>Disable the next hop calculation for this peer</help> + </properties> + <children> + <leafNode name="force"> + <properties> + <help>Set the next hop to self for reflected routes</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i new file mode 100644 index 0000000..d90597f --- /dev/null +++ b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i @@ -0,0 +1,32 @@ +<!-- include start from bgp/afi-nexthop-vpn-export.xml.i --> +<node name="nexthop"> + <properties> + <help>Specify next hop to use for VRF advertised prefixes</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current address-family and vpn</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current address-family to vpn</help> + <valueHelp> + <format>ipv4</format> + <description>BGP neighbor IP address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>BGP neighbor IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> + <!-- include end --> diff --git a/interface-definitions/include/bgp/afi-path-limit.xml.i b/interface-definitions/include/bgp/afi-path-limit.xml.i new file mode 100644 index 0000000..e3d630a --- /dev/null +++ b/interface-definitions/include/bgp/afi-path-limit.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/afi-path-limit.xml.i --> +<leafNode name="path-limit"> + <properties> + <help>AS-path hopcount limit</help> + <valueHelp> + <format>u32:0-255</format> + <description>AS path hop count limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-rd.xml.i b/interface-definitions/include/bgp/afi-rd.xml.i new file mode 100644 index 0000000..beb1447 --- /dev/null +++ b/interface-definitions/include/bgp/afi-rd.xml.i @@ -0,0 +1,28 @@ +<!-- include start from bgp/afi-rd.xml.i --> +<node name="rd"> + <properties> + <help>Specify route distinguisher</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current address-family and VPN</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current address-family to VPN</help> + <valueHelp> + <format>ASN:NN_OR_IP-ADDRESS:NN</format> + <description>Route Distinguisher, (x.x.x.x:yyy|xxxx:yyyy)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-distinguisher"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-redistribute-metric-route-map.xml.i b/interface-definitions/include/bgp/afi-redistribute-metric-route-map.xml.i new file mode 100644 index 0000000..d4c7ac4 --- /dev/null +++ b/interface-definitions/include/bgp/afi-redistribute-metric-route-map.xml.i @@ -0,0 +1,12 @@ +<!-- include start from bgp/afi-redistribute-metric-route-map.xml.i --> +<leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Metric for redistributed routes</description> + </valueHelp> + </properties> +</leafNode> +#include <include/route-map.xml.i> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i new file mode 100644 index 0000000..3889912 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i @@ -0,0 +1,34 @@ +<!-- include start from bgp/afi-route-map.xml.i --> +<leafNode name="export"> + <properties> + <help>Route-map to filter outgoing route updates</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="import"> + <properties> + <help>Route-map to filter incoming route updates</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i new file mode 100644 index 0000000..e6be113 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i @@ -0,0 +1,17 @@ +<!-- include start from bgp/afi-route-map-vpn.xml.i --> +<node name="route-map"> + <properties> + <help>Route-map to filter route updates to/from this peer</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current address-family and VPN</help> + </properties> + <children> + #include <include/bgp/afi-route-map-export-import.xml.i> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map.xml.i b/interface-definitions/include/bgp/afi-route-map.xml.i new file mode 100644 index 0000000..0b61781 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map.xml.i @@ -0,0 +1,10 @@ +<!-- include start from bgp/afi-route-map.xml.i --> +<node name="route-map"> + <properties> + <help>Route-map to filter route updates to/from this peer</help> + </properties> + <children> + #include <include/bgp/afi-route-map-export-import.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-reflector-client.xml.i b/interface-definitions/include/bgp/afi-route-reflector-client.xml.i new file mode 100644 index 0000000..dcb2d18 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-reflector-client.xml.i @@ -0,0 +1,8 @@ +<!-- include start from bgp/afi-route-reflector-client.xml.i --> +<leafNode name="route-reflector-client"> + <properties> + <help>Peer is a route reflector client</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-server-client.xml.i b/interface-definitions/include/bgp/afi-route-server-client.xml.i new file mode 100644 index 0000000..9bb628e --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-server-client.xml.i @@ -0,0 +1,8 @@ +<!-- include start from bgp/afi-route-server-client.xml.i --> +<leafNode name="route-server-client"> + <properties> + <help>Peer is a route server client</help> + <valueless/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/bgp/afi-route-target-vpn.xml.i b/interface-definitions/include/bgp/afi-route-target-vpn.xml.i new file mode 100644 index 0000000..5784f9e --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-target-vpn.xml.i @@ -0,0 +1,52 @@ +<!-- include start from bgp/route-target-both.xml.i --> +<node name="route-target"> + <properties> + <help>Specify route target list</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current address-family and VPN</help> + </properties> + <children> + <leafNode name="both"> + <properties> + <help>Route Target both import and export</help> + <valueHelp> + <format>txt</format> + <description>Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target-multi"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Route Target import</help> + <valueHelp> + <format>txt</format> + <description>Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target-multi"/> + </constraint> + </properties> + </leafNode> + <leafNode name="export"> + <properties> + <help>Route Target export</help> + <valueHelp> + <format>txt</format> + <description>Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target-multi"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-sid.xml.i b/interface-definitions/include/bgp/afi-sid.xml.i new file mode 100644 index 0000000..38a3dcf --- /dev/null +++ b/interface-definitions/include/bgp/afi-sid.xml.i @@ -0,0 +1,36 @@ +<!-- include start from bgp/sid.xml.i --> +<node name="sid"> + <properties> + <help>SID value for VRF</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current VRF and VPN</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current VRF to VPN</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>u32:1-1048575</format> + <description>SID allocation index</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Automatically assign a label</description> + </valueHelp> + <constraint> + <regex>auto</regex> + <validator name="numeric" argument="--range 1-1048575"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <!-- include end --> diff --git a/interface-definitions/include/bgp/afi-soft-reconfiguration.xml.i b/interface-definitions/include/bgp/afi-soft-reconfiguration.xml.i new file mode 100644 index 0000000..4933671 --- /dev/null +++ b/interface-definitions/include/bgp/afi-soft-reconfiguration.xml.i @@ -0,0 +1,15 @@ +<!-- include start from bgp/afi-soft-reconfiguration.xml.i --> +<node name="soft-reconfiguration"> + <properties> + <help>Soft reconfiguration for peer</help> + </properties> + <children> + <leafNode name="inbound"> + <properties> + <help>Enable inbound soft reconfiguration</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-vpn-label.xml.i b/interface-definitions/include/bgp/afi-vpn-label.xml.i new file mode 100644 index 0000000..6c7e73d --- /dev/null +++ b/interface-definitions/include/bgp/afi-vpn-label.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/afi-vpn-label.xml.i --> +<leafNode name="label"> + <properties> + <help>MPLS label value assigned to route</help> + <valueHelp> + <format>u32:0-1048575</format> + <description>MPLS label value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-1048575"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i new file mode 100644 index 0000000..261d602 --- /dev/null +++ b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/bmp-monitor-afi-policy.xml.i --> +<leafNode name="pre-policy"> + <properties> + <help>Send state before policy and filter processing</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="post-policy"> + <properties> + <help>Send state with policy and filters applied</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-flowspec.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-flowspec.xml.i new file mode 100644 index 0000000..2f0ed72 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-flowspec.xml.i @@ -0,0 +1,11 @@ +<!-- include start from bgp/neighbor-afi-ipv4-flowspec.xml.i --> +<node name="ipv4-flowspec"> + <properties> + <help>IPv4 Flow Specification BGP neighbor parameters</help> + </properties> + <children> + #include <include/bgp/afi-ipv4-prefix-list.xml.i> + #include <include/bgp/afi-common-flowspec.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i new file mode 100644 index 0000000..a433f7c --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i @@ -0,0 +1,204 @@ +<!-- include start from bgp/neighbor-afi-ipv4-ipv6-common.xml.i --> +<leafNode name="addpath-tx-all"> + <properties> + <help>Use addpath to advertise all paths to a neighbor</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="addpath-tx-per-as"> + <properties> + <help>Use addpath to advertise the bestpath per each neighboring AS</help> + <valueless/> + </properties> +</leafNode> +<node name="conditionally-advertise"> + <properties> + <help>Use route-map to conditionally advertise routes</help> + </properties> + <children> + <leafNode name="advertise-map"> + <properties> + <help>Route-map to conditionally advertise routes</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="exist-map"> + <properties> + <help>Advertise routes only if prefixes in exist-map are installed in BGP table</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="non-exist-map"> + <properties> + <help>Advertise routes only if prefixes in non-exist-map are not installed in BGP table</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> +#include <include/bgp/afi-allowas-in.xml.i> +<leafNode name="as-override"> + <properties> + <help>Override ASN in outbound updates to configured neighbor local-as</help> + <valueless/> + </properties> +</leafNode> +#include <include/bgp/afi-attribute-unchanged.xml.i> +<node name="disable-send-community"> + <properties> + <help>Disable sending community attributes to this peer</help> + </properties> + <children> + <leafNode name="extended"> + <properties> + <help>Disable sending extended community attributes to this peer</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="standard"> + <properties> + <help>Disable sending standard community attributes to this peer</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="distribute-list"> + <properties> + <help>Access-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Access-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Access-list to filter outgoing route updates to this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Access-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Access-list to filter incoming route updates from this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +#include <include/bgp/afi-filter-list.xml.i> +<leafNode name="maximum-prefix"> + <properties> + <help>Maximum number of prefixes to accept from this peer</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> +<leafNode name="maximum-prefix-out"> + <properties> + <help>Maximum number of prefixes to be sent to this peer</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> +#include <include/bgp/afi-nexthop-self.xml.i> +<node name="remove-private-as"> + <properties> + <help>Remove private AS numbers from AS path in outbound route updates</help> + </properties> + <children> + <leafNode name="all"> + <properties> + <help>Remove private AS numbers to all AS numbers in outbound route updates</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +#include <include/bgp/afi-route-map.xml.i> +#include <include/bgp/afi-route-reflector-client.xml.i> +#include <include/bgp/afi-route-server-client.xml.i> +#include <include/bgp/afi-soft-reconfiguration.xml.i> +<leafNode name="unsuppress-map"> + <properties> + <help>Route-map to selectively unsuppress suppressed routes</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="weight"> + <properties> + <help>Default weight for routes from this peer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Default weight</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i new file mode 100644 index 0000000..0eae29f --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i @@ -0,0 +1,20 @@ +<!-- include start from bgp/neighbor-afi-ipv4-labeled-unicast.xml.i --> +<node name="ipv4-labeled-unicast"> + <properties> + <help>IPv4 Labeled Unicast BGP neighbor parameters</help> + </properties> + <children> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor (IPv4)</help> + </properties> + <children> + #include <include/bgp/afi-capability-orf.xml.i> + </children> + </node> + #include <include/bgp/afi-ipv4-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + #include <include/bgp/afi-default-originate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i new file mode 100644 index 0000000..4bb6df7 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i @@ -0,0 +1,20 @@ +<!-- include start from bgp/neighbor-afi-ipv4-multicast.xml.i --> +<node name="ipv4-multicast"> + <properties> + <help>IPv4 Multicast BGP neighbor parameters</help> + </properties> + <children> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor (IPv4)</help> + </properties> + <children> + #include <include/bgp/afi-capability-orf.xml.i> + </children> + </node> + #include <include/bgp/afi-ipv4-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + #include <include/bgp/afi-default-originate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i new file mode 100644 index 0000000..0094ce8 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i @@ -0,0 +1,20 @@ +<!-- include start from bgp/neighbor-afi-ipv4-unicast.xml.i --> +<node name="ipv4-unicast"> + <properties> + <help>IPv4 BGP neighbor parameters</help> + </properties> + <children> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor (IPv4)</help> + </properties> + <children> + #include <include/bgp/afi-capability-orf.xml.i> + </children> + </node> + #include <include/bgp/afi-ipv4-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + #include <include/bgp/afi-default-originate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i new file mode 100644 index 0000000..220f22f --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i @@ -0,0 +1,11 @@ +<!-- include start from bgp/neighbor-afi-ipv4-vpn.xml.i --> +<node name="ipv4-vpn"> + <properties> + <help>IPv4 VPN BGP neighbor parameters</help> + </properties> + <children> + #include <include/bgp/afi-ipv4-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-flowspec.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-flowspec.xml.i new file mode 100644 index 0000000..bc61076 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-flowspec.xml.i @@ -0,0 +1,11 @@ +<!-- include start from bgp/neighbor-afi-ipv6-flowspec.xml.i --> +<node name="ipv6-flowspec"> + <properties> + <help>IPv6 Flow Specification BGP neighbor parameters</help> + </properties> + <children> + #include <include/bgp/afi-ipv6-prefix-list.xml.i> + #include <include/bgp/afi-common-flowspec.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i new file mode 100644 index 0000000..9951835 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i @@ -0,0 +1,21 @@ +<!-- include start from bgp/neighbor-afi-ipv6-labeled-unicast.xml.i --> +<node name="ipv6-labeled-unicast"> + <properties> + <help>IPv6 Labeled Unicast BGP neighbor parameters</help> + </properties> + <children> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor (IPv6)</help> + </properties> + <children> + #include <include/bgp/afi-capability-orf.xml.i> + </children> + </node> + #include <include/bgp/afi-ipv6-nexthop-local.xml.i> + #include <include/bgp/afi-ipv6-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + #include <include/bgp/afi-default-originate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i new file mode 100644 index 0000000..bb713c3 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i @@ -0,0 +1,13 @@ +<!-- include start from bgp/neighbor-afi-ipv6-multicast.xml.i --> +<node name="ipv6-multicast"> + <properties> + <help>IPv6 Multicast BGP neighbor parameters</help> + </properties> + <children> + #include <include/bgp/afi-ipv6-nexthop-local.xml.i> + #include <include/bgp/afi-ipv6-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + #include <include/bgp/afi-default-originate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i new file mode 100644 index 0000000..26a5e70 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i @@ -0,0 +1,21 @@ +<!-- include start from bgp/neighbor-afi-ipv6-unicast.xml.i --> +<node name="ipv6-unicast"> + <properties> + <help>IPv6 BGP neighbor parameters</help> + </properties> + <children> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor (IPv6)</help> + </properties> + <children> + #include <include/bgp/afi-capability-orf.xml.i> + </children> + </node> + #include <include/bgp/afi-ipv6-nexthop-local.xml.i> + #include <include/bgp/afi-ipv6-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + #include <include/bgp/afi-default-originate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i new file mode 100644 index 0000000..5c68119 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i @@ -0,0 +1,12 @@ +<!-- include start from bgp/neighbor-afi-ipv6-vpn.xml.i --> +<node name="ipv6-vpn"> + <properties> + <help>IPv6 VPN BGP neighbor parameters</help> + </properties> + <children> + #include <include/bgp/afi-ipv6-nexthop-local.xml.i> + #include <include/bgp/afi-ipv6-prefix-list.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-l2vpn-evpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-l2vpn-evpn.xml.i new file mode 100644 index 0000000..c9f6600 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-l2vpn-evpn.xml.i @@ -0,0 +1,16 @@ +<!-- include start from bgp/neighbor-afi-l2vpn-evpn.xml.i --> +<node name="l2vpn-evpn"> + <properties> + <help>L2VPN EVPN BGP settings</help> + </properties> + <children> + #include <include/bgp/afi-allowas-in.xml.i> + #include <include/bgp/afi-attribute-unchanged.xml.i> + #include <include/bgp/afi-nexthop-self.xml.i> + #include <include/bgp/afi-route-map.xml.i> + #include <include/bgp/afi-route-reflector-client.xml.i> + #include <include/bgp/afi-route-server-client.xml.i> + #include <include/bgp/afi-soft-reconfiguration.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-bfd.xml.i b/interface-definitions/include/bgp/neighbor-bfd.xml.i new file mode 100644 index 0000000..fac2a11 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-bfd.xml.i @@ -0,0 +1,16 @@ +<!-- include start from bgp/neighbor-bfd.xml.i --> +<node name="bfd"> + <properties> + <help>Enable Bidirectional Forwarding Detection (BFD) support</help> + </properties> + <children> + #include <include/bfd/profile.xml.i> + <leafNode name="check-control-plane-failure"> + <properties> + <help>Allow to write CBIT independence in BFD outgoing packets and read both C-BIT value of BFD and lookup BGP peer status</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-capability.xml.i b/interface-definitions/include/bgp/neighbor-capability.xml.i new file mode 100644 index 0000000..c5ed3c8 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-capability.xml.i @@ -0,0 +1,27 @@ +<!-- include start from bgp/neighbor-capability.xml.i --> +<node name="capability"> + <properties> + <help>Advertise capabilities to this peer-group</help> + </properties> + <children> + <leafNode name="dynamic"> + <properties> + <help>Advertise dynamic capability to this neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="extended-nexthop"> + <properties> + <help>Advertise extended-nexthop capability to this neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="software-version"> + <properties> + <help>Advertise Software Version capability to the peer</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-disable-capability-negotiation.xml.i b/interface-definitions/include/bgp/neighbor-disable-capability-negotiation.xml.i new file mode 100644 index 0000000..0c44e47 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-disable-capability-negotiation.xml.i @@ -0,0 +1,8 @@ +<!-- include start from bgp/neighbor-disable-capability-negotiation.xml.i --> +<leafNode name="disable-capability-negotiation"> + <properties> + <help>Disable capability negotiation with this neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-disable-connected-check.xml.i b/interface-definitions/include/bgp/neighbor-disable-connected-check.xml.i new file mode 100644 index 0000000..aef5a55 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-disable-connected-check.xml.i @@ -0,0 +1,8 @@ +<!-- include start from bgp/neighbor-disable-connected-check.xml.i --> +<leafNode name="disable-connected-check"> + <properties> + <help>Allow peerings between eBGP peer using loopback/dummy address</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-ebgp-multihop.xml.i b/interface-definitions/include/bgp/neighbor-ebgp-multihop.xml.i new file mode 100644 index 0000000..c053de7 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-ebgp-multihop.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/neighbor-ebgp-multihop.xml.i --> +<leafNode name="ebgp-multihop"> + <properties> + <help>Allow this EBGP neighbor to not be on a directly connected network</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i new file mode 100644 index 0000000..4399d79 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i @@ -0,0 +1,25 @@ +<!-- include start from bgp/neighbor-graceful-restart.xml.i --> +<leafNode name="graceful-restart"> + <properties> + <help>BGP graceful restart functionality</help> + <completionHelp> + <list>enable disable restart-helper</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable BGP graceful restart at peer level</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable BGP graceful restart at peer level</description> + </valueHelp> + <valueHelp> + <format>restart-helper</format> + <description>Enable BGP graceful restart helper only functionality</description> + </valueHelp> + <constraint> + <regex>(enable|disable|restart-helper)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-local-as.xml.i b/interface-definitions/include/bgp/neighbor-local-as.xml.i new file mode 100644 index 0000000..8868e30 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-local-as.xml.i @@ -0,0 +1,29 @@ +<!-- include start from bgp/neighbor-local-as.xml.i --> +<tagNode name="local-as"> + <properties> + <help>Specify alternate ASN for this BGP process</help> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Autonomous System Number (ASN)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> + <children> + <node name="no-prepend"> + <properties> + <help>Disable prepending local-as from/to updates for eBGP peers</help> + </properties> + <children> + <leafNode name="replace-as"> + <properties> + <help>Prepend only local-as from/to updates for eBGP peers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-local-role.xml.i b/interface-definitions/include/bgp/neighbor-local-role.xml.i new file mode 100644 index 0000000..6ddb490 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-local-role.xml.i @@ -0,0 +1,42 @@ +<!-- include start from bgp/neigbhor-local-role.xml.i --> +<tagNode name="local-role"> + <properties> + <help>Local role for BGP neighbor (RFC9234)</help> + <completionHelp> + <list>customer peer provider rs-client rs-server</list> + </completionHelp> + <valueHelp> + <format>customer</format> + <description>Using Transit</description> + </valueHelp> + <valueHelp> + <format>peer</format> + <description>Public/Private Peering</description> + </valueHelp> + <valueHelp> + <format>provider</format> + <description>Providing Transit</description> + </valueHelp> + <valueHelp> + <format>rs-client</format> + <description>RS Client</description> + </valueHelp> + <valueHelp> + <format>rs-server</format> + <description>Route Server</description> + </valueHelp> + <constraint> + <regex>(provider|rs-server|rs-client|customer|peer)</regex> + </constraint> + <constraintErrorMessage>BGP local-role must be one of the following: customer, peer, provider, rs-client or rs-server</constraintErrorMessage> + </properties> + <children> + <leafNode name="strict"> + <properties> + <help>Neighbor must send this exact capability, otherwise a role missmatch notification will be sent</help> + <valueless/> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-override-capability.xml.i b/interface-definitions/include/bgp/neighbor-override-capability.xml.i new file mode 100644 index 0000000..1ef28b2 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-override-capability.xml.i @@ -0,0 +1,8 @@ +<!-- include start from bgp/neighbor-override-capability.xml.i --> +<leafNode name="override-capability"> + <properties> + <help>Ignore capability negotiation with specified neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-passive.xml.i b/interface-definitions/include/bgp/neighbor-passive.xml.i new file mode 100644 index 0000000..c7d867a --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-passive.xml.i @@ -0,0 +1,8 @@ +<!-- include start from bgp/neighbor-passive.xml.i --> +<leafNode name="passive"> + <properties> + <help>Do not initiate a session with this neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-password.xml.i b/interface-definitions/include/bgp/neighbor-password.xml.i new file mode 100644 index 0000000..3a7eaaa --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-password.xml.i @@ -0,0 +1,7 @@ +<!-- include start from bgp/neighbor-password.xml.i --> +<leafNode name="password"> + <properties> + <help>BGP MD5 password</help> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i new file mode 100644 index 0000000..399a6bc --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i @@ -0,0 +1,34 @@ +<!-- include start from bgp/neighbor-path-attribute.xml.i --> +<node name="path-attribute"> + <properties> + <help>Manipulate path attributes from incoming UPDATE messages</help> + </properties> + <children> + <leafNode name="discard"> + <properties> + <help>Drop specified attributes from incoming UPDATE messages</help> + <valueHelp> + <format>u32:1-255</format> + <description>Attribute number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="treat-as-withdraw"> + <properties> + <help>Treat-as-withdraw any incoming BGP UPDATE messages that contain the specified attribute</help> + <valueHelp> + <format>u32:1-255</format> + <description>Attribute number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-shutdown.xml.i b/interface-definitions/include/bgp/neighbor-shutdown.xml.i new file mode 100644 index 0000000..acc7bc5 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-shutdown.xml.i @@ -0,0 +1,8 @@ +<!-- include start from bgp/neighbor-shutdown.xml.i --> +<leafNode name="shutdown"> + <properties> + <help>Administratively shutdown this neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-ttl-security.xml.i b/interface-definitions/include/bgp/neighbor-ttl-security.xml.i new file mode 100644 index 0000000..6def1fe --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-ttl-security.xml.i @@ -0,0 +1,21 @@ +<!-- include start from bgp/neighbor-ttl-security.xml.i --> +<node name="ttl-security"> + <properties> + <help>Ttl security mechanism</help> + </properties> + <children> + <leafNode name="hops"> + <properties> + <help>Number of the maximum number of hops to the BGP peer</help> + <valueHelp> + <format>u32:1-254</format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-update-source.xml.i b/interface-definitions/include/bgp/neighbor-update-source.xml.i new file mode 100644 index 0000000..92e8171 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-update-source.xml.i @@ -0,0 +1,28 @@ +<!-- include start from bgp/neighbor-update-source.xml.i --> +<leafNode name="update-source"> + <!-- Need to check format interfaces --> + <properties> + <help>Source IP of routing updates</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of route source</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of route source</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Interface as route source</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/peer-group.xml.i b/interface-definitions/include/bgp/peer-group.xml.i new file mode 100644 index 0000000..c80d4a3 --- /dev/null +++ b/interface-definitions/include/bgp/peer-group.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/peer-group.xml.i --> +<leafNode name="peer-group"> + <properties> + <help>Peer group for this peer</help> + <completionHelp> + <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-5} peer-group</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Peer-group name</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i new file mode 100644 index 0000000..0f05625 --- /dev/null +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -0,0 +1,1868 @@ +<!-- include start from bgp/protocol-common-config.xml.i --> +<node name="address-family"> + <properties> + <help>BGP address-family parameters</help> + </properties> + <children> + <node name="ipv4-unicast"> + <properties> + <help>IPv4 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network</help> + <valueHelp> + <format>ipv4net</format> + <description>BGP aggregate network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-aggregate-address.xml.i> + </children> + </tagNode> + <node name="distance"> + <properties> + <help>Administrative distances for BGP routes</help> + </properties> + <children> + <leafNode name="external"> + <properties> + <help>eBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>eBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="internal"> + <properties> + <help>iBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>iBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="local"> + <properties> + <help>Locally originated BGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>Locally originated BGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Administrative distance for a specific BGP prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Administrative distance for a specific BGP prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Administrative distance for prefix</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + #include <include/bgp/afi-export-import.xml.i> + #include <include/bgp/afi-label.xml.i> + #include <include/bgp/afi-maximum-paths.xml.i> + <tagNode name="network"> + <properties> + <help>BGP network</help> + <valueHelp> + <format>ipv4net</format> + <description>BGP network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="backdoor"> + <properties> + <help>Network as a backdoor route</help> + <valueless/> + </properties> + </leafNode> + #include <include/route-map.xml.i> + </children> + </tagNode> + #include <include/bgp/afi-rd.xml.i> + #include <include/bgp/afi-route-map-vpn.xml.i> + #include <include/bgp/afi-route-target-vpn.xml.i> + #include <include/bgp/afi-nexthop-vpn-export.xml.i> + <node name="redistribute"> + <properties> + <help>Redistribute routes from other protocols into BGP</help> + </properties> + <children> + <node name="connected"> + <properties> + <help>Redistribute connected routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="isis"> + <properties> + <help>Redistribute IS-IS routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="ospf"> + <properties> + <help>Redistribute OSPF routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="rip"> + <properties> + <help>Redistribute RIP routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <leafNode name="table"> + <properties> + <help>Redistribute non-main Kernel Routing Table</help> + </properties> + </leafNode> + </children> + </node> + #include <include/bgp/afi-sid.xml.i> + </children> + </node> + <node name="ipv4-multicast"> + <properties> + <help>Multicast IPv4 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network/prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>BGP aggregate network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-aggregate-address.xml.i> + </children> + </tagNode> + <node name="distance"> + <properties> + <help>Administrative distances for BGP routes</help> + </properties> + <children> + <leafNode name="external"> + <properties> + <help>eBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>eBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="internal"> + <properties> + <help>iBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>iBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="local"> + <properties> + <help>Locally originated BGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>Locally originated BGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Administrative distance for a specific BGP prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Administrative distance for a specific BGP prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Administrative distance for prefix</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <tagNode name="network"> + <properties> + <help>Import BGP network/prefix into multicast IPv4 RIB</help> + <valueHelp> + <format>ipv4net</format> + <description>Multicast IPv4 BGP network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="backdoor"> + <properties> + <help>Use BGP network/prefix as a backdoor route</help> + <valueless/> + </properties> + </leafNode> + #include <include/route-map.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="ipv4-labeled-unicast"> + <properties> + <help>Labeled Unicast IPv4 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network/prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>BGP aggregate network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-aggregate-address.xml.i> + </children> + </tagNode> + <tagNode name="network"> + <properties> + <help>Import BGP network/prefix into labeled unicast IPv4 RIB</help> + <valueHelp> + <format>ipv4net</format> + <description>Labeled Unicast IPv4 BGP network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="backdoor"> + <properties> + <help>Use BGP network/prefix as a backdoor route</help> + <valueless/> + </properties> + </leafNode> + #include <include/route-map.xml.i> + </children> + </tagNode> + #include <include/bgp/afi-maximum-paths.xml.i> + </children> + </node> + <node name="ipv4-flowspec"> + <properties> + <help>Flowspec IPv4 BGP settings</help> + </properties> + <children> + <node name="local-install"> + <properties> + <help>Apply local policy routing to interface</help> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </node> + </children> + </node> + <node name="ipv4-vpn"> + <properties> + <help>Unicast VPN IPv4 BGP settings</help> + </properties> + <children> + <tagNode name="network"> + <properties> + <help>Import BGP network/prefix into unicast VPN IPv4 RIB</help> + <valueHelp> + <format>ipv4net</format> + <description>Unicast VPN IPv4 BGP network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/route-distinguisher.xml.i> + #include <include/bgp/afi-vpn-label.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="ipv6-unicast"> + <properties> + <help>IPv6 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network</help> + <valueHelp> + <format>ipv6net</format> + <description>Aggregate network</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-aggregate-address.xml.i> + </children> + </tagNode> + <node name="distance"> + <properties> + <help>Administrative distances for BGP routes</help> + </properties> + <children> + <leafNode name="external"> + <properties> + <help>eBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>eBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="internal"> + <properties> + <help>iBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>iBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="local"> + <properties> + <help>Locally originated BGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>Locally originated BGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Administrative distance for a specific BGP prefix</help> + <valueHelp> + <format>ipv6net</format> + <description>Administrative distance for a specific BGP prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Administrative distance for prefix</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + #include <include/bgp/afi-export-import.xml.i> + #include <include/bgp/afi-label.xml.i> + #include <include/bgp/afi-maximum-paths.xml.i> + <tagNode name="network"> + <properties> + <help>BGP network</help> + <valueHelp> + <format>ipv6net</format> + <description>Aggregate network</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-path-limit.xml.i> + #include <include/route-map.xml.i> + </children> + </tagNode> + #include <include/bgp/afi-rd.xml.i> + #include <include/bgp/afi-route-map-vpn.xml.i> + #include <include/bgp/afi-route-target-vpn.xml.i> + #include <include/bgp/afi-nexthop-vpn-export.xml.i> + <node name="redistribute"> + <properties> + <help>Redistribute routes from other protocols into BGP</help> + </properties> + <children> + <node name="connected"> + <properties> + <help>Redistribute connected routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="ospfv3"> + <properties> + <help>Redistribute OSPFv3 routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="ripng"> + <properties> + <help>Redistribute RIPng routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <leafNode name="table"> + <properties> + <help>Redistribute non-main Kernel Routing Table</help> + </properties> + </leafNode> + </children> + </node> + #include <include/bgp/afi-sid.xml.i> + </children> + </node> + <node name="ipv6-multicast"> + <properties> + <help>Multicast IPv6 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network/prefix</help> + <valueHelp> + <format>ipv6net</format> + <description>BGP aggregate network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-aggregate-address.xml.i> + </children> + </tagNode> + <node name="distance"> + <properties> + <help>Administrative distances for BGP routes</help> + </properties> + <children> + <leafNode name="external"> + <properties> + <help>eBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>eBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="internal"> + <properties> + <help>iBGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>iBGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="local"> + <properties> + <help>Locally originated BGP routes administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>Locally originated BGP routes administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Administrative distance for a specific BGP prefix</help> + <valueHelp> + <format>ipv6net</format> + <description>Administrative distance for a specific BGP prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Administrative distance for prefix</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <tagNode name="network"> + <properties> + <help>Import BGP network/prefix into multicast IPv6 RIB</help> + <valueHelp> + <format>ipv6net</format> + <description>Multicast IPv6 BGP network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-path-limit.xml.i> + #include <include/route-map.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="ipv6-labeled-unicast"> + <properties> + <help>Labeled Unicast IPv6 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network/prefix</help> + <valueHelp> + <format>ipv6net</format> + <description>BGP aggregate network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-aggregate-address.xml.i> + </children> + </tagNode> + <tagNode name="network"> + <properties> + <help>Import BGP network/prefix into labeled unicast IPv6 RIB</help> + <valueHelp> + <format>ipv6net</format> + <description>Labeled Unicast IPv6 BGP network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="backdoor"> + <properties> + <help>Use BGP network/prefix as a backdoor route</help> + <valueless/> + </properties> + </leafNode> + #include <include/route-map.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="ipv6-flowspec"> + <properties> + <help>Flowspec IPv6 BGP settings</help> + </properties> + <children> + <node name="local-install"> + <properties> + <help>Apply local policy routing to interface</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <node name="ipv6-vpn"> + <properties> + <help>Unicast VPN IPv6 BGP settings</help> + </properties> + <children> + <tagNode name="network"> + <properties> + <help>Import BGP network/prefix into unicast VPN IPv6 RIB</help> + <valueHelp> + <format>ipv6net</format> + <description>Unicast VPN IPv6 BGP network/prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/route-distinguisher.xml.i> + #include <include/bgp/afi-vpn-label.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="l2vpn-evpn"> + <properties> + <help>L2VPN EVPN BGP settings</help> + </properties> + <children> + <node name="advertise"> + <properties> + <help>Advertise prefix routes</help> + </properties> + <children> + <node name="ipv4"> + <properties> + <help>IPv4 address family</help> + </properties> + <children> + #include <include/bgp/afi-l2vpn-advertise.xml.i> + </children> + </node> + <node name="ipv6"> + <properties> + <help>IPv6 address family</help> + </properties> + <children> + #include <include/bgp/afi-l2vpn-advertise.xml.i> + </children> + </node> + </children> + </node> + <leafNode name="advertise-all-vni"> + <properties> + <help>Advertise All local VNIs</help> + <valueless/> + </properties> + </leafNode> + #include <include/bgp/afi-l2vpn-common.xml.i> + <leafNode name="advertise-pip"> + <properties> + <help>EVPN system primary IP</help> + <valueHelp> + <format>ipv4</format> + <description>IP address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rt-auto-derive"> + <properties> + <help>Auto derivation of Route Target (RFC8365)</help> + <valueless/> + </properties> + </leafNode> + <node name="default-originate"> + <properties> + <help>Originate a default route</help> + </properties> + <children> + <leafNode name="ipv4"> + <properties> + <help>IPv4 address family</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>IPv6 address family</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="disable-ead-evi-rx"> + <properties> + <help>Activate PE on EAD-ES even if EAD-EVI is not received</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-ead-evi-tx"> + <properties> + <help>Do not advertise EAD-EVI for local ESs</help> + <valueless/> + </properties> + </leafNode> + <node name="ead-es-frag"> + <properties> + <help>EAD ES fragment config</help> + </properties> + <children> + <leafNode name="evi-limit"> + <properties> + <help>EVIs per-fragment</help> + <valueHelp> + <format>u32:1-1000</format> + <description>limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="ead-es-route-target"> + <properties> + <help>EAD ES Route Target</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route Target export</help> + <valueHelp> + <format>txt</format> + <description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target-multi"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="flooding"> + <properties> + <help>Specify handling for BUM packets</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="head-end-replication"> + <properties> + <help>Flood BUM packets using head-end replication</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="mac-vrf"> + <properties> + <help>EVPN MAC-VRF</help> + </properties> + <children> + <leafNode name="soo"> + <properties> + <help>Site-of-Origin extended community</help> + <valueHelp> + <format>ASN:NN</format> + <description>based on autonomous system number in format <0-65535:0-4294967295></description> + </valueHelp> + <valueHelp> + <format>IP:NN</format> + <description>Based on a router-id IP address in format <IP:0-65535></description> + </valueHelp> + <constraint> + <validator name="bgp-extended-community"/> + </constraint> + <constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <tagNode name="vni"> + <properties> + <help>VXLAN Network Identifier</help> + <valueHelp> + <format>u32:1-16777215</format> + <description>VNI number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16777215"/> + </constraint> + </properties> + <children> + #include <include/bgp/afi-l2vpn-common.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<node name="bmp"> + <properties> + <help>BGP Monitoring Protocol (BMP)</help> + </properties> + <children> + <leafNode name="mirror-buffer-limit"> + <properties> + <help>Maximum memory used for buffered mirroring messages (in bytes)</help> + <valueHelp> + <format>u32:0-4294967294</format> + <description>Limit in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <tagNode name="target"> + <properties> + <help>BMP target</help> + </properties> + <children> + #include <include/address-ipv4-ipv6-single.xml.i> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>5000</defaultValue> + </leafNode> + <leafNode name="min-retry"> + <properties> + <help>Minimum connection retry interval (in milliseconds)</help> + <valueHelp> + <format>u32:100-86400000</format> + <description>Minimum connection retry interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-86400000"/> + </constraint> + </properties> + <defaultValue>1000</defaultValue> + </leafNode> + <leafNode name="max-retry"> + <properties> + <help>Maximum connection retry interval</help> + <valueHelp> + <format>u32:100-4294967295</format> + <description>Maximum connection retry interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-86400000"/> + </constraint> + </properties> + <defaultValue>2000</defaultValue> + </leafNode> + <leafNode name="mirror"> + <properties> + <help>Send BMP route mirroring messages</help> + <valueless/> + </properties> + </leafNode> + <node name="monitor"> + <properties> + <help>Send BMP route monitoring messages</help> + </properties> + <children> + <node name="ipv4-unicast"> + <properties> + <help>Address family IPv4 unicast</help> + </properties> + <children> + #include <include/bgp/bmp-monitor-afi-policy.xml.i> + </children> + </node> + <node name="ipv6-unicast"> + <properties> + <help>Address family IPv6 unicast</help> + </properties> + <children> + #include <include/bgp/bmp-monitor-afi-policy.xml.i> + </children> + </node> + </children> + </node> + </children> + </tagNode> + </children> +</node> +<tagNode name="interface"> + <properties> + <help>Configure interface related parameters, e.g. MPLS</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <node name="mpls"> + <properties> + <help>MPLS options</help> + </properties> + <children> + <leafNode name="forwarding"> + <properties> + <help>Enable MPLS forwarding for eBGP directly connected peers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<node name="listen"> + <properties> + <help>Listen for and accept BGP dynamic neighbors from range</help> + </properties> + <children> + <leafNode name="limit"> + <properties> + <help>Maximum number of dynamic neighbors that can be created</help> + <valueHelp> + <format>u32:1-5000</format> + <description>BGP neighbor limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-5000"/> + </constraint> + </properties> + </leafNode> + <tagNode name="range"> + <properties> + <help>BGP dynamic neighbors listen range</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 dynamic neighbors listen range</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 dynamic neighbors listen range</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp/peer-group.xml.i> + </children> + </tagNode> + </children> +</node> +<leafNode name="system-as"> + <properties> + <help>Autonomous System Number (ASN)</help> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Autonomous System Number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> +</leafNode> +<tagNode name="neighbor"> + <properties> + <help>BGP neighbor</help> + <valueHelp> + <format>ipv4</format> + <description>BGP neighbor IP address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>BGP neighbor IPv6 address</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <node name="address-family"> + <properties> + <help>Address-family parameters</help> + </properties> + <children> + #include <include/bgp/neighbor-afi-ipv4-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv4-vpn.xml.i> + #include <include/bgp/neighbor-afi-ipv6-vpn.xml.i> + #include <include/bgp/neighbor-afi-ipv4-flowspec.xml.i> + #include <include/bgp/neighbor-afi-ipv6-flowspec.xml.i> + #include <include/bgp/neighbor-afi-ipv4-multicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-multicast.xml.i> + #include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i> + </children> + </node> + <leafNode name="advertisement-interval"> + <properties> + <help>Minimum interval for sending routing updates</help> + <valueHelp> + <format>u32:0-600</format> + <description>Advertisement interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + </properties> + </leafNode> + #include <include/generic-description.xml.i> + #include <include/bgp/neighbor-bfd.xml.i> + #include <include/bgp/neighbor-capability.xml.i> + #include <include/bgp/neighbor-disable-capability-negotiation.xml.i> + #include <include/bgp/neighbor-disable-connected-check.xml.i> + #include <include/bgp/neighbor-ebgp-multihop.xml.i> + #include <include/bgp/neighbor-graceful-restart.xml.i> + <node name="interface"> + <properties> + <help>Interface parameters</help> + </properties> + <children> + #include <include/bgp/peer-group.xml.i> + #include <include/bgp/remote-as.xml.i> + #include <include/source-interface.xml.i> + <node name="v6only"> + <properties> + <help>Enable BGP with v6 link-local only</help> + </properties> + <children> + #include <include/bgp/peer-group.xml.i> + #include <include/bgp/remote-as.xml.i> + </children> + </node> + </children> + </node> + #include <include/bgp/neighbor-local-as.xml.i> + #include <include/bgp/neighbor-local-role.xml.i> + #include <include/bgp/neighbor-override-capability.xml.i> + #include <include/bgp/neighbor-path-attribute.xml.i> + #include <include/bgp/neighbor-passive.xml.i> + #include <include/bgp/neighbor-password.xml.i> + #include <include/bgp/peer-group.xml.i> + #include <include/bgp/remote-as.xml.i> + #include <include/bgp/neighbor-shutdown.xml.i> + <leafNode name="solo"> + <properties> + <help>Do not send back prefixes learned from the neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="enforce-first-as"> + <properties> + <help>Ensure the first AS in the AS path matches the peer AS</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="strict-capability-match"> + <properties> + <help>Enable strict capability negotiation</help> + <valueless/> + </properties> + </leafNode> + <node name="timers"> + <properties> + <help>Neighbor timers</help> + </properties> + <children> + <leafNode name="connect"> + <properties> + <help>BGP connect timer for this neighbor</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Connect timer in seconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Disable connect timer</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + #include <include/bgp/timers-holdtime.xml.i> + #include <include/bgp/timers-keepalive.xml.i> + </children> + </node> + #include <include/bgp/neighbor-ttl-security.xml.i> + #include <include/bgp/neighbor-update-source.xml.i> + #include <include/port-number.xml.i> + </children> +</tagNode> +<node name="parameters"> + <properties> + <help>BGP parameters</help> + </properties> + <children> + <leafNode name="allow-martian-nexthop"> + <properties> + <help>Allow Martian nexthops to be received in the NLRI from a peer</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-ebgp-connected-route-check"> + <properties> + <help>Disable checking if nexthop is connected on eBGP session</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="always-compare-med"> + <properties> + <help>Always compare MEDs from different neighbors</help> + <valueless/> + </properties> + </leafNode> + <node name="bestpath"> + <properties> + <help>Default bestpath selection mechanism</help> + </properties> + <children> + <node name="as-path"> + <properties> + <help>AS-path attribute comparison parameters</help> + </properties> + <children> + <leafNode name="confed"> + <properties> + <help>Compare AS-path lengths including confederation sets and sequences</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ignore"> + <properties> + <help>Ignore AS-path length in selecting a route</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="multipath-relax"> + <properties> + <help>Allow load sharing across routes that have different AS paths (but same length)</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="bandwidth"> + <properties> + <help>Link Bandwidth attribute</help> + <completionHelp> + <list>default-weight-for-missing ignore skip-missing</list> + </completionHelp> + <valueHelp> + <format>default-weight-for-missing</format> + <description>Assign low default weight (1) to paths not having link bandwidth</description> + </valueHelp> + <valueHelp> + <format>ignore</format> + <description>Ignore link bandwidth (do regular ECMP, not weighted)</description> + </valueHelp> + <valueHelp> + <format>skip-missing</format> + <description>Ignore paths without link bandwidth for ECMP (if other paths have it)</description> + </valueHelp> + <constraint> + <regex>(default-weight-for-missing|ignore|skip-missing)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="compare-routerid"> + <properties> + <help>Compare the router-id for identical EBGP paths</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="med"> + <properties> + <help>MED attribute comparison parameters</help> + <completionHelp> + <list>confed missing-as-worst</list> + </completionHelp> + <valueHelp> + <format>confed</format> + <description>Compare MEDs among confederation paths</description> + </valueHelp> + <valueHelp> + <format>missing-as-worst</format> + <description>Treat missing route as a MED as the least preferred one</description> + </valueHelp> + <constraint> + <regex>(confed|missing-as-worst)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="peer-type"> + <properties> + <help>Peer type</help> + </properties> + <children> + <leafNode name="multipath-relax"> + <properties> + <help>Allow load sharing across routes learned from different peer types</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="cluster-id"> + <properties> + <help>Route-reflector cluster-id</help> + <valueHelp> + <format>ipv4</format> + <description>Route-reflector cluster-id</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <node name="confederation"> + <properties> + <help>AS confederation parameters</help> + </properties> + <children> + <leafNode name="identifier"> + <properties> + <help>Confederation AS identifier</help> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Confederation AS id</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="peers"> + <properties> + <help>Peer ASs in the BGP confederation</help> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Peer AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="conditional-advertisement"> + <properties> + <help>Conditional advertisement settings</help> + </properties> + <children> + <leafNode name="timer"> + <properties> + <help>Set period to rescan BGP table to check if condition is met</help> + <valueHelp> + <format>u32:5-240</format> + <description>Period to rerun the conditional advertisement scanner process</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-240"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + </children> + </node> + <node name="dampening"> + <properties> + <help>Enable route-flap dampening</help> + </properties> + <children> + <leafNode name="half-life"> + <properties> + <help>Half-life time for dampening</help> + <valueHelp> + <format>u32:1-45</format> + <description>Half-life penalty in minutes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-45"/> + </constraint> + </properties> + </leafNode> + <leafNode name="max-suppress-time"> + <properties> + <help>Maximum duration to suppress a stable route</help> + <valueHelp> + <format>u32:1-255</format> + <description>Maximum suppress duration in minutes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="re-use"> + <properties> + <help>Threshold to start reusing a route</help> + <valueHelp> + <format>u32:1-20000</format> + <description>Re-use penalty points</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="start-suppress-time"> + <properties> + <help>When to start suppressing a route</help> + <valueHelp> + <format>u32:1-20000</format> + <description>Start-suppress penalty points</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="default"> + <properties> + <help>BGP defaults</help> + </properties> + <children> + <leafNode name="local-pref"> + <properties> + <help>Default local preference</help> + <valueHelp> + <format>u32</format> + <description>Local preference</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="deterministic-med"> + <properties> + <help>Compare MEDs between different peers in the same AS</help> + <valueless/> + </properties> + </leafNode> + <node name="distance"> + <properties> + <help>Administratives distances for BGP routes</help> + </properties> + <children> + <node name="global"> + <properties> + <help>Global administratives distances for BGP routes</help> + </properties> + <children> + <leafNode name="external"> + <properties> + <help>Administrative distance for external BGP routes</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="internal"> + <properties> + <help>Administrative distance for internal BGP routes</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for internal BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="local"> + <properties> + <help>Administrative distance for local BGP routes</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for internal BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <tagNode name="prefix"> + <properties> + <help>Administrative distance for a specific BGP prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Administrative distance for a specific BGP prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Administrative distance for prefix</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="ebgp-requires-policy"> + <properties> + <help>Require in and out policy for eBGP peers (RFC8212)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="fast-convergence"> + <properties> + <help>Teardown sessions immediately whenever peer becomes unreachable</help> + <valueless/> + </properties> + </leafNode> + <node name="graceful-restart"> + <properties> + <help>Graceful restart capability parameters</help> + </properties> + <children> + <leafNode name="stalepath-time"> + <properties> + <help>Maximum time to hold onto restarting neighbors stale paths</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Hold time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="graceful-shutdown"> + <properties> + <help>Graceful shutdown</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-hard-administrative-reset"> + <properties> + <help>Do not send hard reset CEASE Notification for 'Administrative Reset'</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="labeled-unicast"> + <properties> + <help>BGP Labeled-unicast options</help> + <completionHelp> + <list>explicit-null ipv4-explicit-null ipv6-explicit-null</list> + </completionHelp> + <valueHelp> + <format>explicit-null</format> + <description>Use explicit-null label values for all local prefixes</description> + </valueHelp> + <valueHelp> + <format>ipv4-explicit-null</format> + <description>Use IPv4 explicit-null label value for IPv4 local prefixes</description> + </valueHelp> + <valueHelp> + <format>ipv6-explicit-null</format> + <description>Use IPv6 explicit-null label value for IPv4 local prefixes</description> + </valueHelp> + <constraint> + <regex>(explicit-null|ipv4-explicit-null|ipv6-explicit-null)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="log-neighbor-changes"> + <properties> + <help>Log neighbor up/down changes and reset reason</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="minimum-holdtime"> + <properties> + <help>BGP minimum holdtime</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Minimum holdtime in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="network-import-check"> + <properties> + <help>Enable IGP route check for network statements</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="route-reflector-allow-outbound-policy"> + <properties> + <help>Route reflector client allow policy outbound</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-client-to-client-reflection"> + <properties> + <help>Disable client to client route reflection</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-fast-external-failover"> + <properties> + <help>Disable immediate session reset on peer link down event</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-suppress-duplicates"> + <properties> + <help>Disable suppress duplicate updates if the route actually not changed</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="reject-as-sets"> + <properties> + <help>Reject routes with AS_SET or AS_CONFED_SET flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="shutdown"> + <properties> + <help>Administrative shutdown of the BGP instance</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="suppress-fib-pending"> + <properties> + <help>Advertise only routes that are programmed in kernel to peers</help> + <valueless/> + </properties> + </leafNode> + #include <include/router-id.xml.i> + <node name="tcp-keepalive"> + <properties> + <help>TCP keepalive parameters</help> + </properties> + <children> + <leafNode name="idle"> + <properties> + <help>TCP keepalive idle time</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Idle time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interval"> + <properties> + <help>TCP keepalive interval</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="probes"> + <properties> + <help>TCP keepalive maximum probes</help> + <valueHelp> + <format>u32:1-30</format> + <description>Maximum probes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-30"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<tagNode name="peer-group"> + <properties> + <help>Name of peer-group</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + </properties> + <children> + <node name="address-family"> + <properties> + <help>Address-family parameters</help> + </properties> + <children> + #include <include/bgp/neighbor-afi-ipv4-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv4-vpn.xml.i> + #include <include/bgp/neighbor-afi-ipv6-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-vpn.xml.i> + #include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i> + </children> + </node> + #include <include/generic-description.xml.i> + #include <include/bgp/neighbor-bfd.xml.i> + #include <include/bgp/neighbor-capability.xml.i> + #include <include/bgp/neighbor-disable-capability-negotiation.xml.i> + #include <include/bgp/neighbor-disable-connected-check.xml.i> + #include <include/bgp/neighbor-ebgp-multihop.xml.i> + #include <include/bgp/neighbor-graceful-restart.xml.i> + #include <include/bgp/neighbor-graceful-restart.xml.i> + #include <include/bgp/neighbor-local-as.xml.i> + #include <include/bgp/neighbor-local-role.xml.i> + #include <include/bgp/neighbor-override-capability.xml.i> + #include <include/bgp/neighbor-path-attribute.xml.i> + #include <include/bgp/neighbor-passive.xml.i> + #include <include/bgp/neighbor-password.xml.i> + #include <include/bgp/neighbor-shutdown.xml.i> + #include <include/bgp/neighbor-ttl-security.xml.i> + #include <include/bgp/neighbor-update-source.xml.i> + #include <include/bgp/remote-as.xml.i> + #include <include/port-number.xml.i> + </children> +</tagNode> +<node name="srv6"> + <properties> + <help>Segment-Routing SRv6 configuration</help> + </properties> + <children> + <leafNode name="locator"> + <properties> + <help>Specify SRv6 locator</help> + <valueHelp> + <format>txt</format> + <description>SRv6 locator name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="sid"> + <properties> + <help>SID value for VRF</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current VRF and VPN</help> + </properties> + <children> + <node name="per-vrf"> + <properties> + <help>SID per-VRF (both IPv4 and IPv6 address families)</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current VRF to VPN</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>u32:1-1048575</format> + <description>SID allocation index</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Automatically assign a label</description> + </valueHelp> + <constraint> + <regex>auto</regex> + <validator name="numeric" argument="--range 1-1048575"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +<node name="timers"> + <properties> + <help>BGP protocol timers</help> + </properties> + <children> + #include <include/bgp/timers-holdtime.xml.i> + #include <include/bgp/timers-keepalive.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/remote-as.xml.i b/interface-definitions/include/bgp/remote-as.xml.i new file mode 100644 index 0000000..79d3b95 --- /dev/null +++ b/interface-definitions/include/bgp/remote-as.xml.i @@ -0,0 +1,27 @@ +<!-- include start from bgp/remote-as.xml.i --> +<leafNode name="remote-as"> + <properties> + <help>Neighbor BGP AS number</help> + <completionHelp> + <list>external internal</list> + </completionHelp> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Neighbor AS number</description> + </valueHelp> + <valueHelp> + <format>external</format> + <description>Any AS different from the local AS</description> + </valueHelp> + <valueHelp> + <format>internal</format> + <description>Neighbor AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + <regex>(external|internal)</regex> + </constraint> + <constraintErrorMessage>Invalid AS number</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/route-distinguisher.xml.i b/interface-definitions/include/bgp/route-distinguisher.xml.i new file mode 100644 index 0000000..8bc5b45 --- /dev/null +++ b/interface-definitions/include/bgp/route-distinguisher.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/route-distinguisher.xml.i --> +<leafNode name="rd"> + <properties> + <help>Route Distinguisher</help> + <valueHelp> + <format>ASN:NN_OR_IP-ADDRESS:NN</format> + <description>Route Distinguisher, (x.x.x.x:yyy|xxxx:yyyy)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-distinguisher"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/timers-holdtime.xml.i b/interface-definitions/include/bgp/timers-holdtime.xml.i new file mode 100644 index 0000000..31e97f6 --- /dev/null +++ b/interface-definitions/include/bgp/timers-holdtime.xml.i @@ -0,0 +1,18 @@ +<!-- include start from bgp/timers-holdtime.xml.i --> +<leafNode name="holdtime"> + <properties> + <help>Hold timer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Hold timer in seconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Disable hold timer</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/timers-keepalive.xml.i b/interface-definitions/include/bgp/timers-keepalive.xml.i new file mode 100644 index 0000000..b23f96e --- /dev/null +++ b/interface-definitions/include/bgp/timers-keepalive.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/timers-keepalive.xml.i --> +<leafNode name="keepalive"> + <properties> + <help>BGP keepalive interval for this neighbor</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Keepalive interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i new file mode 100644 index 0000000..3cde2a4 --- /dev/null +++ b/interface-definitions/include/certificate-ca.xml.i @@ -0,0 +1,14 @@ +<!-- include start from certificate-ca.xml.i --> +<leafNode name="ca-cert-file"> + <properties> + <help>Certificate Authority in x509 PEM format</help> + <valueHelp> + <format>filename</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-path" argument="--strict --parent-dir /config/auth"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i new file mode 100644 index 0000000..2c4d81f --- /dev/null +++ b/interface-definitions/include/certificate-key.xml.i @@ -0,0 +1,14 @@ +<!-- include start from certificate-key.xml.i --> +<leafNode name="key-file"> + <properties> + <help>Certificate private key in x509 PEM format</help> + <valueHelp> + <format>filename</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-path" argument="--strict --parent-dir /config/auth"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i new file mode 100644 index 0000000..6a5b293 --- /dev/null +++ b/interface-definitions/include/certificate.xml.i @@ -0,0 +1,14 @@ +<!-- include start from certificate.xml.i --> +<leafNode name="cert-file"> + <properties> + <help>Certificate public key in x509 PEM format</help> + <valueHelp> + <format>filename</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-path" argument="--strict --parent-dir /config/auth"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/conntrack/log-protocols.xml.i b/interface-definitions/include/conntrack/log-protocols.xml.i new file mode 100644 index 0000000..0192507 --- /dev/null +++ b/interface-definitions/include/conntrack/log-protocols.xml.i @@ -0,0 +1,26 @@ +<!-- include start from conntrack/log-protocols.xml.i --> +<leafNode name="icmp"> + <properties> + <help>Log connection tracking events for ICMP</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="other"> + <properties> + <help>Log connection tracking events for all protocols other than TCP, UDP and ICMP</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="tcp"> + <properties> + <help>Log connection tracking events for TCP</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="udp"> + <properties> + <help>Log connection tracking events for UDP</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i new file mode 100644 index 0000000..e6bff7e --- /dev/null +++ b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i @@ -0,0 +1,136 @@ +<!-- include start from conntrack/timeout-custom-protocols.xml.i --> +<node name="tcp"> + <properties> + <help>TCP connection timeout options</help> + </properties> + <children> + <leafNode name="close-wait"> + <properties> + <help>TCP CLOSE-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="close"> + <properties> + <help>TCP CLOSE timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="established"> + <properties> + <help>TCP ESTABLISHED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP ESTABLISHED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="fin-wait"> + <properties> + <help>TCP FIN-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP FIN-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="last-ack"> + <properties> + <help>TCP LAST-ACK timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP LAST-ACK timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="syn-recv"> + <properties> + <help>TCP SYN-RECEIVED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-RECEIVED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="syn-sent"> + <properties> + <help>TCP SYN-SENT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-SENT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time-wait"> + <properties> + <help>TCP TIME-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP TIME-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="udp"> + <properties> + <help>UDP timeout options</help> + </properties> + <children> + <leafNode name="replied"> + <properties> + <help>Timeout for UDP connection seen in both directions</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>Timeout for UDP connection seen in both directions</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="unreplied"> + <properties> + <help>Timeout for unreplied UDP</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>Timeout for unreplied UDP</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i new file mode 100644 index 0000000..34c94e5 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/alpha-numeric-hyphen-underscore-dot.xml.i --> +<regex>[-_a-zA-Z0-9][\w\-\.\+]*</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i new file mode 100644 index 0000000..399f2e1 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/alpha-numeric-hyphen-underscore.xml.i --> +<regex>[-_a-zA-Z0-9]+</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/container-network.xml.i b/interface-definitions/include/constraint/container-network.xml.i new file mode 100644 index 0000000..6f0f06d --- /dev/null +++ b/interface-definitions/include/constraint/container-network.xml.i @@ -0,0 +1,6 @@ +<!-- include start from constraint/container-network.xml.i --> +<constraint> + <regex>[-_a-zA-Z0-9]{1,11}</regex> +</constraint> +<constraintErrorMessage>Network name cannot be longer than 11 characters</constraintErrorMessage> +<!-- include end --> diff --git a/interface-definitions/include/constraint/dhcp-client-string-option.xml.i b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i new file mode 100644 index 0000000..0e3fb8a --- /dev/null +++ b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/dhcp-client-string-option.xml.i --> +<regex>[-_a-zA-Z0-9.\s]+</regex> +<regex>([a-fA-F0-9][a-fA-F0-9]:){2,}[a-fA-F0-9][a-fA-F0-9]</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/email.xml.i b/interface-definitions/include/constraint/email.xml.i new file mode 100644 index 0000000..b19a88d --- /dev/null +++ b/interface-definitions/include/constraint/email.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/email.xml.i --> +<regex>[^\s@]+@([^\s@.,]+\.)+[^\s@.,]{2,}</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/host-name.xml.i b/interface-definitions/include/constraint/host-name.xml.i new file mode 100644 index 0000000..5943772 --- /dev/null +++ b/interface-definitions/include/constraint/host-name.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/host-name.xml.i --> +<regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i new file mode 100644 index 0000000..adff530 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/interface-name-with-wildcard.xml.i --> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|lo</regex> +<validator name="file-path --lookup-path /sys/class/net --directory"/> +<!-- include end --> diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i new file mode 100644 index 0000000..3e7c4e6 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/interface-name.xml.i --> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> +<validator name="file-path --lookup-path /sys/class/net --directory"/> +<!-- include end --> diff --git a/interface-definitions/include/constraint/login-username.xml.i b/interface-definitions/include/constraint/login-username.xml.i new file mode 100644 index 0000000..09a68b7 --- /dev/null +++ b/interface-definitions/include/constraint/login-username.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/login-username.xml.i --> +<regex>[-_a-zA-Z0-9.]{1,100}</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/vrf.xml.i b/interface-definitions/include/constraint/vrf.xml.i new file mode 100644 index 0000000..a1922bb --- /dev/null +++ b/interface-definitions/include/constraint/vrf.xml.i @@ -0,0 +1,6 @@ +<!-- include start from constraint/vrf.xml.i --> +<constraint> + <validator name="vrf-name"/> +</constraint> +<constraintErrorMessage>VRF instance name must be 15 characters or less and can not\nbe named as regular network interfaces.\nA name must starts from a letter.\n</constraintErrorMessage> +<!-- include end --> diff --git a/interface-definitions/include/dhcp-interface-multi.xml.i b/interface-definitions/include/dhcp-interface-multi.xml.i new file mode 100644 index 0000000..0db11cf --- /dev/null +++ b/interface-definitions/include/dhcp-interface-multi.xml.i @@ -0,0 +1,18 @@ +<!-- include start from dhcp-interface-multi.xml.i --> +<leafNode name="dhcp-interface"> + <properties> + <help>DHCP interface supplying next-hop IP address</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>DHCP interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/dhcp-interface.xml.i b/interface-definitions/include/dhcp-interface.xml.i new file mode 100644 index 0000000..b5c94cb --- /dev/null +++ b/interface-definitions/include/dhcp-interface.xml.i @@ -0,0 +1,15 @@ + <leafNode name="dhcp-interface"> + <properties> + <help>DHCP interface supplying next-hop IP address</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>DHCP interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> diff --git a/interface-definitions/include/dhcp/captive-portal.xml.i b/interface-definitions/include/dhcp/captive-portal.xml.i new file mode 100644 index 0000000..643f055 --- /dev/null +++ b/interface-definitions/include/dhcp/captive-portal.xml.i @@ -0,0 +1,11 @@ +<!-- include start from dhcp/captive-portal.xml.i --> +<leafNode name="captive-portal"> + <properties> + <help>Captive portal API endpoint</help> + <valueHelp> + <format>txt</format> + <description>Captive portal API endpoint</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/domain-name.xml.i b/interface-definitions/include/dhcp/domain-name.xml.i new file mode 100644 index 0000000..410e27d --- /dev/null +++ b/interface-definitions/include/dhcp/domain-name.xml.i @@ -0,0 +1,11 @@ +<!-- include start from dhcp/domain-name.xml.i --> +<leafNode name="domain-name"> + <properties> + <help>Client Domain Name</help> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/domain-search.xml.i b/interface-definitions/include/dhcp/domain-search.xml.i new file mode 100644 index 0000000..bcc8fcd --- /dev/null +++ b/interface-definitions/include/dhcp/domain-search.xml.i @@ -0,0 +1,12 @@ +<!-- include start from dhcp/domain-search.xml.i --> +<leafNode name="domain-search"> + <properties> + <help>Client Domain Name search list</help> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers, period, and underscore.</constraintErrorMessage> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/ntp-server.xml.i b/interface-definitions/include/dhcp/ntp-server.xml.i new file mode 100644 index 0000000..4d7235a --- /dev/null +++ b/interface-definitions/include/dhcp/ntp-server.xml.i @@ -0,0 +1,15 @@ +<!-- include start from dhcp/ntp-server.xml.i --> +<leafNode name="ntp-server"> + <properties> + <help>IP address of NTP server</help> + <valueHelp> + <format>ipv4</format> + <description>NTP server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/option-v4.xml.i b/interface-definitions/include/dhcp/option-v4.xml.i new file mode 100644 index 0000000..bd6fc60 --- /dev/null +++ b/interface-definitions/include/dhcp/option-v4.xml.i @@ -0,0 +1,257 @@ +<!-- include start from dhcp/option-v4.xml.i --> +<node name="option"> + <properties> + <help>DHCP option</help> + </properties> + <children> + #include <include/dhcp/captive-portal.xml.i> + #include <include/dhcp/domain-name.xml.i> + #include <include/dhcp/domain-search.xml.i> + #include <include/dhcp/ntp-server.xml.i> + #include <include/name-server-ipv4.xml.i> + <leafNode name="bootfile-name"> + <properties> + <help>Bootstrap file name</help> + <constraint> + <regex>[[:ascii:]]{1,253}</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="bootfile-server"> + <properties> + <help>Server from which the initial boot file is to be loaded</help> + <valueHelp> + <format>ipv4</format> + <description>Bootfile server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Bootfile server FQDN</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + <leafNode name="bootfile-size"> + <properties> + <help>Bootstrap file size</help> + <valueHelp> + <format>u32:1-16</format> + <description>Bootstrap file size in 512 byte blocks</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> + </leafNode> + <leafNode name="client-prefix-length"> + <properties> + <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help> + <valueHelp> + <format>u32:0-32</format> + <description>DHCP client prefix length must be 0 to 32</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-32"/> + </constraint> + <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="default-router"> + <properties> + <help>IP address of default router</help> + <valueHelp> + <format>ipv4</format> + <description>Default router IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ip-forwarding"> + <properties> + <help>Enable IP forwarding on client</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv6-only-preferred"> + <properties> + <help>Disable IPv4 on IPv6 only hosts (RFC 8925)</help> + <valueHelp> + <format>u32</format> + <description>Seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="pop-server"> + <properties> + <help>IP address of POP3 server</help> + <valueHelp> + <format>ipv4</format> + <description>POP3 server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="server-identifier"> + <properties> + <help>Address for DHCP server identifier</help> + <valueHelp> + <format>ipv4</format> + <description>DHCP server identifier IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="smtp-server"> + <properties> + <help>IP address of SMTP server</help> + <valueHelp> + <format>ipv4</format> + <description>SMTP server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="static-route"> + <properties> + <help>Classless static route destination subnet</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="next-hop"> + <properties> + <help>IP address of router to be used to reach the destination subnet</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of router</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode > + <leafNode name="tftp-server-name"> + <properties> + <help>TFTP server name</help> + <valueHelp> + <format>ipv4</format> + <description>TFTP server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>TFTP server FQDN</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time-offset"> + <properties> + <help>Client subnet offset in seconds from Coordinated Universal Time (UTC)</help> + <valueHelp> + <format>[-]N</format> + <description>Time offset (number, may be negative)</description> + </valueHelp> + <constraint> + <regex>-?[0-9]+</regex> + </constraint> + <constraintErrorMessage>Invalid time offset value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="time-server"> + <properties> + <help>IP address of time server</help> + <valueHelp> + <format>ipv4</format> + <description>Time server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="time-zone"> + <properties> + <help>Time zone to send to clients. Uses RFC4833 options 100 and 101</help> + <completionHelp> + <script>timedatectl list-timezones</script> + </completionHelp> + <constraint> + <validator name="timezone" argument="--validate"/> + </constraint> + </properties> + </leafNode> + <node name="vendor-option"> + <properties> + <help>Vendor Specific Options</help> + </properties> + <children> + <node name="ubiquiti"> + <properties> + <help>Ubiquiti specific parameters</help> + </properties> + <children> + <leafNode name="unifi-controller"> + <properties> + <help>Address of UniFi controller</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of UniFi controller</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="wins-server"> + <properties> + <help>IP address for Windows Internet Name Service (WINS) server</help> + <valueHelp> + <format>ipv4</format> + <description>WINS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="wpad-url"> + <properties> + <help>Web Proxy Autodiscovery (WPAD) URL</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/option-v6.xml.i b/interface-definitions/include/dhcp/option-v6.xml.i new file mode 100644 index 0000000..e1897f5 --- /dev/null +++ b/interface-definitions/include/dhcp/option-v6.xml.i @@ -0,0 +1,122 @@ +<!-- include start from dhcp/option-v6.xml.i --> +<node name="option"> + <properties> + <help>DHCPv6 option</help> + </properties> + <children> + #include <include/dhcp/captive-portal.xml.i> + #include <include/dhcp/domain-search.xml.i> + #include <include/name-server-ipv6.xml.i> + <leafNode name="nis-domain"> + <properties> + <help>NIS domain name for client to use</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nis-server"> + <properties> + <help>IPv6 address of a NIS Server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of NIS server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="nisplus-domain"> + <properties> + <help>NIS+ domain name for client to use</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nisplus-server"> + <properties> + <help>IPv6 address of a NIS+ Server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of NIS+ server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="sip-server"> + <properties> + <help>IPv6 address of SIP server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of SIP server</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>FQDN of SIP server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="sntp-server"> + <properties> + <help>IPv6 address of an SNTP server for client to use</help> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="info-refresh-time"> + <properties> + <help>Time (in seconds) that stateless clients should wait between refreshing the information they were given</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>DHCPv6 information refresh time</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <node name="vendor-option"> + <properties> + <help>Vendor Specific Options</help> + </properties> + <children> + <node name="cisco"> + <properties> + <help>Cisco specific parameters</help> + </properties> + <children> + <leafNode name="tftp-server"> + <properties> + <help>TFTP server name</help> + <valueHelp> + <format>ipv6</format> + <description>TFTP server IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/dns/time-to-live.xml.i b/interface-definitions/include/dns/time-to-live.xml.i new file mode 100644 index 0000000..000eea1 --- /dev/null +++ b/interface-definitions/include/dns/time-to-live.xml.i @@ -0,0 +1,14 @@ +<!-- include start from dns/time-to-live.xml.i --> +<leafNode name="ttl"> + <properties> + <help>Time-to-live (TTL)</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>TTL in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/eigrp/protocol-common-config.xml.i b/interface-definitions/include/eigrp/protocol-common-config.xml.i new file mode 100644 index 0000000..a8290f7 --- /dev/null +++ b/interface-definitions/include/eigrp/protocol-common-config.xml.i @@ -0,0 +1,125 @@ +<!-- include start from eigrp/protocol-common-config.xml.i --> +<leafNode name="system-as"> + <properties> + <help>Autonomous System Number (ASN)</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Autonomous System Number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<leafNode name="maximum-paths"> + <properties> + <help>Forward packets over multiple paths</help> + <valueHelp> + <format>u32:1-32</format> + <description>Number of paths</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-32"/> + </constraint> + </properties> +</leafNode> +<node name="metric"> + <properties> + <help>Modify metrics and parameters for advertisement</help> + </properties> + <children> + <leafNode name="weights"> + <properties> + <help>Modify metric coefficients</help> + <valueHelp> + <format>u32:0-255</format> + <description>K1</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="network"> + <properties> + <help>Enable routing on an IP network</help> + <valueHelp> + <format>ipv4net</format> + <description>EIGRP network prefix</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="passive-interface"> + <properties> + <help>Suppress routing updates on an interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="redistribute"> + <properties> + <help>Redistribute information from another routing protocol</help> + <valueHelp> + <format>bgp</format> + <description>Border Gateway Protocol (BGP)</description> + </valueHelp> + <valueHelp> + <format>connected</format> + <description>Connected routes</description> + </valueHelp> + <valueHelp> + <format>nhrp</format> + <description>Next Hop Resolution Protocol (NHRP)</description> + </valueHelp> + <valueHelp> + <format>ospf</format> + <description>Open Shortest Path First (OSPFv2)</description> + </valueHelp> + <valueHelp> + <format>rip</format> + <description>Routing Information Protocol (RIP)</description> + </valueHelp> + <valueHelp> + <format>babel</format> + <description>Babel routing protocol (Babel)</description> + </valueHelp> + <valueHelp> + <format>static</format> + <description>Statically configured routes</description> + </valueHelp> + <valueHelp> + <format>vnc</format> + <description>Virtual Network Control (VNC)</description> + </valueHelp> + <completionHelp> + <list>bgp connected nhrp ospf rip static vnc</list> + </completionHelp> + <constraint> + <regex>(bgp|connected|nhrp|ospf|rip|babel|static|vnc)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +#include <include/router-id.xml.i> +<!-- FRR error: active time not implemented yet --> +<leafNode name="variance"> + <properties> + <help>Control load balancing variance</help> + <valueHelp> + <format>u32:1-128</format> + <description>Metric variance multiplier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-128"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action-accept-drop-reject.xml.i b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i new file mode 100644 index 0000000..7fd5231 --- /dev/null +++ b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i @@ -0,0 +1,25 @@ +<!-- include start from firewall/action-accept-drop-reject.xml.i --> +<leafNode name="action"> + <properties> + <help>Action for packets</help> + <completionHelp> + <list>accept drop reject</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Action to accept</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Action to drop</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Action to reject</description> + </valueHelp> + <constraint> + <regex>(accept|drop|reject)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action-and-notrack.xml.i b/interface-definitions/include/firewall/action-and-notrack.xml.i new file mode 100644 index 0000000..de11f7d --- /dev/null +++ b/interface-definitions/include/firewall/action-and-notrack.xml.i @@ -0,0 +1,45 @@ +<!-- include start from firewall/action-and-notrack.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept continue jump notrack reject return drop queue</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <valueHelp> + <format>notrack</format> + <description>Ignore connection tracking</description> + </valueHelp> + <constraint> + <regex>(accept|continue|jump|notrack|reject|return|drop|queue)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i new file mode 100644 index 0000000..4e59f3c --- /dev/null +++ b/interface-definitions/include/firewall/action-forward.xml.i @@ -0,0 +1,49 @@ +<!-- include start from firewall/action-forward.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept continue jump reject return drop queue offload synproxy</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <valueHelp> + <format>offload</format> + <description>Offload packet via flowtable</description> + </valueHelp> + <valueHelp> + <format>synproxy</format> + <description>Synproxy connections</description> + </valueHelp> + <constraint> + <regex>(accept|continue|jump|reject|return|drop|queue|offload|synproxy)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action-l2.xml.i b/interface-definitions/include/firewall/action-l2.xml.i new file mode 100644 index 0000000..84af576 --- /dev/null +++ b/interface-definitions/include/firewall/action-l2.xml.i @@ -0,0 +1,37 @@ +<!-- include start from firewall/action.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept continue jump return drop queue</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <constraint> + <regex>(accept|continue|jump|return|drop|queue)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i new file mode 100644 index 0000000..e1f0c6c --- /dev/null +++ b/interface-definitions/include/firewall/action.xml.i @@ -0,0 +1,49 @@ +<!-- include start from firewall/action.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept continue jump reject return drop queue offload synproxy</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <valueHelp> + <format>offload</format> + <description>Offload packet via flowtable</description> + </valueHelp> + <valueHelp> + <format>synproxy</format> + <description>Synproxy connections</description> + </valueHelp> + <constraint> + <regex>(accept|continue|jump|reject|return|drop|queue|offload|synproxy)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/add-addr-to-group-ipv4.xml.i b/interface-definitions/include/firewall/add-addr-to-group-ipv4.xml.i new file mode 100644 index 0000000..a47cadd --- /dev/null +++ b/interface-definitions/include/firewall/add-addr-to-group-ipv4.xml.i @@ -0,0 +1,25 @@ +<!-- include start from firewall/add-addr-to-group-ipv4.xml.i --> +<node name="add-address-to-group"> + <properties> + <help>Add ip address to dynamic address-group</help> + </properties> + <children> + <node name="source-address"> + <properties> + <help>Add source ip addresses to dynamic address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-address-groups.xml.i> + </children> + </node> + <node name="destination-address"> + <properties> + <help>Add destination ip addresses to dynamic address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-address-groups.xml.i> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/add-addr-to-group-ipv6.xml.i b/interface-definitions/include/firewall/add-addr-to-group-ipv6.xml.i new file mode 100644 index 0000000..2cb0774 --- /dev/null +++ b/interface-definitions/include/firewall/add-addr-to-group-ipv6.xml.i @@ -0,0 +1,25 @@ +<!-- include start from firewall/add-addr-to-group-ipv6.xml.i --> +<node name="add-address-to-group"> + <properties> + <help>Add ipv6 address to dynamic ipv6-address-group</help> + </properties> + <children> + <node name="source-address"> + <properties> + <help>Add source ipv6 addresses to dynamic ipv6-address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-ipv6-address-groups.xml.i> + </children> + </node> + <node name="destination-address"> + <properties> + <help>Add destination ipv6 addresses to dynamic ipv6-address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-ipv6-address-groups.xml.i> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i new file mode 100644 index 0000000..769761c --- /dev/null +++ b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/add-dynamic-address-groups.xml.i --> +<leafNode name="address-group"> + <properties> + <help>Dynamic address-group</help> + <completionHelp> + <path>firewall group dynamic-group address-group</path> + </completionHelp> + </properties> +</leafNode> +<leafNode name="timeout"> + <properties> + <help>Set timeout</help> + <valueHelp> + <format><number>s</format> + <description>Timeout value in seconds</description> + </valueHelp> + <valueHelp> + <format><number>m</format> + <description>Timeout value in minutes</description> + </valueHelp> + <valueHelp> + <format><number>h</format> + <description>Timeout value in hours</description> + </valueHelp> + <valueHelp> + <format><number>d</format> + <description>Timeout value in days</description> + </valueHelp> + <constraint> + <regex>\d+(s|m|h|d)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i new file mode 100644 index 0000000..7bd91c5 --- /dev/null +++ b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/add-dynamic-ipv6-address-groups.xml.i --> +<leafNode name="address-group"> + <properties> + <help>Dynamic ipv6-address-group</help> + <completionHelp> + <path>firewall group dynamic-group ipv6-address-group</path> + </completionHelp> + </properties> +</leafNode> +<leafNode name="timeout"> + <properties> + <help>Set timeout</help> + <valueHelp> + <format><number>s</format> + <description>Timeout value in seconds</description> + </valueHelp> + <valueHelp> + <format><number>m</format> + <description>Timeout value in minutes</description> + </valueHelp> + <valueHelp> + <format><number>h</format> + <description>Timeout value in hours</description> + </valueHelp> + <valueHelp> + <format><number>d</format> + <description>Timeout value in days</description> + </valueHelp> + <constraint> + <regex>\d+(s|m|h|d)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/address-inet.xml.i b/interface-definitions/include/firewall/address-inet.xml.i new file mode 100644 index 0000000..02ed8f6 --- /dev/null +++ b/interface-definitions/include/firewall/address-inet.xml.i @@ -0,0 +1,63 @@ +<!-- include start from firewall/address-inet.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv4range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Subnet to match</description> + </valueHelp> + <valueHelp> + <format>ipv6range</format> + <description>IP range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv6</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv6net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv6range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv4-range"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv4-range-exclude"/> + <validator name="ipv6"/> + <validator name="ipv6-exclude"/> + <validator name="ipv6-range"/> + <validator name="ipv6-range-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/address-ipv6.xml.i b/interface-definitions/include/firewall/address-ipv6.xml.i new file mode 100644 index 0000000..fa60c0c --- /dev/null +++ b/interface-definitions/include/firewall/address-ipv6.xml.i @@ -0,0 +1,37 @@ +<!-- include start from firewall/address-ipv6.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv6</format> + <description>IP address to match</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Subnet to match</description> + </valueHelp> + <valueHelp> + <format>ipv6range</format> + <description>IP range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv6</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv6net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv6range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv6"/> + <validator name="ipv6-exclude"/> + <validator name="ipv6-range"/> + <validator name="ipv6-range-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/address-mask-inet.xml.i b/interface-definitions/include/firewall/address-mask-inet.xml.i new file mode 100644 index 0000000..e2a5927 --- /dev/null +++ b/interface-definitions/include/firewall/address-mask-inet.xml.i @@ -0,0 +1,19 @@ +<!-- include start from firewall/address-mask-inet.xml.i --> +<leafNode name="address-mask"> + <properties> + <help>IP mask</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 mask to apply</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IP mask to apply</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6"/> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/address-mask-ipv6.xml.i b/interface-definitions/include/firewall/address-mask-ipv6.xml.i new file mode 100644 index 0000000..8c04832 --- /dev/null +++ b/interface-definitions/include/firewall/address-mask-ipv6.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/address-mask-ipv6.xml.i --> +<leafNode name="address-mask"> + <properties> + <help>IP mask</help> + <valueHelp> + <format>ipv6</format> + <description>IP mask to apply</description> + </valueHelp> + <constraint> + <validator name="ipv6"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/address-mask.xml.i b/interface-definitions/include/firewall/address-mask.xml.i new file mode 100644 index 0000000..7f6f17d --- /dev/null +++ b/interface-definitions/include/firewall/address-mask.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/address-mask.xml.i --> +<leafNode name="address-mask"> + <properties> + <help>IP mask</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 mask to apply</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/address.xml.i b/interface-definitions/include/firewall/address.xml.i new file mode 100644 index 0000000..2e1bde5 --- /dev/null +++ b/interface-definitions/include/firewall/address.xml.i @@ -0,0 +1,39 @@ +<!-- include start from firewall/address.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv4range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv4-range"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv4-range-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i new file mode 100644 index 0000000..9a2a829 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i @@ -0,0 +1,45 @@ +<!-- include start from firewall/bridge-custom-name.xml.i --> +<tagNode name="name"> + <properties> + <help>Bridge custom firewall</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall bridge name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>Bridge Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> + #include <include/firewall/connection-mark.xml.i> + #include <include/firewall/connection-status.xml.i> + #include <include/firewall/state.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i new file mode 100644 index 0000000..fcc9819 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/bridge-hook-forward.xml.i --> +<node name="forward"> + <properties> + <help>Bridge forward firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Bridge firewall forward filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>Bridge Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> + #include <include/firewall/connection-mark.xml.i> + #include <include/firewall/connection-status.xml.i> + #include <include/firewall/state.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-hook-input.xml.i b/interface-definitions/include/firewall/bridge-hook-input.xml.i new file mode 100644 index 0000000..f6a11f8 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-input.xml.i @@ -0,0 +1,40 @@ +<!-- include start from firewall/bridge-hook-input.xml.i --> +<node name="input"> + <properties> + <help>Bridge input firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Bridge firewall input filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>Bridge Firewall input filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> + #include <include/firewall/connection-mark.xml.i> + #include <include/firewall/connection-status.xml.i> + #include <include/firewall/state.xml.i> + #include <include/firewall/inbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-hook-output.xml.i b/interface-definitions/include/firewall/bridge-hook-output.xml.i new file mode 100644 index 0000000..38b8b08 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-output.xml.i @@ -0,0 +1,40 @@ +<!-- include start from firewall/bridge-hook-output.xml.i --> +<node name="output"> + <properties> + <help>Bridge output firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Bridge firewall output filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>Bridge Firewall output filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-l2.xml.i> + #include <include/firewall/connection-mark.xml.i> + #include <include/firewall/connection-status.xml.i> + #include <include/firewall/state.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i new file mode 100644 index 0000000..ea56764 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i @@ -0,0 +1,37 @@ +<!-- include start from firewall/bridge-hook-prerouting.xml.i --> +<node name="prerouting"> + <properties> + <help>Bridge prerouting firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Bridge firewall prerouting filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>Bridge firewall prerouting filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-bridge.xml.i> + #include <include/firewall/action-and-notrack.xml.i> + #include <include/firewall/inbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i new file mode 100644 index 0000000..80088bb --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -0,0 +1,55 @@ +<!-- include start from firewall/common-rule-bridge.xml.i --> +#include <include/generic-description.xml.i> +#include <include/generic-disable-node.xml.i> +#include <include/firewall/dscp.xml.i> +#include <include/firewall/firewall-mark.xml.i> +#include <include/firewall/fragment.xml.i> +#include <include/firewall/hop-limit.xml.i> +#include <include/firewall/icmp.xml.i> +#include <include/firewall/icmpv6.xml.i> +#include <include/firewall/limit.xml.i> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> +#include <include/firewall/match-ether-type.xml.i> +#include <include/firewall/match-ipsec.xml.i> +#include <include/firewall/match-vlan.xml.i> +#include <include/firewall/nft-queue.xml.i> +#include <include/firewall/packet-options.xml.i> +#include <include/firewall/protocol.xml.i> +#include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> +#include <include/firewall/time.xml.i> +#include <include/firewall/ttl.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/address-inet.xml.i> + #include <include/firewall/address-mask-inet.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-inet.xml.i> + </children> +</node> +<leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall bridge name</path> + </completionHelp> + </properties> +</leafNode> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/address-inet.xml.i> + #include <include/firewall/address-mask-inet.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-inet.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i new file mode 100644 index 0000000..e44938b --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -0,0 +1,24 @@ +<!-- include start from firewall/common-rule-inet.xml.i --> +#include <include/firewall/action.xml.i> +#include <include/firewall/conntrack-helper.xml.i> +#include <include/firewall/connection-mark.xml.i> +#include <include/firewall/connection-status.xml.i> +#include <include/generic-description.xml.i> +#include <include/generic-disable-node.xml.i> +#include <include/firewall/dscp.xml.i> +#include <include/firewall/fragment.xml.i> +#include <include/firewall/limit.xml.i> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> +#include <include/firewall/firewall-mark.xml.i> +#include <include/firewall/packet-options.xml.i> +#include <include/firewall/protocol.xml.i> +#include <include/firewall/nft-queue.xml.i> +#include <include/firewall/recent.xml.i> +#include <include/firewall/state.xml.i> +#include <include/firewall/synproxy.xml.i> +#include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> +#include <include/firewall/gre.xml.i> +#include <include/firewall/time.xml.i> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i new file mode 100644 index 0000000..e8da1a0 --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -0,0 +1,47 @@ +<!-- include start from firewall/common-rule-ipv4-raw.xml.i --> +#include <include/firewall/add-addr-to-group-ipv4.xml.i> +#include <include/firewall/action-and-notrack.xml.i> +#include <include/generic-description.xml.i> +#include <include/firewall/dscp.xml.i> +#include <include/firewall/fragment.xml.i> +#include <include/generic-disable-node.xml.i> +#include <include/firewall/icmp.xml.i> +#include <include/firewall/limit.xml.i> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> +#include <include/firewall/protocol.xml.i> +#include <include/firewall/nft-queue.xml.i> +#include <include/firewall/recent.xml.i> +#include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> +#include <include/firewall/time.xml.i> +#include <include/firewall/ttl.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> +</node> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i new file mode 100644 index 0000000..803b94b --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i @@ -0,0 +1,44 @@ +<!-- include start from firewall/common-rule-ipv4.xml.i --> +#include <include/firewall/add-addr-to-group-ipv4.xml.i> +#include <include/firewall/common-rule-inet.xml.i> +#include <include/firewall/icmp.xml.i> +#include <include/firewall/ttl.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/source-destination-dynamic-group.xml.i> + </children> +</node> +<leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> +</leafNode> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/source-destination-dynamic-group.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i new file mode 100644 index 0000000..3f7c5a0 --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i @@ -0,0 +1,49 @@ +<!-- include start from firewall/common-rule-ipv6-raw.xml.i --> +#include <include/firewall/add-addr-to-group-ipv6.xml.i> +#include <include/firewall/action-and-notrack.xml.i> +#include <include/generic-description.xml.i> +#include <include/firewall/dscp.xml.i> +#include <include/firewall/fragment.xml.i> +#include <include/generic-disable-node.xml.i> +#include <include/firewall/icmpv6.xml.i> +#include <include/firewall/limit.xml.i> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> +#include <include/firewall/protocol.xml.i> +#include <include/firewall/nft-queue.xml.i> +#include <include/firewall/recent.xml.i> +#include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> +#include <include/firewall/time.xml.i> +#include <include/firewall/hop-limit.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> + #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> + </children> +</node> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> + #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv6.xml.i b/interface-definitions/include/firewall/common-rule-ipv6.xml.i new file mode 100644 index 0000000..bb176fe --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv6.xml.i @@ -0,0 +1,44 @@ +<!-- include start from firewall/common-rule-ipv6.xml.i --> +#include <include/firewall/add-addr-to-group-ipv6.xml.i> +#include <include/firewall/common-rule-inet.xml.i> +#include <include/firewall/hop-limit.xml.i> +#include <include/firewall/icmpv6.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> + #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> + </children> +</node> +<leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> +</leafNode> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> + #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/connection-mark.xml.i b/interface-definitions/include/firewall/connection-mark.xml.i new file mode 100644 index 0000000..69f7fe6 --- /dev/null +++ b/interface-definitions/include/firewall/connection-mark.xml.i @@ -0,0 +1,15 @@ +<!-- include start from firewall/connection-mark.xml.i --> +<leafNode name="connection-mark"> + <properties> + <help>Connection mark</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>Connection-mark to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/connection-status.xml.i b/interface-definitions/include/firewall/connection-status.xml.i new file mode 100644 index 0000000..5236c2f --- /dev/null +++ b/interface-definitions/include/firewall/connection-status.xml.i @@ -0,0 +1,28 @@ +<!-- include start from firewall/connection-status.xml.i --> +<node name="connection-status"> + <properties> + <help>Connection status</help> + </properties> + <children> + <leafNode name="nat"> + <properties> + <help>NAT connection status</help> + <completionHelp> + <list>destination source</list> + </completionHelp> + <valueHelp> + <format>destination</format> + <description>Match connections that are subject to destination NAT</description> + </valueHelp> + <valueHelp> + <format>source</format> + <description>Match connections that are subject to source NAT</description> + </valueHelp> + <constraint> + <regex>(destination|source)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/conntrack-helper.xml.i b/interface-definitions/include/firewall/conntrack-helper.xml.i new file mode 100644 index 0000000..3ca1a03 --- /dev/null +++ b/interface-definitions/include/firewall/conntrack-helper.xml.i @@ -0,0 +1,46 @@ +<!-- include start from firewall/conntrack-helper.xml.i --> +<leafNode name="conntrack-helper"> + <properties> + <help>Match related traffic from conntrack helpers</help> + <completionHelp> + <list>ftp h323 pptp nfs sip tftp sqlnet</list> + </completionHelp> + <valueHelp> + <format>ftp</format> + <description>Related traffic from FTP helper</description> + </valueHelp> + <valueHelp> + <format>h323</format> + <description>Related traffic from H.323 helper</description> + </valueHelp> + <valueHelp> + <format>pptp</format> + <description>Related traffic from PPTP helper</description> + </valueHelp> + <valueHelp> + <format>nfs</format> + <description>Related traffic from NFS helper</description> + </valueHelp> + <valueHelp> + <format>rtsp</format> + <description>Related traffic from RTSP helper</description> + </valueHelp> + <valueHelp> + <format>sip</format> + <description>Related traffic from SIP helper</description> + </valueHelp> + <valueHelp> + <format>tftp</format> + <description>Related traffic from TFTP helper</description> + </valueHelp> + <valueHelp> + <format>sqlnet</format> + <description>Related traffic from SQLNet helper</description> + </valueHelp> + <constraint> + <regex>(ftp|h323|pptp|nfs|rtsp|sip|tftp|sqlnet)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/default-action-base-chains.xml.i b/interface-definitions/include/firewall/default-action-base-chains.xml.i new file mode 100644 index 0000000..aa62abf --- /dev/null +++ b/interface-definitions/include/firewall/default-action-base-chains.xml.i @@ -0,0 +1,22 @@ +<!-- include start from firewall/default-action-base-chains.xml.i --> +<leafNode name="default-action"> + <properties> + <help>Default-action for rule-set</help> + <completionHelp> + <list>drop accept</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>accept</format> + <description>Accept if no prior rules are hit</description> + </valueHelp> + <constraint> + <regex>(drop|accept)</regex> + </constraint> + </properties> + <defaultValue>accept</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/default-action-bridge.xml.i b/interface-definitions/include/firewall/default-action-bridge.xml.i new file mode 100644 index 0000000..858c7ae --- /dev/null +++ b/interface-definitions/include/firewall/default-action-bridge.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/default-action.xml.i --> +<leafNode name="default-action"> + <properties> + <help>Default-action for rule-set</help> + <completionHelp> + <list>drop jump return accept continue</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>accept</format> + <description>Accept if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <constraint> + <regex>(drop|jump|return|accept|continue)</regex> + </constraint> + </properties> + <defaultValue>drop</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i new file mode 100644 index 0000000..53a1614 --- /dev/null +++ b/interface-definitions/include/firewall/default-action.xml.i @@ -0,0 +1,38 @@ +<!-- include start from firewall/default-action.xml.i --> +<leafNode name="default-action"> + <properties> + <help>Default-action for rule-set</help> + <completionHelp> + <list>drop jump reject return accept continue</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Drop and notify source if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>accept</format> + <description>Accept if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <constraint> + <regex>(drop|jump|reject|return|accept|continue)</regex> + </constraint> + </properties> + <defaultValue>drop</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/default-log.xml.i b/interface-definitions/include/firewall/default-log.xml.i new file mode 100644 index 0000000..dceacdb --- /dev/null +++ b/interface-definitions/include/firewall/default-log.xml.i @@ -0,0 +1,8 @@ +<!-- include start from firewall/default-log.xml.i --> +<leafNode name="default-log"> + <properties> + <help>Log packets hitting default-action</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/dscp.xml.i b/interface-definitions/include/firewall/dscp.xml.i new file mode 100644 index 0000000..dd4da48 --- /dev/null +++ b/interface-definitions/include/firewall/dscp.xml.i @@ -0,0 +1,36 @@ +<!-- include start from firewall/dscp.xml.i --> +<leafNode name="dscp"> + <properties> + <help>DSCP value</help> + <valueHelp> + <format>u32:0-63</format> + <description>DSCP value to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>DSCP range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-63"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="dscp-exclude"> + <properties> + <help>DSCP value not to match</help> + <valueHelp> + <format>u32:0-63</format> + <description>DSCP value not to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>DSCP range not to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-63"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/eq.xml.i b/interface-definitions/include/firewall/eq.xml.i new file mode 100644 index 0000000..e1b4f37 --- /dev/null +++ b/interface-definitions/include/firewall/eq.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/eq.xml.i --> +<leafNode name="eq"> + <properties> + <help>Match on equal value</help> + <valueHelp> + <format>u32:0-255</format> + <description>Equal to value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i b/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i new file mode 100644 index 0000000..7f34de3 --- /dev/null +++ b/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i @@ -0,0 +1,35 @@ +<!-- include start from firewall/firewall-hashing-parameters.xml.i --> +<leafNode name="hash"> + <properties> + <help>Define the parameters of the packet header to apply the hashing</help> + <completionHelp> + <list>source-address destination-address source-port destination-port random</list> + </completionHelp> + <valueHelp> + <format>source-address</format> + <description>Use source IP address for hashing</description> + </valueHelp> + <valueHelp> + <format>destination-address</format> + <description>Use destination IP address for hashing</description> + </valueHelp> + <valueHelp> + <format>source-port</format> + <description>Use source port for hashing</description> + </valueHelp> + <valueHelp> + <format>destination-port</format> + <description>Use destination port for hashing</description> + </valueHelp> + <valueHelp> + <format>random</format> + <description>Do not use information from ip header. Use random value.</description> + </valueHelp> + <constraint> + <regex>(source-address|destination-address|source-port|destination-port|random)</regex> + </constraint> + <multi/> + </properties> + <defaultValue>random</defaultValue> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/firewall-mark.xml.i b/interface-definitions/include/firewall/firewall-mark.xml.i new file mode 100644 index 0000000..36a939b --- /dev/null +++ b/interface-definitions/include/firewall/firewall-mark.xml.i @@ -0,0 +1,26 @@ +<!-- include start from firewall/firewall-mark.xml.i --> +<leafNode name="mark"> + <properties> + <help>Firewall mark</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>Firewall mark to match</description> + </valueHelp> + <valueHelp> + <format>!u32:0-2147483647</format> + <description>Inverted Firewall mark to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Firewall mark range to match</description> + </valueHelp> + <valueHelp> + <format>!<start-end></format> + <description>Firewall mark inverted range to match</description> + </valueHelp> + <constraint> + <validator name="numeric-exclude" argument="--allow-range --range 0-2147483647"/> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/fqdn.xml.i b/interface-definitions/include/firewall/fqdn.xml.i new file mode 100644 index 0000000..9eb3925 --- /dev/null +++ b/interface-definitions/include/firewall/fqdn.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/fqdn.xml.i --> +<leafNode name="fqdn"> + <properties> + <help>Fully qualified domain name</help> + <valueHelp> + <format><fqdn></format> + <description>Fully qualified domain name</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/fragment.xml.i b/interface-definitions/include/firewall/fragment.xml.i new file mode 100644 index 0000000..1f4c110 --- /dev/null +++ b/interface-definitions/include/firewall/fragment.xml.i @@ -0,0 +1,21 @@ +<!-- include start from firewall/fragment.xml.i --> +<node name="fragment"> + <properties> + <help>IP fragment match</help> + </properties> + <children> + <leafNode name="match-frag"> + <properties> + <help>Second and further fragments of fragmented packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-non-frag"> + <properties> + <help>Head fragments or unfragmented packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/fwmark.xml.i b/interface-definitions/include/firewall/fwmark.xml.i new file mode 100644 index 0000000..4607ef5 --- /dev/null +++ b/interface-definitions/include/firewall/fwmark.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/fwmark.xml.i --> +<leafNode name="fwmark"> + <properties> + <help>Match fwmark value</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Match firewall mark value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/geoip.xml.i b/interface-definitions/include/firewall/geoip.xml.i new file mode 100644 index 0000000..9fb37a5 --- /dev/null +++ b/interface-definitions/include/firewall/geoip.xml.i @@ -0,0 +1,28 @@ +<!-- include start from firewall/geoip.xml.i --> +<node name="geoip"> + <properties> + <help>GeoIP options - Data provided by DB-IP.com</help> + </properties> + <children> + <leafNode name="country-code"> + <properties> + <help>GeoIP country code</help> + <valueHelp> + <format><country></format> + <description>Country code (2 characters)</description> + </valueHelp> + <constraint> + <regex>^(ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw)$</regex> + </constraint> + <multi /> + </properties> + </leafNode> + <leafNode name="inverse-match"> + <properties> + <help>Inverse match of country-codes</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i new file mode 100644 index 0000000..05fdd75 --- /dev/null +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -0,0 +1,366 @@ +<!-- include start from firewall/global-options.xml.i --> +<node name="global-options"> + <properties> + <help>Global Options</help> + </properties> + <children> + <leafNode name="all-ping"> + <properties> + <help>Policy for handling of all IPv4 ICMP echo requests</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of all IPv4 ICMP echo requests</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of all IPv4 ICMP echo requests</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="broadcast-ping"> + <properties> + <help>Policy for handling broadcast IPv4 ICMP echo and timestamp requests</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of broadcast IPv4 ICMP echo/timestamp requests</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of broadcast IPv4 ICMP echo/timestamp requests</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <node name="apply-to-bridged-traffic"> + <properties> + <help>Apply configured firewall rules to traffic switched by bridges</help> + </properties> + <children> + <leafNode name="invalid-connections"> + <properties> + <help>Accept ARP and DHCP despite they are marked as invalid connection</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv4"> + <properties> + <help>Apply configured IPv4 firewall rules</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>Apply configured IPv6 firewall rules</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="directed-broadcast"> + <properties> + <help>Policy for handling IPv4 directed broadcast forwarding on all interfaces</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable IPv4 directed broadcast forwarding on all interfaces</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable IPv4 directed broadcast forwarding on all interfaces</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="ip-src-route"> + <properties> + <help>Policy for handling IPv4 packets with source route option</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of IPv4 packets with source route option</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of IPv4 packets with source route option</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="log-martians"> + <properties> + <help>Policy for logging IPv4 packets with invalid addresses</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable logging of IPv4 packets with invalid addresses</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable logging of Ipv4 packets with invalid addresses</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="receive-redirects"> + <properties> + <help>Policy for handling received IPv4 ICMP redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of received IPv4 ICMP redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of received IPv4 ICMP redirect messages</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="resolver-cache"> + <properties> + <help>Retains last successful value if domain resolution fails</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="resolver-interval"> + <properties> + <help>Domain resolver update interval</help> + <valueHelp> + <format>u32:10-3600</format> + <description>Interval (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-3600"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + <leafNode name="send-redirects"> + <properties> + <help>Policy for sending IPv4 ICMP redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable sending IPv4 ICMP redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable sending IPv4 ICMP redirect messages</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="source-validation"> + <properties> + <help>Policy for IPv4 source validation by reversed path, as specified in RFC3704</help> + <completionHelp> + <list>strict loose disable</list> + </completionHelp> + <valueHelp> + <format>strict</format> + <description>Enable IPv4 Strict Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>loose</format> + <description>Enable IPv4 Loose Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>No IPv4 source validation</description> + </valueHelp> + <constraint> + <regex>(strict|loose|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <node name="state-policy"> + <properties> + <help>Global firewall state-policy</help> + </properties> + <children> + <node name="established"> + <properties> + <help>Global firewall policy for packets part of an established connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + <node name="invalid"> + <properties> + <help>Global firewall policy for packets part of an invalid connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + <node name="related"> + <properties> + <help>Global firewall policy for packets part of a related connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + </children> + </node> + <leafNode name="syn-cookies"> + <properties> + <help>Policy for using TCP SYN cookies with IPv4</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable use of TCP SYN cookies with IPv4</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable use of TCP SYN cookies with IPv4</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <node name="timeout"> + <properties> + <help>Connection timeout options</help> + </properties> + <children> + #include <include/firewall/timeout-common-protocols.xml.i> + </children> + </node> + <leafNode name="twa-hazards-protection"> + <properties> + <help>RFC1337 TCP TIME-WAIT assasination hazards protection</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable RFC1337 TIME-WAIT hazards protection</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable RFC1337 TIME-WAIT hazards protection</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="ipv6-receive-redirects"> + <properties> + <help>Policy for handling received ICMPv6 redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of received ICMPv6 redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of received ICMPv6 redirect messages</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="ipv6-source-validation"> + <properties> + <help>Policy for IPv6 source validation by reversed path, as specified in RFC3704</help> + <completionHelp> + <list>strict loose disable</list> + </completionHelp> + <valueHelp> + <format>strict</format> + <description>Enable IPv6 Strict Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>loose</format> + <description>Enable IPv6 Loose Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>No IPv6 source validation</description> + </valueHelp> + <constraint> + <regex>(strict|loose|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="ipv6-src-route"> + <properties> + <help>Policy for handling IPv6 packets with routing extension header</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of IPv6 packets with routing header type 2</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of IPv6 packets with routing header</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/gre.xml.i b/interface-definitions/include/firewall/gre.xml.i new file mode 100644 index 0000000..e7b9fd5 --- /dev/null +++ b/interface-definitions/include/firewall/gre.xml.i @@ -0,0 +1,116 @@ +<!-- include start from firewall/gre.xml.i --> +<node name="gre"> + <properties> + <help>GRE fields to match</help> + </properties> + <children> + <node name="flags"> + <properties> + <help>GRE flag bits to match</help> + </properties> + <children> + <node name="key"> + <properties> + <help>Header includes optional key field</help> + </properties> + <children> + <leafNode name="unset"> + <properties> + <help>Header does not include optional key field</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="checksum"> + <properties> + <help>Header includes optional checksum</help> + </properties> + <children> + <leafNode name="unset"> + <properties> + <help>Header does not include optional checksum</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="sequence"> + <properties> + <help>Header includes a sequence number field</help> + </properties> + <children> + <leafNode name="unset"> + <properties> + <help>Header does not include a sequence number field</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="inner-proto"> + <properties> + <help>EtherType of encapsulated packet</help> + <completionHelp> + <list>ip ip6 arp 802.1q 802.1ad</list> + </completionHelp> + <valueHelp> + <format>u32:0-65535</format> + <description>Ethernet protocol number</description> + </valueHelp> + <valueHelp> + <format>u32:0x0-0xffff</format> + <description>Ethernet protocol number (hex)</description> + </valueHelp> + <valueHelp> + <format>ip</format> + <description>IPv4</description> + </valueHelp> + <valueHelp> + <format>ip6</format> + <description>IPv6</description> + </valueHelp> + <valueHelp> + <format>arp</format> + <description>Address Resolution Protocol</description> + </valueHelp> + <valueHelp> + <format>802.1q</format> + <description>VLAN-tagged frames (IEEE 802.1q)</description> + </valueHelp> + <valueHelp> + <format>802.1ad</format> + <description>Provider Bridging (IEEE 802.1ad, Q-in-Q)</description> + </valueHelp> + <valueHelp> + <format>gretap</format> + <description>Transparent Ethernet Bridging (L2 Ethernet over GRE, gretap)</description> + </valueHelp> + <constraint> + <regex>(ip|ip6|arp|802.1q|802.1ad|gretap|0x[0-9a-fA-F]{1,4})</regex> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + #include <include/interface/parameters-key.xml.i> + <leafNode name="version"> + <properties> + <help>GRE Version</help> + <valueHelp> + <format>gre</format> + <description>Standard GRE</description> + </valueHelp> + <valueHelp> + <format>pptp</format> + <description>Point to Point Tunnelling Protocol</description> + </valueHelp> + <constraint> + <regex>(gre|pptp)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/gt.xml.i b/interface-definitions/include/firewall/gt.xml.i new file mode 100644 index 0000000..c879171 --- /dev/null +++ b/interface-definitions/include/firewall/gt.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/gt.xml.i --> +<leafNode name="gt"> + <properties> + <help>Match on greater then value</help> + <valueHelp> + <format>u32:0-255</format> + <description>Greater then value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/hop-limit.xml.i b/interface-definitions/include/firewall/hop-limit.xml.i new file mode 100644 index 0000000..d375dc9 --- /dev/null +++ b/interface-definitions/include/firewall/hop-limit.xml.i @@ -0,0 +1,12 @@ +<!-- include start from firewall/hop-limit.xml.i --> +<node name="hop-limit"> + <properties> + <help>Hop limit</help> + </properties> + <children> + #include <include/firewall/eq.xml.i> + #include <include/firewall/gt.xml.i> + #include <include/firewall/lt.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i new file mode 100644 index 0000000..d4197cf --- /dev/null +++ b/interface-definitions/include/firewall/icmp-type-name.xml.i @@ -0,0 +1,73 @@ +<!-- include start from firewall/icmp-type-name.xml.i --> +<leafNode name="type-name"> + <properties> + <help>ICMP type-name</help> + <completionHelp> + <list>echo-reply destination-unreachable source-quench redirect echo-request router-advertisement router-solicitation time-exceeded parameter-problem timestamp-request timestamp-reply info-request info-reply address-mask-request address-mask-reply</list> + </completionHelp> + <valueHelp> + <format>echo-reply</format> + <description>ICMP type 0: echo-reply</description> + </valueHelp> + <valueHelp> + <format>destination-unreachable</format> + <description>ICMP type 3: destination-unreachable</description> + </valueHelp> + <valueHelp> + <format>source-quench</format> + <description>ICMP type 4: source-quench</description> + </valueHelp> + <valueHelp> + <format>redirect</format> + <description>ICMP type 5: redirect</description> + </valueHelp> + <valueHelp> + <format>echo-request</format> + <description>ICMP type 8: echo-request</description> + </valueHelp> + <valueHelp> + <format>router-advertisement</format> + <description>ICMP type 9: router-advertisement</description> + </valueHelp> + <valueHelp> + <format>router-solicitation</format> + <description>ICMP type 10: router-solicitation</description> + </valueHelp> + <valueHelp> + <format>time-exceeded</format> + <description>ICMP type 11: time-exceeded</description> + </valueHelp> + <valueHelp> + <format>parameter-problem</format> + <description>ICMP type 12: parameter-problem</description> + </valueHelp> + <valueHelp> + <format>timestamp-request</format> + <description>ICMP type 13: timestamp-request</description> + </valueHelp> + <valueHelp> + <format>timestamp-reply</format> + <description>ICMP type 14: timestamp-reply</description> + </valueHelp> + <valueHelp> + <format>info-request</format> + <description>ICMP type 15: info-request</description> + </valueHelp> + <valueHelp> + <format>info-reply</format> + <description>ICMP type 16: info-reply</description> + </valueHelp> + <valueHelp> + <format>address-mask-request</format> + <description>ICMP type 17: address-mask-request</description> + </valueHelp> + <valueHelp> + <format>address-mask-reply</format> + <description>ICMP type 18: address-mask-reply</description> + </valueHelp> + <constraint> + <regex>(echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/icmp.xml.i b/interface-definitions/include/firewall/icmp.xml.i new file mode 100644 index 0000000..deb50a4 --- /dev/null +++ b/interface-definitions/include/firewall/icmp.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/icmp.xml.i --> +<node name="icmp"> + <properties> + <help>ICMP type and code information</help> + </properties> + <children> + <leafNode name="code"> + <properties> + <help>ICMP code</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP code (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>ICMP type</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP type (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + #include <include/firewall/icmp-type-name.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/icmpv6-type-name.xml.i b/interface-definitions/include/firewall/icmpv6-type-name.xml.i new file mode 100644 index 0000000..e17a20e --- /dev/null +++ b/interface-definitions/include/firewall/icmpv6-type-name.xml.i @@ -0,0 +1,85 @@ +<!-- include start from firewall/icmpv6-type-name.xml.i --> +<leafNode name="type-name"> + <properties> + <help>ICMPv6 type-name</help> + <completionHelp> + <list>destination-unreachable packet-too-big time-exceeded echo-request echo-reply mld-listener-query mld-listener-report mld-listener-reduction nd-router-solicit nd-router-advert nd-neighbor-solicit nd-neighbor-advert nd-redirect parameter-problem router-renumbering ind-neighbor-solicit ind-neighbor-advert mld2-listener-report</list> + </completionHelp> + <valueHelp> + <format>destination-unreachable</format> + <description>ICMPv6 type 1: destination-unreachable</description> + </valueHelp> + <valueHelp> + <format>packet-too-big</format> + <description>ICMPv6 type 2: packet-too-big</description> + </valueHelp> + <valueHelp> + <format>time-exceeded</format> + <description>ICMPv6 type 3: time-exceeded</description> + </valueHelp> + <valueHelp> + <format>echo-request</format> + <description>ICMPv6 type 128: echo-request</description> + </valueHelp> + <valueHelp> + <format>echo-reply</format> + <description>ICMPv6 type 129: echo-reply</description> + </valueHelp> + <valueHelp> + <format>mld-listener-query</format> + <description>ICMPv6 type 130: mld-listener-query</description> + </valueHelp> + <valueHelp> + <format>mld-listener-report</format> + <description>ICMPv6 type 131: mld-listener-report</description> + </valueHelp> + <valueHelp> + <format>mld-listener-reduction</format> + <description>ICMPv6 type 132: mld-listener-reduction</description> + </valueHelp> + <valueHelp> + <format>nd-router-solicit</format> + <description>ICMPv6 type 133: nd-router-solicit</description> + </valueHelp> + <valueHelp> + <format>nd-router-advert</format> + <description>ICMPv6 type 134: nd-router-advert</description> + </valueHelp> + <valueHelp> + <format>nd-neighbor-solicit</format> + <description>ICMPv6 type 135: nd-neighbor-solicit</description> + </valueHelp> + <valueHelp> + <format>nd-neighbor-advert</format> + <description>ICMPv6 type 136: nd-neighbor-advert</description> + </valueHelp> + <valueHelp> + <format>nd-redirect</format> + <description>ICMPv6 type 137: nd-redirect</description> + </valueHelp> + <valueHelp> + <format>parameter-problem</format> + <description>ICMPv6 type 4: parameter-problem</description> + </valueHelp> + <valueHelp> + <format>router-renumbering</format> + <description>ICMPv6 type 138: router-renumbering</description> + </valueHelp> + <valueHelp> + <format>ind-neighbor-solicit</format> + <description>ICMPv6 type 141: ind-neighbor-solicit</description> + </valueHelp> + <valueHelp> + <format>ind-neighbor-advert</format> + <description>ICMPv6 type 142: ind-neighbor-advert</description> + </valueHelp> + <valueHelp> + <format>mld2-listener-report</format> + <description>ICMPv6 type 143: mld2-listener-report</description> + </valueHelp> + <constraint> + <regex>(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering|ind-neighbor-solicit|ind-neighbor-advert|mld2-listener-report)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/icmpv6.xml.i b/interface-definitions/include/firewall/icmpv6.xml.i new file mode 100644 index 0000000..c011862 --- /dev/null +++ b/interface-definitions/include/firewall/icmpv6.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/icmpv6.xml.i --> +<node name="icmpv6"> + <properties> + <help>ICMPv6 type and code information</help> + </properties> + <children> + <leafNode name="code"> + <properties> + <help>ICMPv6 code</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMPv6 code (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>ICMPv6 type</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMPv6 type (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + #include <include/firewall/icmpv6-type-name.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i new file mode 100644 index 0000000..bcd4c95 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/inbound-interface-no-group.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/inbound-interface.xml.i b/interface-definitions/include/firewall/inbound-interface.xml.i new file mode 100644 index 0000000..13df71d --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/inbound-interface.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + #include <include/firewall/match-interface.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i new file mode 100644 index 0000000..8046b2d --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i @@ -0,0 +1,43 @@ +<!-- include start from firewall/ipv4-custom-name.xml.i --> +<tagNode name="name"> + <properties> + <help>IPv4 custom firewall</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall custom rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/offload-target.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i new file mode 100644 index 0000000..b0e240a --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -0,0 +1,40 @@ +<!-- include start from firewall/ipv4-hook-forward.xml.i --> +<node name="forward"> + <properties> + <help>IPv4 forward firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv4 firewall forward filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/action-forward.xml.i> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/offload-target.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i new file mode 100644 index 0000000..491d1a9 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -0,0 +1,37 @@ +<!-- include start from firewall/ipv4-hook-input.xml.i --> +<node name="input"> + <properties> + <help>IPv4 input firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv4 firewall input filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall input filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i new file mode 100644 index 0000000..ee91575 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -0,0 +1,65 @@ +<!-- include start from firewall/ipv4-hook-output.xml.i --> +<node name="output"> + <properties> + <help>IPv4 output firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv4 firewall output filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall output filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="raw"> + <properties> + <help>IPv4 firewall output raw</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall output raw rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4-raw.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i new file mode 100644 index 0000000..b431303 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i @@ -0,0 +1,52 @@ +<!-- include start from firewall/ipv4-hook-prerouting.xml.i --> +<node name="prerouting"> + <properties> + <help>IPv4 prerouting firewall</help> + </properties> + <children> + <node name="raw"> + <properties> + <help>IPv4 firewall prerouting raw</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall prerouting raw rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4-raw.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> + #include <include/firewall/inbound-interface.xml.i> + <leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i new file mode 100644 index 0000000..fb8740c --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i @@ -0,0 +1,43 @@ +<!-- include start from firewall/ipv6-custom-name.xml.i --> +<tagNode name="name"> + <properties> + <help>IPv6 custom firewall</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall custom rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/offload-target.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i new file mode 100644 index 0000000..7efc261 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -0,0 +1,40 @@ +<!-- include start from firewall/ipv6-hook-forward.xml.i --> +<node name="forward"> + <properties> + <help>IPv6 forward firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv6 firewall forward filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/action-forward.xml.i> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/offload-target.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i new file mode 100644 index 0000000..154b102 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -0,0 +1,37 @@ +<!-- include start from firewall/ipv6-hook-input.xml.i --> +<node name="input"> + <properties> + <help>IPv6 input firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv6 firewall input filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall input filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i new file mode 100644 index 0000000..d3c4c1e --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -0,0 +1,65 @@ +<!-- include start from firewall/ipv6-hook-output.xml.i --> +<node name="output"> + <properties> + <help>IPv6 output firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv6 firewall output filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall output filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="raw"> + <properties> + <help>IPv6 firewall output raw</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall output raw rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6-raw.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i new file mode 100644 index 0000000..21f8de6 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i @@ -0,0 +1,52 @@ +<!-- include start from firewall/ipv6-hook-prerouting.xml.i --> +<node name="prerouting"> + <properties> + <help>IPv6 prerouting firewall</help> + </properties> + <children> + <node name="raw"> + <properties> + <help>IPv6 firewall prerouting raw</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall prerouting raw rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6-raw.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> + #include <include/firewall/inbound-interface.xml.i> + <leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/limit.xml.i b/interface-definitions/include/firewall/limit.xml.i new file mode 100644 index 0000000..21068de --- /dev/null +++ b/interface-definitions/include/firewall/limit.xml.i @@ -0,0 +1,33 @@ +<!-- include start from firewall/limit.xml.i --> +<node name="limit"> + <properties> + <help>Rate limit using a token bucket filter</help> + </properties> + <children> + <leafNode name="burst"> + <properties> + <help>Maximum number of packets to allow in excess of rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Maximum number of packets to allow in excess of rate</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rate"> + <properties> + <help>Maximum average matching rate</help> + <valueHelp> + <format>txt</format> + <description>integer/unit (Example: 5/minute)</description> + </valueHelp> + <constraint> + <regex>\d+/(second|minute|hour|day)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/log-options.xml.i b/interface-definitions/include/firewall/log-options.xml.i new file mode 100644 index 0000000..e8b0cde --- /dev/null +++ b/interface-definitions/include/firewall/log-options.xml.i @@ -0,0 +1,89 @@ +<!-- include start from firewall/rule-log-options.xml.i --> +<node name="log-options"> + <properties> + <help>Log options</help> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Set log group</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Log group to send messages to</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="snapshot-length"> + <properties> + <help>Length of packet payload to include in netlink message</help> + <valueHelp> + <format>u32:0-9000</format> + <description>Length of packet payload to include in netlink message</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-9000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="queue-threshold"> + <properties> + <help>Number of packets to queue inside the kernel before sending them to userspace</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Number of packets to queue inside the kernel before sending them to userspace</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="level"> + <properties> + <help>Set log-level</help> + <completionHelp> + <list>emerg alert crit err warn notice info debug</list> + </completionHelp> + <valueHelp> + <format>emerg</format> + <description>Emerg log level</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Alert log level</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical log level</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error log level</description> + </valueHelp> + <valueHelp> + <format>warn</format> + <description>Warning log level</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Notice log level</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Info log level</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug log level</description> + </valueHelp> + <constraint> + <regex>(emerg|alert|crit|err|warn|notice|info|debug)</regex> + </constraint> + <constraintErrorMessage>level must be alert, crit, debug, emerg, err, info, notice or warn</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i new file mode 100644 index 0000000..21548f3 --- /dev/null +++ b/interface-definitions/include/firewall/log.xml.i @@ -0,0 +1,8 @@ +<!-- include start from firewall/log.xml.i --> +<leafNode name="log"> + <properties> + <help>Log packets hitting this rule</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/lt.xml.i b/interface-definitions/include/firewall/lt.xml.i new file mode 100644 index 0000000..77894d3 --- /dev/null +++ b/interface-definitions/include/firewall/lt.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/lt.xml.i --> +<leafNode name="lt"> + <properties> + <help>Match on less then value</help> + <valueHelp> + <format>u32:0-255</format> + <description>Less then value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/mac-address.xml.i b/interface-definitions/include/firewall/mac-address.xml.i new file mode 100644 index 0000000..db3e1e3 --- /dev/null +++ b/interface-definitions/include/firewall/mac-address.xml.i @@ -0,0 +1,19 @@ +<!-- include start from firewall/mac-address.xml.i --> +<leafNode name="mac-address"> + <properties> + <help>MAC address</help> + <valueHelp> + <format>macaddr</format> + <description>MAC address to match</description> + </valueHelp> + <valueHelp> + <format>!macaddr</format> + <description>Match everything except the specified MAC address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + <validator name="mac-address-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/mac-group.xml.i b/interface-definitions/include/firewall/mac-group.xml.i new file mode 100644 index 0000000..dbce3fc --- /dev/null +++ b/interface-definitions/include/firewall/mac-group.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/mac-group.xml.i --> +<leafNode name="mac-group"> + <properties> + <help>Group of MAC addresses</help> + <completionHelp> + <path>firewall group mac-group</path> + </completionHelp> + </properties> +</leafNode> +<!-- include start from firewall/mac-group.xml.i -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ether-type.xml.i b/interface-definitions/include/firewall/match-ether-type.xml.i new file mode 100644 index 0000000..abfa903 --- /dev/null +++ b/interface-definitions/include/firewall/match-ether-type.xml.i @@ -0,0 +1,30 @@ +<!-- include start from firewall/match-ether-type.xml.i --> +<leafNode name="ethernet-type"> + <properties> + <help>Ethernet type</help> + <completionHelp> + <list>802.1q 802.1ad arp ipv4 ipv6</list> + </completionHelp> + <valueHelp> + <format>802.1q</format> + <description>Customer VLAN tag type</description> + </valueHelp> + <valueHelp> + <format>802.1ad</format> + <description>Service VLAN tag type</description> + </valueHelp> + <valueHelp> + <format>arp</format> + <description>Adress Resolution Protocol</description> + </valueHelp> + <valueHelp> + <format>_ipv4</format> + <description>Internet Protocol version 4</description> + </valueHelp> + <valueHelp> + <format>_ipv6</format> + <description>Internet Protocol version 6</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i new file mode 100644 index 0000000..f25686e --- /dev/null +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -0,0 +1,43 @@ +<!-- include start from firewall/match-interface.xml.i --> +<leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> +</leafNode> +<leafNode name="group"> + <properties> + <help>Match interface-group</help> + <completionHelp> + <path>firewall group interface-group</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface-group name to match</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface-group name to match</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec-in.xml.i b/interface-definitions/include/firewall/match-ipsec-in.xml.i new file mode 100644 index 0000000..62ed646 --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec-in.xml.i @@ -0,0 +1,21 @@ +<!-- include start from firewall/match-ipsec-in.xml.i --> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec-in"> + <properties> + <help>Inbound traffic that was IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none-in"> + <properties> + <help>Inbound traffic that was not IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec-out.xml.i b/interface-definitions/include/firewall/match-ipsec-out.xml.i new file mode 100644 index 0000000..880fdd4 --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec-out.xml.i @@ -0,0 +1,21 @@ +<!-- include start from firewall/match-ipsec-out.xml.i --> +<node name="ipsec"> + <properties> + <help>Outbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec-out"> + <properties> + <help>Outbound traffic to be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none-out"> + <properties> + <help>Outbound traffic that will not be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec.xml.i b/interface-definitions/include/firewall/match-ipsec.xml.i new file mode 100644 index 0000000..d8d31ef --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec.xml.i @@ -0,0 +1,33 @@ +<!-- include start from firewall/match-ipsec.xml.i --> +<node name="ipsec"> + <properties> + <help>IPsec encapsulated packets</help> + </properties> + <children> + <leafNode name="match-ipsec-in"> + <properties> + <help>Inbound traffic that was IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none-in"> + <properties> + <help>Inbound traffic that was not IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-ipsec-out"> + <properties> + <help>Outbound traffic to be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none-out"> + <properties> + <help>Outbound traffic that will not be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-vlan.xml.i b/interface-definitions/include/firewall/match-vlan.xml.i new file mode 100644 index 0000000..d58e843 --- /dev/null +++ b/interface-definitions/include/firewall/match-vlan.xml.i @@ -0,0 +1,42 @@ +<!-- include start from firewall/match-vlan.xml.i --> +<node name="vlan"> + <properties> + <help>VLAN parameters</help> + </properties> + <children> + <leafNode name="id"> + <properties> + <help>Vlan id</help> + <valueHelp> + <format>u32:0-4096</format> + <description>Vlan id</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Vlan id range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-4095"/> + </constraint> + </properties> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Vlan priority(pcp)</help> + <valueHelp> + <format>u32:0-7</format> + <description>Vlan priority</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Vlan priority range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-7"/> + </constraint> + </properties> + </leafNode> + #include <include/firewall/match-ether-type.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/name.xml.i b/interface-definitions/include/firewall/name.xml.i new file mode 100644 index 0000000..231b9b1 --- /dev/null +++ b/interface-definitions/include/firewall/name.xml.i @@ -0,0 +1,18 @@ +<!-- include start from firewall/name.xml.i --> +<leafNode name="name"> + <properties> + <help>Local IPv4 firewall ruleset name for interface</help> + <completionHelp> + <path>firewall name</path> + </completionHelp> + </properties> +</leafNode> +<leafNode name="ipv6-name"> + <properties> + <help>Local IPv6 firewall ruleset name for interface</help> + <completionHelp> + <path>firewall ipv6-name</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end from firewall/name.xml.i -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/nat-balance.xml.i b/interface-definitions/include/firewall/nat-balance.xml.i new file mode 100644 index 0000000..01793f0 --- /dev/null +++ b/interface-definitions/include/firewall/nat-balance.xml.i @@ -0,0 +1,28 @@ +<!-- include start from firewall/nat-balance.xml.i --> +<tagNode name="backend"> + <properties> + <help>Translated IP address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="weight"> + <properties> + <help>Set probability for this output value</help> + <valueHelp> + <format>u32:1-100</format> + <description>Set probability for this output value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 1-100"/> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/nft-queue.xml.i b/interface-definitions/include/firewall/nft-queue.xml.i new file mode 100644 index 0000000..8799eac --- /dev/null +++ b/interface-definitions/include/firewall/nft-queue.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/nft-queue.xml.i --> +<leafNode name="queue"> + <properties> + <help>Queue target to use. Action queue must be defined to use this setting</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Queue target</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-65535"/> + </constraint> + </properties> +</leafNode> +<leafNode name="queue-options"> + <properties> + <help>Options used for queue target. Action queue must be defined to use this setting</help> + <completionHelp> + <list>bypass fanout</list> + </completionHelp> + <valueHelp> + <format>bypass</format> + <description>Let packets go through if userspace application cannot back off</description> + </valueHelp> + <valueHelp> + <format>fanout</format> + <description>Distribute packets between several queues</description> + </valueHelp> + <constraint> + <regex>(bypass|fanout)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/offload-target.xml.i b/interface-definitions/include/firewall/offload-target.xml.i new file mode 100644 index 0000000..940ed80 --- /dev/null +++ b/interface-definitions/include/firewall/offload-target.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/offload-target.xml.i --> +<leafNode name="offload-target"> + <properties> + <help>Set flowtable offload target. Action offload must be defined to use this setting</help> + <completionHelp> + <path>firewall flowtable</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i new file mode 100644 index 0000000..e3bace4 --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/outbound-interface-no-group.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/outbound-interface.xml.i b/interface-definitions/include/firewall/outbound-interface.xml.i new file mode 100644 index 0000000..8654dfd --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/outbound-interface.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + #include <include/firewall/match-interface.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/packet-options.xml.i b/interface-definitions/include/firewall/packet-options.xml.i new file mode 100644 index 0000000..cd94e69 --- /dev/null +++ b/interface-definitions/include/firewall/packet-options.xml.i @@ -0,0 +1,63 @@ +<!-- include start from firewall/packet-options.xml.i --> +<leafNode name="packet-length"> + <properties> + <help>Payload size in bytes, including header and data to match</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Packet length to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Packet length range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 1-65535"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="packet-length-exclude"> + <properties> + <help>Payload size in bytes, including header and data not to match</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Packet length not to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Packet length range not to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 1-65535"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="packet-type"> + <properties> + <help>Packet type</help> + <completionHelp> + <list>broadcast host multicast other</list> + </completionHelp> + <valueHelp> + <format>broadcast</format> + <description>Match broadcast packet type</description> + </valueHelp> + <valueHelp> + <format>host</format> + <description>Match host packet type, addressed to local host</description> + </valueHelp> + <valueHelp> + <format>multicast</format> + <description>Match multicast packet type</description> + </valueHelp> + <valueHelp> + <format>other</format> + <description>Match packet addressed to another host</description> + </valueHelp> + <constraint> + <regex>(broadcast|host|multicast|other)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/port.xml.i b/interface-definitions/include/firewall/port.xml.i new file mode 100644 index 0000000..3bacaff --- /dev/null +++ b/interface-definitions/include/firewall/port.xml.i @@ -0,0 +1,26 @@ +<!-- include start from firewall/port.xml.i --> +<leafNode name="port"> + <properties> + <help>Port</help> + <valueHelp> + <format>txt</format> + <description>Named port (any name in /etc/services, e.g., http)</description> + </valueHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Numbered port</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Numbered port range (e.g. 1001-1005)</description> + </valueHelp> + <valueHelp> + <format> </format> + <description>\n\n Multiple destination ports can be specified as a comma-separated list.\n For example: 'telnet,http,123,1001-1005'</description> + </valueHelp> + <constraint> + <validator name="port-multi"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/protocol.xml.i b/interface-definitions/include/firewall/protocol.xml.i new file mode 100644 index 0000000..e391cae --- /dev/null +++ b/interface-definitions/include/firewall/protocol.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + <list>all tcp_udp</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format><protocol></format> + <description>IP protocol name</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol name</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/recent.xml.i b/interface-definitions/include/firewall/recent.xml.i new file mode 100644 index 0000000..38f40b9 --- /dev/null +++ b/interface-definitions/include/firewall/recent.xml.i @@ -0,0 +1,44 @@ +<!-- include start from firewall/recent.xml.i --> +<node name="recent"> + <properties> + <help>Parameters for matching recently seen sources</help> + </properties> + <children> + <leafNode name="count"> + <properties> + <help>Source addresses seen more than N times</help> + <valueHelp> + <format>u32:1-255</format> + <description>Source addresses seen more than N times</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time"> + <properties> + <help>Source addresses seen in the last second/minute/hour</help> + <completionHelp> + <list>second minute hour</list> + </completionHelp> + <valueHelp> + <format>second</format> + <description>Source addresses seen COUNT times in the last second</description> + </valueHelp> + <valueHelp> + <format>minute</format> + <description>Source addresses seen COUNT times in the last minute</description> + </valueHelp> + <valueHelp> + <format>hour</format> + <description>Source addresses seen COUNT times in the last hour</description> + </valueHelp> + <constraint> + <regex>(second|minute|hour)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/rule-log-level.xml.i b/interface-definitions/include/firewall/rule-log-level.xml.i new file mode 100644 index 0000000..3ac4738 --- /dev/null +++ b/interface-definitions/include/firewall/rule-log-level.xml.i @@ -0,0 +1,45 @@ +<!-- include start from firewall/rule-log-level.xml.i --> +<leafNode name="log-level"> + <properties> + <help>Set log-level. Log must be enable.</help> + <completionHelp> + <list>emerg alert crit err warn notice info debug</list> + </completionHelp> + <valueHelp> + <format>emerg</format> + <description>Emerg log level</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Alert log level</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical log level</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error log level</description> + </valueHelp> + <valueHelp> + <format>warn</format> + <description>Warning log level</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Notice log level</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Info log level</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug log level</description> + </valueHelp> + <constraint> + <regex>(emerg|alert|crit|err|warn|notice|info|debug)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/set-packet-modifications.xml.i b/interface-definitions/include/firewall/set-packet-modifications.xml.i new file mode 100644 index 0000000..ee019b6 --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications.xml.i @@ -0,0 +1,96 @@ +<!-- include start from firewall/set-packet-modifications.xml.i --> +<node name="set"> + <properties> + <help>Packet modifications</help> + </properties> + <children> + <leafNode name="connection-mark"> + <properties> + <help>Set connection mark</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>Connection mark</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dscp"> + <properties> + <help>Set DSCP (Packet Differentiated Services Codepoint) bits</help> + <valueHelp> + <format>u32:0-63</format> + <description>DSCP number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-63"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mark"> + <properties> + <help>Set packet mark</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Packet mark</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="table"> + <properties> + <help>Set the routing table for matched packets</help> + <valueHelp> + <format>u32:1-200</format> + <description>Table number</description> + </valueHelp> + <valueHelp> + <format>main</format> + <description>Main table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-200"/> + <regex>(main)</regex> + </constraint> + <completionHelp> + <list>main</list> + <path>protocols static table</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="vrf"> + <properties> + <help>VRF to forward packet with</help> + <valueHelp> + <format>txt</format> + <description>VRF instance name</description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>Forward into default global VRF</description> + </valueHelp> + <completionHelp> + <list>default</list> + <path>vrf name</path> + </completionHelp> + #include <include/constraint/vrf.xml.i> + </properties> + </leafNode> + <leafNode name="tcp-mss"> + <properties> + <help>Set TCP Maximum Segment Size</help> + <valueHelp> + <format>u32:500-1460</format> + <description>Explicitly set TCP MSS value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-1460"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i new file mode 100644 index 0000000..845f8fe --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i @@ -0,0 +1,17 @@ +<!-- include start from firewall/source-destination-dynamic-group-ipv6.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="dynamic-address-group"> + <properties> + <help>Group of dynamic ipv6 addresses</help> + <completionHelp> + <path>firewall group dynamic-group ipv6-address-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i new file mode 100644 index 0000000..29ab98c --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i @@ -0,0 +1,17 @@ +<!-- include start from firewall/source-destination-dynamic-group.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="dynamic-address-group"> + <properties> + <help>Group of dynamic addresses</help> + <completionHelp> + <path>firewall group dynamic-group address-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/source-destination-group-inet.xml.i b/interface-definitions/include/firewall/source-destination-group-inet.xml.i new file mode 100644 index 0000000..1740516 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-inet.xml.i @@ -0,0 +1,50 @@ +<!-- include start from firewall/source-destination-group-inet.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="ipv4-address-group"> + <properties> + <help>Group of IPv4 addresses</help> + <completionHelp> + <path>firewall group address-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="ipv6-address-group"> + <properties> + <help>Group of IPv6 addresses</help> + <completionHelp> + <path>firewall group ipv6-address-group</path> + </completionHelp> + </properties> + </leafNode> + #include <include/firewall/mac-group.xml.i> + <leafNode name="ipv4-network-group"> + <properties> + <help>Group of IPv4 networks</help> + <completionHelp> + <path>firewall group network-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="ipv6-network-group"> + <properties> + <help>Group of IPv6 networks</help> + <completionHelp> + <path>firewall group ipv6-network-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="port-group"> + <properties> + <help>Group of ports</help> + <completionHelp> + <path>firewall group port-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i new file mode 100644 index 0000000..8c34fb9 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/source-destination-group-ipv4.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="address-group"> + <properties> + <help>Group of addresses</help> + <completionHelp> + <path>firewall group address-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="domain-group"> + <properties> + <help>Group of domains</help> + <completionHelp> + <path>firewall group domain-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="network-group"> + <properties> + <help>Group of networks</help> + <completionHelp> + <path>firewall group network-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="port-group"> + <properties> + <help>Group of ports</help> + <completionHelp> + <path>firewall group port-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i new file mode 100644 index 0000000..2a42d23 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i @@ -0,0 +1,42 @@ +<!-- include start from firewall/source-destination-group-ipv6.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="address-group"> + <properties> + <help>Group of addresses</help> + <completionHelp> + <path>firewall group ipv6-address-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="domain-group"> + <properties> + <help>Group of domains</help> + <completionHelp> + <path>firewall group domain-group</path> + </completionHelp> + </properties> + </leafNode> + #include <include/firewall/mac-group.xml.i> + <leafNode name="network-group"> + <properties> + <help>Group of networks</help> + <completionHelp> + <path>firewall group ipv6-network-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="port-group"> + <properties> + <help>Group of ports</help> + <completionHelp> + <path>firewall group port-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/source-destination-group.xml.i b/interface-definitions/include/firewall/source-destination-group.xml.i new file mode 100644 index 0000000..6ebee35 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group.xml.i @@ -0,0 +1,42 @@ +<!-- include start from firewall/source-destination-group.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="address-group"> + <properties> + <help>Group of addresses</help> + <completionHelp> + <path>firewall group address-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="domain-group"> + <properties> + <help>Group of domains</help> + <completionHelp> + <path>firewall group domain-group</path> + </completionHelp> + </properties> + </leafNode> + #include <include/firewall/mac-group.xml.i> + <leafNode name="network-group"> + <properties> + <help>Group of networks</help> + <completionHelp> + <path>firewall group network-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="port-group"> + <properties> + <help>Group of ports</help> + <completionHelp> + <path>firewall group port-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/state.xml.i b/interface-definitions/include/firewall/state.xml.i new file mode 100644 index 0000000..dee9722 --- /dev/null +++ b/interface-definitions/include/firewall/state.xml.i @@ -0,0 +1,30 @@ +<!-- include start from firewall/state.xml.i --> +<leafNode name="state"> + <properties> + <help>Session state</help> + <completionHelp> + <list>established invalid new related</list> + </completionHelp> + <valueHelp> + <format>established</format> + <description>Established state</description> + </valueHelp> + <valueHelp> + <format>invalid</format> + <description>Invalid state</description> + </valueHelp> + <valueHelp> + <format>new</format> + <description>New state</description> + </valueHelp> + <valueHelp> + <format>related</format> + <description>Related state</description> + </valueHelp> + <constraint> + <regex>(established|invalid|new|related)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/synproxy.xml.i b/interface-definitions/include/firewall/synproxy.xml.i new file mode 100644 index 0000000..a65126e --- /dev/null +++ b/interface-definitions/include/firewall/synproxy.xml.i @@ -0,0 +1,40 @@ +<!-- include start from firewall/synproxy.xml.i --> +<node name="synproxy"> + <properties> + <help>Synproxy options</help> + </properties> + <children> + <node name="tcp"> + <properties> + <help>TCP synproxy options</help> + </properties> + <children> + <leafNode name="mss"> + <properties> + <help>TCP Maximum segment size</help> + <valueHelp> + <format>u32:501-65535</format> + <description>Maximum segment size for synproxy connections</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 501-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="window-scale"> + <properties> + <help>TCP window scale for synproxy connections</help> + <valueHelp> + <format>u32:1-14</format> + <description>TCP window scale</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-14"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i new file mode 100644 index 0000000..36546c2 --- /dev/null +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -0,0 +1,119 @@ +<!-- include start from firewall/tcp-flags.xml.i --> +<node name="tcp"> + <properties> + <help>TCP options to match</help> + </properties> + <children> + <node name="flags"> + <properties> + <help>TCP flags to match</help> + </properties> + <children> + <leafNode name="syn"> + <properties> + <help>Synchronise flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ack"> + <properties> + <help>Acknowledge flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="fin"> + <properties> + <help>Finish flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="rst"> + <properties> + <help>Reset flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="urg"> + <properties> + <help>Urgent flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="psh"> + <properties> + <help>Push flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ecn"> + <properties> + <help>Explicit Congestion Notification flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="cwr"> + <properties> + <help>Congestion Window Reduced flag</help> + <valueless/> + </properties> + </leafNode> + <node name="not"> + <properties> + <help>Match flags not set</help> + </properties> + <children> + <leafNode name="syn"> + <properties> + <help>Synchronise flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ack"> + <properties> + <help>Acknowledge flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="fin"> + <properties> + <help>Finish flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="rst"> + <properties> + <help>Reset flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="urg"> + <properties> + <help>Urgent flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="psh"> + <properties> + <help>Push flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ecn"> + <properties> + <help>Explicit Congestion Notification flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="cwr"> + <properties> + <help>Congestion Window Reduced flag</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/tcp-mss.xml.i b/interface-definitions/include/firewall/tcp-mss.xml.i new file mode 100644 index 0000000..dc49b42 --- /dev/null +++ b/interface-definitions/include/firewall/tcp-mss.xml.i @@ -0,0 +1,25 @@ +<!-- include start from firewall/tcp-mss.xml.i --> +<node name="tcp"> + <properties> + <help>TCP options to match</help> + </properties> + <children> + <leafNode name="mss"> + <properties> + <help>Maximum segment size (MSS)</help> + <valueHelp> + <format>u32:1-16384</format> + <description>Maximum segment size</description> + </valueHelp> + <valueHelp> + <format><min>-<max></format> + <description>TCP MSS range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 1-16384"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/time.xml.i b/interface-definitions/include/firewall/time.xml.i new file mode 100644 index 0000000..7bd7374 --- /dev/null +++ b/interface-definitions/include/firewall/time.xml.i @@ -0,0 +1,70 @@ +<!-- include start from firewall/time.xml.i --> +<node name="time"> + <properties> + <help>Time to match rule</help> + </properties> + <children> + <leafNode name="startdate"> + <properties> + <help>Date to start matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter date using following notation - YYYY-MM-DD</description> + </valueHelp> + <constraint> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="starttime"> + <properties> + <help>Time of day to start matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter time using using 24 hour notation - hh:mm:ss</description> + </valueHelp> + <constraint> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="stopdate"> + <properties> + <help>Date to stop matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter date using following notation - YYYY-MM-DD</description> + </valueHelp> + <constraint> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="stoptime"> + <properties> + <help>Time of day to stop matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter time using using 24 hour notation - hh:mm:ss</description> + </valueHelp> + <constraint> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="weekdays"> + <properties> + <help>Comma separated weekdays to match rule on</help> + <valueHelp> + <format>txt</format> + <description>Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday)</description> + </valueHelp> + <valueHelp> + <format>u32:0-6</format> + <description>Day number (0 = Sunday ... 6 = Saturday)</description> + </valueHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/timeout-common-protocols.xml.i b/interface-definitions/include/firewall/timeout-common-protocols.xml.i new file mode 100644 index 0000000..037d7d2 --- /dev/null +++ b/interface-definitions/include/firewall/timeout-common-protocols.xml.i @@ -0,0 +1,171 @@ +<!-- include start from firewall/timeout-common-protocols.xml.i --> +<leafNode name="icmp"> + <properties> + <help>ICMP timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>ICMP timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> +</leafNode> +<leafNode name="other"> + <properties> + <help>Generic connection timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>Generic connection timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>600</defaultValue> +</leafNode> +<node name="tcp"> + <properties> + <help>TCP connection timeout options</help> + </properties> + <children> + <leafNode name="close-wait"> + <properties> + <help>TCP CLOSE-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="close"> + <properties> + <help>TCP CLOSE timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="established"> + <properties> + <help>TCP ESTABLISHED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP ESTABLISHED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>432000</defaultValue> + </leafNode> + <leafNode name="fin-wait"> + <properties> + <help>TCP FIN-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP FIN-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="last-ack"> + <properties> + <help>TCP LAST-ACK timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP LAST-ACK timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="syn-recv"> + <properties> + <help>TCP SYN-RECEIVED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-RECEIVED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="syn-sent"> + <properties> + <help>TCP SYN-SENT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-SENT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="time-wait"> + <properties> + <help>TCP TIME-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP TIME-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + </children> +</node> +<node name="udp"> + <properties> + <help>UDP timeout options</help> + </properties> + <children> + <leafNode name="other"> + <properties> + <help>UDP generic timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>UDP generic timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="stream"> + <properties> + <help>UDP stream timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>UDP stream timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>180</defaultValue> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/firewall/ttl.xml.i b/interface-definitions/include/firewall/ttl.xml.i new file mode 100644 index 0000000..9c782a9 --- /dev/null +++ b/interface-definitions/include/firewall/ttl.xml.i @@ -0,0 +1,12 @@ +<!-- include start from firewall/ttl.xml.i --> +<node name="ttl"> + <properties> + <help>Time to live limit</help> + </properties> + <children> + #include <include/firewall/eq.xml.i> + #include <include/firewall/gt.xml.i> + #include <include/firewall/lt.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/generic-description.xml.i b/interface-definitions/include/generic-description.xml.i new file mode 100644 index 0000000..7e091ea --- /dev/null +++ b/interface-definitions/include/generic-description.xml.i @@ -0,0 +1,15 @@ +<!-- include start from generic-description.xml.i --> +<leafNode name="description"> + <properties> + <help>Description</help> + <valueHelp> + <format>txt</format> + <description>Description</description> + </valueHelp> + <constraint> + <regex>.{0,255}</regex> + </constraint> + <constraintErrorMessage>Description too long (limit 255 characters)</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-disable-node.xml.i b/interface-definitions/include/generic-disable-node.xml.i new file mode 100644 index 0000000..97a328e --- /dev/null +++ b/interface-definitions/include/generic-disable-node.xml.i @@ -0,0 +1,8 @@ +<!-- include start from generic-disable-node.xml.i --> +<leafNode name="disable"> + <properties> + <help>Disable instance</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-interface-broadcast.xml.i b/interface-definitions/include/generic-interface-broadcast.xml.i new file mode 100644 index 0000000..e37e750 --- /dev/null +++ b/interface-definitions/include/generic-interface-broadcast.xml.i @@ -0,0 +1,17 @@ +<!-- include start from generic-interface-broadcast.xml.i --> +<leafNode name="interface"> + <properties> + <help>Interface to use</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-interface-multi-broadcast.xml.i b/interface-definitions/include/generic-interface-multi-broadcast.xml.i new file mode 100644 index 0000000..ed13cf2 --- /dev/null +++ b/interface-definitions/include/generic-interface-multi-broadcast.xml.i @@ -0,0 +1,18 @@ +<!-- include start from generic-interface-multi-broadcast.xml.i --> +<leafNode name="interface"> + <properties> + <help>Interface to use</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-interface-multi-wildcard.xml.i b/interface-definitions/include/generic-interface-multi-wildcard.xml.i new file mode 100644 index 0000000..6c846a7 --- /dev/null +++ b/interface-definitions/include/generic-interface-multi-wildcard.xml.i @@ -0,0 +1,18 @@ +<!-- include start from generic-interface-multi-wildcard.xml.i --> +<leafNode name="interface"> + <properties> + <help>Interface to use</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name, wildcard (*) supported</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name-with-wildcard.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-interface-multi.xml.i b/interface-definitions/include/generic-interface-multi.xml.i new file mode 100644 index 0000000..cfc77af --- /dev/null +++ b/interface-definitions/include/generic-interface-multi.xml.i @@ -0,0 +1,18 @@ +<!-- include start from generic-interface-multi.xml.i --> +<leafNode name="interface"> + <properties> + <help>Interface to use</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-interface.xml.i b/interface-definitions/include/generic-interface.xml.i new file mode 100644 index 0000000..65f5bfb --- /dev/null +++ b/interface-definitions/include/generic-interface.xml.i @@ -0,0 +1,17 @@ +<!-- include start from generic-interface.xml.i --> +<leafNode name="interface"> + <properties> + <help>Interface to use</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-password.xml.i b/interface-definitions/include/generic-password.xml.i new file mode 100644 index 0000000..76d5f12 --- /dev/null +++ b/interface-definitions/include/generic-password.xml.i @@ -0,0 +1,15 @@ +<!-- include start from generic-password.xml.i --> +<leafNode name="password"> + <properties> + <help>Password used for authentication</help> + <valueHelp> + <format>txt</format> + <description>Password</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,128}</regex> + </constraint> + <constraintErrorMessage>Password is limited to ASCII characters only, with a total length of 128</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-username.xml.i b/interface-definitions/include/generic-username.xml.i new file mode 100644 index 0000000..678f30d --- /dev/null +++ b/interface-definitions/include/generic-username.xml.i @@ -0,0 +1,15 @@ +<!-- include start from generic-username.xml.i --> +<leafNode name="username"> + <properties> + <help>Username used for authentication</help> + <valueHelp> + <format>txt</format> + <description>Username</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,128}</regex> + </constraint> + <constraintErrorMessage>Username is limited to ASCII characters only, with a total length of 128</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/http-response-headers.xml.i b/interface-definitions/include/haproxy/http-response-headers.xml.i new file mode 100644 index 0000000..9e7ddfd --- /dev/null +++ b/interface-definitions/include/haproxy/http-response-headers.xml.i @@ -0,0 +1,29 @@ +<!-- include start from haproxy/http-response-headers.xml.i --> +<tagNode name="http-response-headers"> + <properties> + <help>Headers to include in HTTP response</help> + <valueHelp> + <format>txt</format> + <description>HTTP header name</description> + </valueHelp> + <constraint> + <regex>[-a-zA-Z]+</regex> + </constraint> + <constraintErrorMessage>Header names must only include alphabetical characters and hyphens</constraintErrorMessage> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>HTTP header value</help> + <valueHelp> + <format>txt</format> + <description>HTTP header value</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,256}</regex> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/logging.xml.i b/interface-definitions/include/haproxy/logging.xml.i new file mode 100644 index 0000000..e0af54f --- /dev/null +++ b/interface-definitions/include/haproxy/logging.xml.i @@ -0,0 +1,10 @@ +<!-- include start from haproxy/logging.xml.i --> +<node name="logging"> + <properties> + <help>Logging parameters</help> + </properties> + <children> + #include <include/syslog-facility.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/mode.xml.i b/interface-definitions/include/haproxy/mode.xml.i new file mode 100644 index 0000000..d013e02 --- /dev/null +++ b/interface-definitions/include/haproxy/mode.xml.i @@ -0,0 +1,23 @@ +<!-- include start from haproxy/mode.xml.i --> +<leafNode name="mode"> + <properties> + <help>Proxy mode</help> + <completionHelp> + <list>http tcp</list> + </completionHelp> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>http</format> + <description>HTTP proxy mode</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>TCP proxy mode</description> + </valueHelp> + <constraint> + <regex>(http|tcp)</regex> + </constraint> + </properties> + <defaultValue>http</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i new file mode 100644 index 0000000..b2be4fd --- /dev/null +++ b/interface-definitions/include/haproxy/rule-backend.xml.i @@ -0,0 +1,131 @@ +<!-- include start from haproxy/rule.xml.i --> +<tagNode name="rule"> + <properties> + <help>Proxy rule number</help> + <valueHelp> + <format>u32:1-10000</format> + <description>Number for this proxy rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10000"/> + </constraint> + <constraintErrorMessage>Proxy rule number must be between 1 and 10000</constraintErrorMessage> + </properties> + <children> + <leafNode name="domain-name"> + <properties> + <help>Domain name to match</help> + <valueHelp> + <format>txt</format> + <description>Domain address to match</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="set"> + <properties> + <help>Proxy modifications</help> + </properties> + <children> + <leafNode name="redirect-location"> + <properties> + <help>Set URL location</help> + <valueHelp> + <format>url</format> + <description>Set URL location</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Server name</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ssl"> + <properties> + <help>SSL match options</help> + <completionHelp> + <list>req-ssl-sni ssl-fc-sni</list> + </completionHelp> + <valueHelp> + <format>req-ssl-sni</format> + <description>SSL Server Name Indication (SNI) request match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni</format> + <description>SSL frontend connection Server Name Indication match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni-end</format> + <description>SSL frontend match end of connection Server Name Indication</description> + </valueHelp> + <constraint> + <regex>(req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end)</regex> + </constraint> + </properties> + </leafNode> + <node name="url-path"> + <properties> + <help>URL path match</help> + </properties> + <children> + <leafNode name="begin"> + <properties> + <help>Begin URL match</help> + <valueHelp> + <format>url</format> + <description>Begin URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="end"> + <properties> + <help>End URL match</help> + <valueHelp> + <format>url</format> + <description>End URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="exact"> + <properties> + <help>Exactly URL match</help> + <valueHelp> + <format>url</format> + <description>Exactly URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]*$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/rule-frontend.xml.i b/interface-definitions/include/haproxy/rule-frontend.xml.i new file mode 100644 index 0000000..001ae2d --- /dev/null +++ b/interface-definitions/include/haproxy/rule-frontend.xml.i @@ -0,0 +1,131 @@ +<!-- include start from haproxy/rule.xml.i --> +<tagNode name="rule"> + <properties> + <help>Proxy rule number</help> + <valueHelp> + <format>u32:1-10000</format> + <description>Number for this proxy rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10000"/> + </constraint> + <constraintErrorMessage>Proxy rule number must be between 1 and 10000</constraintErrorMessage> + </properties> + <children> + <leafNode name="domain-name"> + <properties> + <help>Domain name to match</help> + <valueHelp> + <format>txt</format> + <description>Domain address to match</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="set"> + <properties> + <help>Proxy modifications</help> + </properties> + <children> + <leafNode name="redirect-location"> + <properties> + <help>Set URL location</help> + <valueHelp> + <format>url</format> + <description>Set URL location</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="backend"> + <properties> + <help>Backend name</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ssl"> + <properties> + <help>SSL match options</help> + <completionHelp> + <list>req-ssl-sni ssl-fc-sni</list> + </completionHelp> + <valueHelp> + <format>req-ssl-sni</format> + <description>SSL Server Name Indication (SNI) request match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni</format> + <description>SSL frontend connection Server Name Indication match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni-end</format> + <description>SSL frontend match end of connection Server Name Indication</description> + </valueHelp> + <constraint> + <regex>(req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end)</regex> + </constraint> + </properties> + </leafNode> + <node name="url-path"> + <properties> + <help>URL path match</help> + </properties> + <children> + <leafNode name="begin"> + <properties> + <help>Begin URL match</help> + <valueHelp> + <format>url</format> + <description>Begin URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="end"> + <properties> + <help>End URL match</help> + <valueHelp> + <format>url</format> + <description>End URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="exact"> + <properties> + <help>Exactly URL match</help> + <valueHelp> + <format>url</format> + <description>Exactly URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/tcp-request.xml.i b/interface-definitions/include/haproxy/tcp-request.xml.i new file mode 100644 index 0000000..3d60bd8 --- /dev/null +++ b/interface-definitions/include/haproxy/tcp-request.xml.i @@ -0,0 +1,22 @@ +<!-- include start from haproxy/tcp-request.xml.i --> +<node name="tcp-request"> + <properties> + <help>TCP request directive</help> + </properties> + <children> + <leafNode name="inspect-delay"> + <properties> + <help>Set the maximum allowed time to wait for data during content inspection</help> + <valueHelp> + <format>u32:1-65535</format> + <description>The timeout value specified in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>The timeout value must be in range 1 to 65535 milliseconds</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i new file mode 100644 index 0000000..79e7303 --- /dev/null +++ b/interface-definitions/include/haproxy/timeout.xml.i @@ -0,0 +1,45 @@ +<!-- include start from haproxy/timeout.xml.i --> +<node name="timeout"> + <properties> + <help>Timeout options</help> + </properties> + <children> + <leafNode name="check"> + <properties> + <help>Timeout in seconds for established connections</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Check timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="connect"> + <properties> + <help>Set the maximum time to wait for a connection attempt to a server to succeed</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Connect timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Set the maximum inactivity time on the server side</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Server timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ids/threshold.xml.i b/interface-definitions/include/ids/threshold.xml.i new file mode 100644 index 0000000..e21e3a0 --- /dev/null +++ b/interface-definitions/include/ids/threshold.xml.i @@ -0,0 +1,38 @@ +<!-- include start from ids/threshold.xml.i --> +<leafNode name="fps"> + <properties> + <help>Flows per second</help> + <valueHelp> + <format>u32:0-4294967294</format> + <description>Flows per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> +</leafNode> +<leafNode name="mbps"> + <properties> + <help>Megabits per second</help> + <valueHelp> + <format>u32:0-4294967294</format> + <description>Megabits per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> +</leafNode> +<leafNode name="pps"> + <properties> + <help>Packets per second</help> + <valueHelp> + <format>u32:0-4294967294</format> + <description>Packets per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/inbound-interface.xml.i b/interface-definitions/include/inbound-interface.xml.i new file mode 100644 index 0000000..422f9de --- /dev/null +++ b/interface-definitions/include/inbound-interface.xml.i @@ -0,0 +1,11 @@ +<!-- include start from inbound-interface.xml.i --> +<leafNode name="inbound-interface"> + <properties> + <help>Inbound interface of NAT traffic</help> + <completionHelp> + <list>any</list> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i new file mode 100644 index 0000000..5057ed9 --- /dev/null +++ b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i @@ -0,0 +1,31 @@ +<!-- include start from interface/address-ipv4-ipv6-dhcp.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address</help> + <completionHelp> + <list>dhcp dhcpv6</list> + </completionHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>dhcp</format> + <description>Dynamic Host Configuration Protocol</description> + </valueHelp> + <valueHelp> + <format>dhcpv6</format> + <description>Dynamic Host Configuration Protocol for IPv6</description> + </valueHelp> + <constraint> + <validator name="ip-host"/> + <regex>(dhcp|dhcpv6)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/address-ipv4-ipv6.xml.i b/interface-definitions/include/interface/address-ipv4-ipv6.xml.i new file mode 100644 index 0000000..d689da5 --- /dev/null +++ b/interface-definitions/include/interface/address-ipv4-ipv6.xml.i @@ -0,0 +1,19 @@ +<!-- include start from interface/address-ipv4-ipv6.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-host"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/adjust-mss.xml.i b/interface-definitions/include/interface/adjust-mss.xml.i new file mode 100644 index 0000000..2b184a0 --- /dev/null +++ b/interface-definitions/include/interface/adjust-mss.xml.i @@ -0,0 +1,23 @@ +<!-- include start from interface/adjust-mss.xml.i --> +<!-- https://datatracker.ietf.org/doc/html/rfc6691 --> +<leafNode name="adjust-mss"> + <properties> + <help>Adjust TCP MSS value</help> + <completionHelp> + <list>clamp-mss-to-pmtu</list> + </completionHelp> + <valueHelp> + <format>clamp-mss-to-pmtu</format> + <description>Automatically sets the MSS to the proper value</description> + </valueHelp> + <valueHelp> + <format>u32:536-65535</format> + <description>TCP Maximum segment size in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 536-65535"/> + <regex>(clamp-mss-to-pmtu)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i new file mode 100644 index 0000000..06d7ffe --- /dev/null +++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/arp-cache-timeout.xml.i --> +<leafNode name="arp-cache-timeout"> + <properties> + <help>ARP cache entry timeout in seconds</help> + <valueHelp> + <format>u32:1-86400</format> + <description>ARP cache entry timout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + <constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage> + </properties> + <defaultValue>30</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/authentication.xml.i b/interface-definitions/include/interface/authentication.xml.i new file mode 100644 index 0000000..0bd7922 --- /dev/null +++ b/interface-definitions/include/interface/authentication.xml.i @@ -0,0 +1,11 @@ +<!-- include start from interface/authentication.xml.i --> +<node name="authentication"> + <properties> + <help>Authentication settings</help> + </properties> + <children> + #include <include/generic-username.xml.i> + #include <include/generic-password.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/base-reachable-time.xml.i b/interface-definitions/include/interface/base-reachable-time.xml.i new file mode 100644 index 0000000..fb0d701 --- /dev/null +++ b/interface-definitions/include/interface/base-reachable-time.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/base-reachable-time.xml.i --> +<leafNode name="base-reachable-time"> + <properties> + <help>Base reachable time in seconds</help> + <valueHelp> + <format>u32:1-86400</format> + <description>Base reachable time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + <constraintErrorMessage>Base reachable time must be between 1 and 86400 seconds</constraintErrorMessage> + </properties> + <defaultValue>30</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/default-route-distance.xml.i b/interface-definitions/include/interface/default-route-distance.xml.i new file mode 100644 index 0000000..6eda52c --- /dev/null +++ b/interface-definitions/include/interface/default-route-distance.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/default-route-distance.xml.i --> +<leafNode name="default-route-distance"> + <properties> + <help>Distance for installed default route</help> + <valueHelp> + <format>u32:1-255</format> + <description>Distance for the default route from DHCP server</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>210</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i new file mode 100644 index 0000000..733512a --- /dev/null +++ b/interface-definitions/include/interface/dhcp-options.xml.i @@ -0,0 +1,80 @@ +<!-- include start from interface/dhcp-options.xml.i --> +<node name="dhcp-options"> + <properties> + <help>DHCP client settings/options</help> + </properties> + <children> + <leafNode name="client-id"> + <properties> + <help>Identifier used by client to identify itself to the DHCP server</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> + </properties> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Override system host-name sent to DHCP server</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="mtu"> + <properties> + <help>Use MTU value from DHCP server - ignore interface setting</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="vendor-class-id"> + <properties> + <help>Identify the vendor client type to the DHCP server</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> + </properties> + </leafNode> + <leafNode name="user-class"> + <properties> + <help>Identify to the DHCP server, user configurable option</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> + </properties> + </leafNode> + #include <include/interface/no-default-route.xml.i> + #include <include/interface/default-route-distance.xml.i> + <leafNode name="reject"> + <properties> + <help>IP addresses or subnets from which to reject DHCP leases</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i new file mode 100644 index 0000000..68d1b17 --- /dev/null +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -0,0 +1,95 @@ +<!-- include start from interface/dhcpv6-options.xml.i --> +<node name="dhcpv6-options"> + <properties> + <help>DHCPv6 client settings/options</help> + </properties> + <children> + #include <include/interface/duid.xml.i> + <leafNode name="parameters-only"> + <properties> + <help>Acquire only config parameters, no address</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="pd"> + <properties> + <help>DHCPv6 prefix delegation interface statement</help> + <valueHelp> + <format>instance number</format> + <description>Prefix delegation instance (>= 0)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--non-negative"/> + </constraint> + </properties> + <children> + <leafNode name="length"> + <properties> + <help>Request IPv6 prefix length from peer</help> + <valueHelp> + <format>u32:32-64</format> + <description>Length of delegated prefix</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 32-64"/> + </constraint> + </properties> + <defaultValue>64</defaultValue> + </leafNode> + <tagNode name="interface"> + <properties> + <help>Delegate IPv6 prefix from provider to this interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> + </completionHelp> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Local interface address assigned to interface (default: EUI-64)</help> + <valueHelp> + <format>>0</format> + <description>Used to form IPv6 interface address</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--non-negative"/> + </constraint> + </properties> + </leafNode> + <leafNode name="sla-id"> + <properties> + <help>Interface site-Level aggregator (SLA)</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Decimal integer which fits in the length of SLA IDs</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + <leafNode name="rapid-commit"> + <properties> + <help>Wait for immediate reply instead of advertisements</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="temporary"> + <properties> + <help>IPv6 temporary address</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-release"> + <properties> + <help>Do not send a release message on client exit</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/dial-on-demand.xml.i b/interface-definitions/include/interface/dial-on-demand.xml.i new file mode 100644 index 0000000..30e8c7e --- /dev/null +++ b/interface-definitions/include/interface/dial-on-demand.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/dial-on-demand.xml.i --> +<leafNode name="connect-on-demand"> + <properties> + <help>Establishment connection automatically when traffic is sent</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/disable-arp-filter.xml.i b/interface-definitions/include/interface/disable-arp-filter.xml.i new file mode 100644 index 0000000..a69455d --- /dev/null +++ b/interface-definitions/include/interface/disable-arp-filter.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/disable-arp-filter.xml.i --> +<leafNode name="disable-arp-filter"> + <properties> + <help>Disable ARP filter on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/disable-forwarding.xml.i b/interface-definitions/include/interface/disable-forwarding.xml.i new file mode 100644 index 0000000..45382ec --- /dev/null +++ b/interface-definitions/include/interface/disable-forwarding.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/disable-forwarding.xml.i --> +<leafNode name="disable-forwarding"> + <properties> + <help>Disable IP forwarding on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/disable-link-detect.xml.i b/interface-definitions/include/interface/disable-link-detect.xml.i new file mode 100644 index 0000000..b101ec2 --- /dev/null +++ b/interface-definitions/include/interface/disable-link-detect.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/disable-link-detect.xml.i --> +<leafNode name="disable-link-detect"> + <properties> + <help>Ignore link state changes</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/disable.xml.i b/interface-definitions/include/interface/disable.xml.i new file mode 100644 index 0000000..b76bd3f --- /dev/null +++ b/interface-definitions/include/interface/disable.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/disable.xml.i --> +<leafNode name="disable"> + <properties> + <help>Administratively disable interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/duid.xml.i b/interface-definitions/include/interface/duid.xml.i new file mode 100644 index 0000000..8d80869 --- /dev/null +++ b/interface-definitions/include/interface/duid.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/duid.xml.i --> +<leafNode name="duid"> + <properties> + <help>DHCP unique identifier (DUID) to be sent by client</help> + <valueHelp> + <format>duid</format> + <description>DHCP unique identifier</description> + </valueHelp> + <constraint> + <regex>([0-9A-Fa-f]{2}:){0,127}([0-9A-Fa-f]{2})</regex> + </constraint> + <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/eapol.xml.i b/interface-definitions/include/interface/eapol.xml.i new file mode 100644 index 0000000..a3206f2 --- /dev/null +++ b/interface-definitions/include/interface/eapol.xml.i @@ -0,0 +1,11 @@ +<!-- include start from interface/eapol.xml.i --> +<node name="eapol"> + <properties> + <help>Extensible Authentication Protocol over Local Area Network</help> + </properties> + <children> + #include <include/pki/ca-certificate-multi.xml.i> + #include <include/pki/certificate-key.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/enable-arp-accept.xml.i b/interface-definitions/include/interface/enable-arp-accept.xml.i new file mode 100644 index 0000000..90f6bc3 --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-accept.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/enable-arp-accept.xml.i --> +<leafNode name="enable-arp-accept"> + <properties> + <help>Enable ARP accept on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/enable-arp-announce.xml.i b/interface-definitions/include/interface/enable-arp-announce.xml.i new file mode 100644 index 0000000..cf02fce --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-announce.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/enable-arp-announce.xml.i --> +<leafNode name="enable-arp-announce"> + <properties> + <help>Enable ARP announce on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/enable-arp-ignore.xml.i b/interface-definitions/include/interface/enable-arp-ignore.xml.i new file mode 100644 index 0000000..5bb444f --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-ignore.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/enable-arp-ignore.xml.i --> +<leafNode name="enable-arp-ignore"> + <properties> + <help>Enable ARP ignore on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/enable-directed-broadcast.xml.i b/interface-definitions/include/interface/enable-directed-broadcast.xml.i new file mode 100644 index 0000000..a873958 --- /dev/null +++ b/interface-definitions/include/interface/enable-directed-broadcast.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/enable-directed-broadcast.xml.i --> +<leafNode name="enable-directed-broadcast"> + <properties> + <help>Enable directed broadcast forwarding on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/enable-proxy-arp.xml.i b/interface-definitions/include/interface/enable-proxy-arp.xml.i new file mode 100644 index 0000000..27e497f --- /dev/null +++ b/interface-definitions/include/interface/enable-proxy-arp.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/enable-proxy-arp.xml.i --> +<leafNode name="enable-proxy-arp"> + <properties> + <help>Enable proxy-arp on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/evpn-mh-uplink.xml.i b/interface-definitions/include/interface/evpn-mh-uplink.xml.i new file mode 100644 index 0000000..5f7fe1b --- /dev/null +++ b/interface-definitions/include/interface/evpn-mh-uplink.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/evpn-mh-uplink.xml.i --> +<leafNode name="uplink"> + <properties> + <help>Uplink to the VXLAN core</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/hw-id.xml.i b/interface-definitions/include/interface/hw-id.xml.i new file mode 100644 index 0000000..a3a1eec --- /dev/null +++ b/interface-definitions/include/interface/hw-id.xml.i @@ -0,0 +1,14 @@ +<!-- include start from interface/hw-id.xml.i --> +<leafNode name="hw-id"> + <properties> + <help>Associate Ethernet Interface with given Media Access Control (MAC) address</help> + <valueHelp> + <format>macaddr</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/inbound-interface.xml.i b/interface-definitions/include/interface/inbound-interface.xml.i new file mode 100644 index 0000000..96ade33 --- /dev/null +++ b/interface-definitions/include/interface/inbound-interface.xml.i @@ -0,0 +1,10 @@ +<!-- include start from interface/inbound-interface.xml.i --> +<leafNode name="inbound-interface"> + <properties> + <help>Inbound Interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv4-options.xml.i b/interface-definitions/include/interface/ipv4-options.xml.i new file mode 100644 index 0000000..eda77e8 --- /dev/null +++ b/interface-definitions/include/interface/ipv4-options.xml.i @@ -0,0 +1,20 @@ +<!-- include start from interface/ipv4-options.xml.i --> +<node name="ip"> + <properties> + <help>IPv4 routing parameters</help> + </properties> + <children> + #include <include/interface/adjust-mss.xml.i> + #include <include/interface/arp-cache-timeout.xml.i> + #include <include/interface/disable-arp-filter.xml.i> + #include <include/interface/disable-forwarding.xml.i> + #include <include/interface/enable-directed-broadcast.xml.i> + #include <include/interface/enable-arp-accept.xml.i> + #include <include/interface/enable-arp-announce.xml.i> + #include <include/interface/enable-arp-ignore.xml.i> + #include <include/interface/enable-proxy-arp.xml.i> + #include <include/interface/proxy-arp-pvlan.xml.i> + #include <include/interface/source-validation.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-accept-dad.xml.i b/interface-definitions/include/interface/ipv6-accept-dad.xml.i new file mode 100644 index 0000000..7554b27 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-accept-dad.xml.i @@ -0,0 +1,20 @@ +<!-- include start from interface/ipv6-accept-dad.xml.i --> +<leafNode name="accept-dad"> + <properties> + <help>Accept Duplicate Address Detection</help> + <valueHelp> + <format>0</format> + <description>Disable DAD</description> + </valueHelp> + <valueHelp> + <format>1</format> + <description>Enable DAD</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>Enable DAD - disable IPv6 if MAC-based duplicate link-local address found</description> + </valueHelp> + </properties> + <defaultValue>1</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-address-autoconf.xml.i b/interface-definitions/include/interface/ipv6-address-autoconf.xml.i new file mode 100644 index 0000000..cd1483b --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address-autoconf.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/ipv6-address-autoconf.xml.i --> +<leafNode name="autoconf"> + <properties> + <help>Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-address-eui64.xml.i b/interface-definitions/include/interface/ipv6-address-eui64.xml.i new file mode 100644 index 0000000..fe1f43d --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address-eui64.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/ipv6-address-eui64.xml.i --> +<leafNode name="eui64"> + <properties> + <help>Prefix for IPv6 address with MAC-based EUI-64</help> + <valueHelp> + <format><h:h:h:h:h:h:h:h/64></format> + <description>IPv6 /64 network</description> + </valueHelp> + <constraint> + <validator name="ipv6-eui64-prefix"/> + </constraint> + <constraintErrorMessage>EUI64 prefix length must be 64</constraintErrorMessage> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-address-no-default-link-local.xml.i b/interface-definitions/include/interface/ipv6-address-no-default-link-local.xml.i new file mode 100644 index 0000000..012490e --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address-no-default-link-local.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/ipv6-address-no-default-link-local.xml.i --> +<leafNode name="no-default-link-local"> + <properties> + <help>Remove the default link-local address from the interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-address.xml.i b/interface-definitions/include/interface/ipv6-address.xml.i new file mode 100644 index 0000000..e1bdf02 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address.xml.i @@ -0,0 +1,12 @@ +<!-- include start from interface/ipv6-address.xml.i --> +<node name="address"> + <properties> + <help>IPv6 address configuration modes</help> + </properties> + <children> + #include <include/interface/ipv6-address-autoconf.xml.i> + #include <include/interface/ipv6-address-eui64.xml.i> + #include <include/interface/ipv6-address-no-default-link-local.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i new file mode 100644 index 0000000..3b9294d --- /dev/null +++ b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i @@ -0,0 +1,19 @@ +<!-- include start from interface/ipv6-dup-addr-detect-transmits.xml.i --> +<leafNode name="dup-addr-detect-transmits"> + <properties> + <help>Number of NS messages to send while performing DAD</help> + <valueHelp> + <format>u32:0</format> + <description>Disable Duplicate Address Dectection (DAD)</description> + </valueHelp> + <valueHelp> + <format>u32:1-n</format> + <description>Number of NS messages to send while performing DAD</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--non-negative"/> + </constraint> + </properties> + <defaultValue>1</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i new file mode 100644 index 0000000..ec6ec64 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/ipv6-options.xml.i --> +<node name="ipv6"> + <properties> + <help>IPv6 routing parameters</help> + </properties> + <children> + #include <include/interface/adjust-mss.xml.i> + #include <include/interface/base-reachable-time.xml.i> + #include <include/interface/disable-forwarding.xml.i> + #include <include/interface/ipv6-accept-dad.xml.i> + #include <include/interface/ipv6-address.xml.i> + #include <include/interface/ipv6-dup-addr-detect-transmits.xml.i> + #include <include/interface/source-validation.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/mac-multi.xml.i b/interface-definitions/include/interface/mac-multi.xml.i new file mode 100644 index 0000000..458372e --- /dev/null +++ b/interface-definitions/include/interface/mac-multi.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/mac-multi.xml.i --> +<leafNode name="mac"> + <properties> + <help>Media Access Control (MAC) address</help> + <valueHelp> + <format>macaddr</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/mac.xml.i b/interface-definitions/include/interface/mac.xml.i new file mode 100644 index 0000000..705330d --- /dev/null +++ b/interface-definitions/include/interface/mac.xml.i @@ -0,0 +1,14 @@ +<!-- include start from interface/mac.xml.i --> +<leafNode name="mac"> + <properties> + <help>Media Access Control (MAC) address</help> + <valueHelp> + <format>macaddr</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/macsec-key.xml.i b/interface-definitions/include/interface/macsec-key.xml.i new file mode 100644 index 0000000..5a857a6 --- /dev/null +++ b/interface-definitions/include/interface/macsec-key.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/macsec-key.xml.i --> +<leafNode name="key"> + <properties> + <help>MACsec static key</help> + <valueHelp> + <format>txt</format> + <description>16-byte (128-bit) hex-string (32 hex-digits) for gcm-aes-128 or 32-byte (256-bit) hex-string (64 hex-digits) for gcm-aes-256</description> + </valueHelp> + <constraint> + <regex>[A-Fa-f0-9]{32}</regex> + <regex>[A-Fa-f0-9]{64}</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/mirror.xml.i b/interface-definitions/include/interface/mirror.xml.i new file mode 100644 index 0000000..903c627 --- /dev/null +++ b/interface-definitions/include/interface/mirror.xml.i @@ -0,0 +1,33 @@ +<!-- include start from interface/mirror.xml.i --> +<node name="mirror"> + <properties> + <help>Mirror ingress/egress packets</help> + </properties> + <children> + <leafNode name="ingress"> + <properties> + <help>Mirror ingress traffic to destination interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Destination interface name</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="egress"> + <properties> + <help>Mirror egress traffic to destination interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Destination interface name</description> + </valueHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/interface/mtu-1200-16000.xml.i b/interface-definitions/include/interface/mtu-1200-16000.xml.i new file mode 100644 index 0000000..fab053f --- /dev/null +++ b/interface-definitions/include/interface/mtu-1200-16000.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/mtu-1200-16000.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>u32:1200-16000</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1200-16000"/> + </constraint> + <constraintErrorMessage>MTU must be between 1200 and 16000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/mtu-1450-16000.xml.i b/interface-definitions/include/interface/mtu-1450-16000.xml.i new file mode 100644 index 0000000..1e71eab --- /dev/null +++ b/interface-definitions/include/interface/mtu-1450-16000.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/mtu-1450-16000.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>u32:1450-16000</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1450-16000"/> + </constraint> + <constraintErrorMessage>MTU must be between 1450 and 16000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/mtu-64-8024.xml.i b/interface-definitions/include/interface/mtu-64-8024.xml.i new file mode 100644 index 0000000..30c77f7 --- /dev/null +++ b/interface-definitions/include/interface/mtu-64-8024.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/mtu-68-8024.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>u32:64-8024</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 64-8024"/> + </constraint> + <constraintErrorMessage>MTU must be between 64 and 8024</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/mtu-68-1500.xml.i b/interface-definitions/include/interface/mtu-68-1500.xml.i new file mode 100644 index 0000000..693e0be --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-1500.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/mtu-68-1500.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>u32:68-1500</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 68-1500"/> + </constraint> + <constraintErrorMessage>MTU must be between 68 and 1500</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/mtu-68-16000.xml.i b/interface-definitions/include/interface/mtu-68-16000.xml.i new file mode 100644 index 0000000..df1b7b7 --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-16000.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/mtu-68-16000.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>u32:68-16000</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 68-16000"/> + </constraint> + <constraintErrorMessage>MTU must be between 68 and 16000</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/netns.xml.i b/interface-definitions/include/interface/netns.xml.i new file mode 100644 index 0000000..fd6da8f --- /dev/null +++ b/interface-definitions/include/interface/netns.xml.i @@ -0,0 +1,14 @@ +<!-- include start from interface/netns.xml.i --> +<leafNode name="netns"> + <properties> + <help>Network namespace name</help> + <valueHelp> + <format>txt</format> + <description>Network namespace name</description> + </valueHelp> + <completionHelp> + <path>netns name</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/no-default-route.xml.i b/interface-definitions/include/interface/no-default-route.xml.i new file mode 100644 index 0000000..307fcff --- /dev/null +++ b/interface-definitions/include/interface/no-default-route.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/dhcp-options.xml.i --> +<leafNode name="no-default-route"> + <properties> + <help>Do not install default route to system</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/no-peer-dns.xml.i b/interface-definitions/include/interface/no-peer-dns.xml.i new file mode 100644 index 0000000..d663f04 --- /dev/null +++ b/interface-definitions/include/interface/no-peer-dns.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/no-peer-dns.xml.i --> +<leafNode name="no-peer-dns"> + <properties> + <help>Do not use DNS servers provided by the peer</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/parameters-df.xml.i b/interface-definitions/include/interface/parameters-df.xml.i new file mode 100644 index 0000000..82436b5 --- /dev/null +++ b/interface-definitions/include/interface/parameters-df.xml.i @@ -0,0 +1,26 @@ +<!-- include start from interface/parameters-df.xml.i --> +<leafNode name="df"> + <properties> + <help>Usage of the DF (don't Fragment) bit in outgoing packets</help> + <completionHelp> + <list>set unset inherit</list> + </completionHelp> + <valueHelp> + <format>set</format> + <description>Always set DF (don't fragment) bit</description> + </valueHelp> + <valueHelp> + <format>unset</format> + <description>Always unset DF (don't fragment) bit</description> + </valueHelp> + <valueHelp> + <format>inherit</format> + <description>Copy from the original IP header</description> + </valueHelp> + <constraint> + <regex>(set|unset|inherit)</regex> + </constraint> + </properties> + <defaultValue>unset</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i new file mode 100644 index 0000000..b2e8821 --- /dev/null +++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i @@ -0,0 +1,22 @@ +<!-- include start from interface/parameters-flowlabel.xml.i --> +<leafNode name="flowlabel"> + <properties> + <help>Specifies the flow label to use in outgoing packets</help> + <completionHelp> + <list>inherit</list> + </completionHelp> + <valueHelp> + <format>inherit</format> + <description>Copy field from original header</description> + </valueHelp> + <valueHelp> + <format>0x0-0x0fffff</format> + <description>Tunnel key, or hex value</description> + </valueHelp> + <constraint> + <regex>((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)</regex> + </constraint> + <constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/parameters-innerproto.xml.i b/interface-definitions/include/interface/parameters-innerproto.xml.i new file mode 100644 index 0000000..9cafebd --- /dev/null +++ b/interface-definitions/include/interface/parameters-innerproto.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/parameters-innerproto.xml.i --> +<leafNode name="innerproto"> + <properties> + <help>Use IPv4 as inner protocol instead of Ethernet</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/parameters-key.xml.i b/interface-definitions/include/interface/parameters-key.xml.i new file mode 100644 index 0000000..25a6c03 --- /dev/null +++ b/interface-definitions/include/interface/parameters-key.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/parameters-key.xml.i --> +<leafNode name="key"> + <properties> + <help>Tunnel key (only GRE tunnels)</help> + <valueHelp> + <format>u32</format> + <description>Tunnel key</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>key must be between 0-4294967295</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/parameters-tos.xml.i b/interface-definitions/include/interface/parameters-tos.xml.i new file mode 100644 index 0000000..1b342a4 --- /dev/null +++ b/interface-definitions/include/interface/parameters-tos.xml.i @@ -0,0 +1,16 @@ +<!-- include start from interface/tunnel-parameters-tos.xml.i --> +<leafNode name="tos"> + <properties> + <help>Specifies TOS value to use in outgoing packets</help> + <valueHelp> + <format>u32:0-99</format> + <description>Type of Service (TOS)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-99"/> + </constraint> + <constraintErrorMessage>TOS must be between 0 and 99</constraintErrorMessage> + </properties> + <defaultValue>inherit</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/parameters-ttl.xml.i b/interface-definitions/include/interface/parameters-ttl.xml.i new file mode 100644 index 0000000..ade33b4 --- /dev/null +++ b/interface-definitions/include/interface/parameters-ttl.xml.i @@ -0,0 +1,20 @@ +<!-- include start from interface/parameters-ttl.xml.i --> +<leafNode name="ttl"> + <properties> + <help>Specifies TTL value to use in outgoing packets</help> + <valueHelp> + <format>u32:0</format> + <description>Inherit - copy value from original IP header</description> + </valueHelp> + <valueHelp> + <format>u32:1-255</format> + <description>Time to Live</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>TTL must be between 0 and 255</constraintErrorMessage> + </properties> + <defaultValue>0</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/per-client-thread.xml.i b/interface-definitions/include/interface/per-client-thread.xml.i new file mode 100644 index 0000000..2fd19b5 --- /dev/null +++ b/interface-definitions/include/interface/per-client-thread.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/per-client-thread.xml.i --> +<leafNode name="per-client-thread"> + <properties> + <help>Process traffic from each client in a dedicated thread</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/proxy-arp-pvlan.xml.i b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i new file mode 100644 index 0000000..c00b2fe --- /dev/null +++ b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/proxy-arp-pvlan.xml.i --> +<leafNode name="proxy-arp-pvlan"> + <properties> + <help>Enable private VLAN proxy ARP on this interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/redirect.xml.i b/interface-definitions/include/interface/redirect.xml.i new file mode 100644 index 0000000..9b41cd8 --- /dev/null +++ b/interface-definitions/include/interface/redirect.xml.i @@ -0,0 +1,17 @@ +<!-- include start from interface/redirect.xml.i --> +<leafNode name="redirect"> + <properties> + <help>Redirect incoming packet to destination</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Destination interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/source-validation.xml.i b/interface-definitions/include/interface/source-validation.xml.i new file mode 100644 index 0000000..fc9a7d3 --- /dev/null +++ b/interface-definitions/include/interface/source-validation.xml.i @@ -0,0 +1,25 @@ +<!-- include start from interface/source-validation.xml.i --> +<leafNode name="source-validation"> + <properties> + <help>Source validation by reversed path (RFC3704)</help> + <completionHelp> + <list>strict loose disable</list> + </completionHelp> + <valueHelp> + <format>strict</format> + <description>Enable Strict Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>loose</format> + <description>Enable Loose Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>No source validation</description> + </valueHelp> + <constraint> + <regex>(strict|loose|disable)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/tunnel-remote-multi.xml.i b/interface-definitions/include/interface/tunnel-remote-multi.xml.i new file mode 100644 index 0000000..f672087 --- /dev/null +++ b/interface-definitions/include/interface/tunnel-remote-multi.xml.i @@ -0,0 +1,19 @@ +<!-- include start from interface/tunnel-remote-multi.xml.i --> +<leafNode name="remote"> + <properties> + <help>Tunnel remote address</help> + <valueHelp> + <format>ipv4</format> + <description>Tunnel remote IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Tunnel remote IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/tunnel-remote.xml.i b/interface-definitions/include/interface/tunnel-remote.xml.i new file mode 100644 index 0000000..2a8891b --- /dev/null +++ b/interface-definitions/include/interface/tunnel-remote.xml.i @@ -0,0 +1,18 @@ +<!-- include start from interface/tunnel-remote.xml.i --> +<leafNode name="remote"> + <properties> + <help>Tunnel remote address</help> + <valueHelp> + <format>ipv4</format> + <description>Tunnel remote IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Tunnel remote IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i new file mode 100644 index 0000000..02e7ab0 --- /dev/null +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -0,0 +1,55 @@ +<!-- include start from interface/vif-s.xml.i --> +<tagNode name="vif-s"> + <properties> + <help>QinQ TAG-S Virtual Local Area Network (VLAN) ID</help> + <valueHelp> + <format>u32:0-4094</format> + <description>QinQ Virtual Local Area Network (VLAN) ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4094"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/interface/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface/dhcp-options.xml.i> + #include <include/interface/dhcpv6-options.xml.i> + #include <include/interface/disable-link-detect.xml.i> + #include <include/interface/disable.xml.i> + #include <include/interface/vlan-protocol.xml.i> + #include <include/interface/ipv4-options.xml.i> + #include <include/interface/ipv6-options.xml.i> + #include <include/interface/mac.xml.i> + #include <include/interface/mirror.xml.i> + #include <include/interface/mtu-68-16000.xml.i> + <tagNode name="vif-c"> + <properties> + <help>QinQ TAG-C Virtual Local Area Network (VLAN) ID</help> + <constraint> + <validator name="numeric" argument="--range 0-4094"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/interface/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface/dhcp-options.xml.i> + #include <include/interface/dhcpv6-options.xml.i> + #include <include/interface/disable-link-detect.xml.i> + #include <include/interface/disable.xml.i> + #include <include/interface/ipv4-options.xml.i> + #include <include/interface/ipv6-options.xml.i> + #include <include/interface/mac.xml.i> + #include <include/interface/mirror.xml.i> + #include <include/interface/mtu-68-16000.xml.i> + #include <include/interface/redirect.xml.i> + #include <include/interface/vrf.xml.i> + </children> + </tagNode> + #include <include/interface/redirect.xml.i> + #include <include/interface/vrf.xml.i> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i new file mode 100644 index 0000000..ec3921b --- /dev/null +++ b/interface-definitions/include/interface/vif.xml.i @@ -0,0 +1,56 @@ +<!-- include start from interface/vif.xml.i --> +<tagNode name="vif"> + <properties> + <help>Virtual Local Area Network (VLAN) ID</help> + <valueHelp> + <format>u32:0-4094</format> + <description>Virtual Local Area Network (VLAN) ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4094"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/interface/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface/dhcp-options.xml.i> + #include <include/interface/dhcpv6-options.xml.i> + #include <include/interface/disable-link-detect.xml.i> + #include <include/interface/disable.xml.i> + <leafNode name="egress-qos"> + <properties> + <help>VLAN egress QoS</help> + <valueHelp> + <format>txt</format> + <description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description> + </valueHelp> + <constraint> + <regex>[:0-7 ]+</regex> + </constraint> + <constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="ingress-qos"> + <properties> + <help>VLAN ingress QoS</help> + <valueHelp> + <format>txt</format> + <description>Format for qos mapping, e.g.: '0:1 1:6 7:6'</description> + </valueHelp> + <constraint> + <regex>[:0-7 ]+</regex> + </constraint> + <constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage> + </properties> + </leafNode> + #include <include/interface/ipv4-options.xml.i> + #include <include/interface/ipv6-options.xml.i> + #include <include/interface/mac.xml.i> + #include <include/interface/mirror.xml.i> + #include <include/interface/mtu-68-16000.xml.i> + #include <include/interface/redirect.xml.i> + #include <include/interface/vrf.xml.i> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/vlan-protocol.xml.i b/interface-definitions/include/interface/vlan-protocol.xml.i new file mode 100644 index 0000000..2fe8d65 --- /dev/null +++ b/interface-definitions/include/interface/vlan-protocol.xml.i @@ -0,0 +1,23 @@ +<!-- include start from interface/vif.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol used for service VLAN (default: 802.1ad)</help> + <completionHelp> + <list>802.1ad 802.1q</list> + </completionHelp> + <valueHelp> + <format>802.1ad</format> + <description>Provider Bridging (IEEE 802.1ad, Q-inQ), ethertype 0x88a8</description> + </valueHelp> + <valueHelp> + <format>802.1q</format> + <description>VLAN-tagged frame (IEEE 802.1q), ethertype 0x8100</description> + </valueHelp> + <constraint> + <regex>(802.1q|802.1ad)</regex> + </constraint> + <constraintErrorMessage>Ethertype must be 802.1ad or 802.1q</constraintErrorMessage> + </properties> + <defaultValue>802.1ad</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/vrf.xml.i b/interface-definitions/include/interface/vrf.xml.i new file mode 100644 index 0000000..ef0058f --- /dev/null +++ b/interface-definitions/include/interface/vrf.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/vrf.xml.i --> +<leafNode name="vrf"> + <properties> + <help>VRF instance name</help> + <valueHelp> + <format>txt</format> + <description>VRF instance name</description> + </valueHelp> + <completionHelp> + <path>vrf name</path> + </completionHelp> + #include <include/constraint/vrf.xml.i> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ip-protocol.xml.i b/interface-definitions/include/ip-protocol.xml.i new file mode 100644 index 0000000..ce93450 --- /dev/null +++ b/interface-definitions/include/ip-protocol.xml.i @@ -0,0 +1,17 @@ +<!-- include start from ip-protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol</help> + <valueHelp> + <format>txt</format> + <description>Protocol name</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + </completionHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<!-- include end from ip-protocol.xml.i --> diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i new file mode 100644 index 0000000..4e0b848 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-id.xml.i @@ -0,0 +1,11 @@ +<!-- include start from ipsec/authentication-id.xml.i --> +<leafNode name="local-id"> + <properties> + <help>Local ID for peer authentication</help> + <valueHelp> + <format>txt</format> + <description>Local ID used for peer authentication</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i new file mode 100644 index 0000000..af26693 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i @@ -0,0 +1,11 @@ +<!-- include start from ipsec/authentication-pre-shared-secret.xml.i --> +<leafNode name="pre-shared-secret"> + <properties> + <help>Pre-shared secret key</help> + <valueHelp> + <format>txt</format> + <description>Pre-shared secret key</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/authentication-rsa.xml.i b/interface-definitions/include/ipsec/authentication-rsa.xml.i new file mode 100644 index 0000000..0a364e8 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-rsa.xml.i @@ -0,0 +1,30 @@ +<!-- include start from ipsec/authentication-rsa.xml.i --> +<node name="rsa"> + <properties> + <help>RSA keys</help> + </properties> + <children> + <leafNode name="local-key"> + <properties> + <help>Name of PKI key-pair with local private key</help> + <completionHelp> + <path>pki key-pair</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="passphrase"> + <properties> + <help>Local private key passphrase</help> + </properties> + </leafNode> + <leafNode name="remote-key"> + <properties> + <help>Name of PKI key-pair with remote public key</help> + <completionHelp> + <path>pki key-pair</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/authentication-x509.xml.i b/interface-definitions/include/ipsec/authentication-x509.xml.i new file mode 100644 index 0000000..1d04c94 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-x509.xml.i @@ -0,0 +1,11 @@ +<!-- include start from ipsec/authentication-x509.xml.i --> +<node name="x509"> + <properties> + <help>X.509 certificate</help> + </properties> + <children> + #include <include/pki/certificate-key.xml.i> + #include <include/pki/ca-certificate-multi.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/bind.xml.i b/interface-definitions/include/ipsec/bind.xml.i new file mode 100644 index 0000000..edc46d4 --- /dev/null +++ b/interface-definitions/include/ipsec/bind.xml.i @@ -0,0 +1,10 @@ +<!-- include start from ipsec/bind.xml.i --> +<leafNode name="bind"> + <properties> + <help>VTI tunnel interface associated with this configuration</help> + <completionHelp> + <path>interfaces vti</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/esp-group.xml.i b/interface-definitions/include/ipsec/esp-group.xml.i new file mode 100644 index 0000000..5e5d819 --- /dev/null +++ b/interface-definitions/include/ipsec/esp-group.xml.i @@ -0,0 +1,10 @@ +<!-- include start from ipsec/esp-group.xml.i --> +<leafNode name="esp-group"> + <properties> + <help>Encapsulating Security Payloads (ESP) group name</help> + <completionHelp> + <path>vpn ipsec esp-group</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/ike-group.xml.i b/interface-definitions/include/ipsec/ike-group.xml.i new file mode 100644 index 0000000..f7649ed --- /dev/null +++ b/interface-definitions/include/ipsec/ike-group.xml.i @@ -0,0 +1,10 @@ +<!-- include start from ipsec/ike-group.xml.i --> +<leafNode name="ike-group"> + <properties> + <help>Internet Key Exchange (IKE) group name</help> + <completionHelp> + <path>vpn ipsec ike-group</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i new file mode 100644 index 0000000..71f5149 --- /dev/null +++ b/interface-definitions/include/ipsec/local-address.xml.i @@ -0,0 +1,27 @@ +<!-- include start from ipsec/local-address.xml.i --> +<leafNode name="local-address"> + <properties> + <help>IPv4 or IPv6 address of a local interface to use for VPN</help> + <completionHelp> + <list>any</list> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of a local interface for VPN</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of a local interface for VPN</description> + </valueHelp> + <valueHelp> + <format>any</format> + <description>Allow any IPv4 address present on the system to be used for VPN</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <regex>(any)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/local-traffic-selector.xml.i b/interface-definitions/include/ipsec/local-traffic-selector.xml.i new file mode 100644 index 0000000..9ae67f5 --- /dev/null +++ b/interface-definitions/include/ipsec/local-traffic-selector.xml.i @@ -0,0 +1,28 @@ +<!-- include start from ipsec/local-traffic-selector.xml.i --> +<node name="local"> + <properties> + <help>Local parameters for interesting traffic</help> + </properties> + <children> + #include <include/port-number.xml.i> + <leafNode name="prefix"> + <properties> + <help>Local IPv4 or IPv6 prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Local IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Local IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i new file mode 100644 index 0000000..91decba --- /dev/null +++ b/interface-definitions/include/ipsec/remote-address.xml.i @@ -0,0 +1,29 @@ +<!-- include start from ipsec/remote-address.xml.i --> +<leafNode name="remote-address"> + <properties> + <help>IPv4 or IPv6 address of the remote peer</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of the remote peer</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of the remote peer</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Fully qualified domain name of the remote peer</description> + </valueHelp> + <valueHelp> + <format>any</format> + <description>Allow any IP address of the remote peer</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + <regex>(any)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/replay-window.xml.i b/interface-definitions/include/ipsec/replay-window.xml.i new file mode 100644 index 0000000..f35ed55 --- /dev/null +++ b/interface-definitions/include/ipsec/replay-window.xml.i @@ -0,0 +1,19 @@ +<!-- include start from ipsec/replay-window.xml.i --> +<leafNode name="replay-window"> + <properties> + <help>IPsec replay window to configure for this CHILD_SA</help> + <valueHelp> + <format>u32:0</format> + <description>Disable IPsec replay protection</description> + </valueHelp> + <valueHelp> + <format>u32:1-2040</format> + <description>Replay window size in packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2040"/> + </constraint> + </properties> + <defaultValue>32</defaultValue> + </leafNode> + <!-- include end --> diff --git a/interface-definitions/include/ipv4-address-prefix-range.xml.i b/interface-definitions/include/ipv4-address-prefix-range.xml.i new file mode 100644 index 0000000..aadc6aa --- /dev/null +++ b/interface-definitions/include/ipv4-address-prefix-range.xml.i @@ -0,0 +1,39 @@ +<!-- include start from ipv4-address-prefix-range.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv4range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv4-range"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv4-range-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipv4-address-prefix.xml.i b/interface-definitions/include/ipv4-address-prefix.xml.i new file mode 100644 index 0000000..f5be6f1 --- /dev/null +++ b/interface-definitions/include/ipv4-address-prefix.xml.i @@ -0,0 +1,19 @@ +<!-- include start from ipv4-address-prefix.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, prefix</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/default-information-level.xml.i b/interface-definitions/include/isis/default-information-level.xml.i new file mode 100644 index 0000000..5ade72a --- /dev/null +++ b/interface-definitions/include/isis/default-information-level.xml.i @@ -0,0 +1,32 @@ +<!-- include start from isis/default-information-level.xml.i --> +<node name="level-1"> + <properties> + <help>Distribute default route into level-1</help> + </properties> + <children> + <leafNode name="always"> + <properties> + <help>Always advertise default route</help> + <valueless/> + </properties> + </leafNode> + #include <include/isis/metric.xml.i> + #include <include/route-map.xml.i> + </children> +</node> +<node name="level-2"> + <properties> + <help>Distribute default route into level-2</help> + </properties> + <children> + <leafNode name="always"> + <properties> + <help>Always advertise default route</help> + <valueless/> + </properties> + </leafNode> + #include <include/isis/metric.xml.i> + #include <include/route-map.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/isis/ldp-sync-holddown.xml.i b/interface-definitions/include/isis/ldp-sync-holddown.xml.i new file mode 100644 index 0000000..15ac26f --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-holddown.xml.i @@ -0,0 +1,14 @@ +<!-- include start from isis/ldp-sync-holddown.xml.i --> +<leafNode name="holddown"> + <properties> + <help>Hold down timer for LDP-IGP cost restoration</help> + <valueHelp> + <format>u32:0-10000</format> + <description>Time to wait in seconds for LDP-IGP synchronization to occur before restoring interface cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-10000"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/ldp-sync-interface.xml.i b/interface-definitions/include/isis/ldp-sync-interface.xml.i new file mode 100644 index 0000000..222a352 --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-interface.xml.i @@ -0,0 +1,11 @@ +<!-- include start from isis/ldp-igp-sync.xml.i --> +<node name="ldp-sync"> + <properties> + <help>LDP-IGP synchronization configuration for interface</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/isis/ldp-sync-holddown.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/isis/ldp-sync-protocol.xml.i b/interface-definitions/include/isis/ldp-sync-protocol.xml.i new file mode 100644 index 0000000..b2e696a --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-protocol.xml.i @@ -0,0 +1,10 @@ +<!-- include start from isis/ldp-igp-sync.xml.i --> +<node name="ldp-sync"> + <properties> + <help>Protocol wide LDP-IGP synchronization configuration</help> + </properties> + <children> + #include <include/isis/ldp-sync-holddown.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/isis/level-1-2-leaf.xml.i b/interface-definitions/include/isis/level-1-2-leaf.xml.i new file mode 100644 index 0000000..3703da1 --- /dev/null +++ b/interface-definitions/include/isis/level-1-2-leaf.xml.i @@ -0,0 +1,13 @@ +<!-- include start from isis/level-1-2-leaf.xml.i --> +<leafNode name="level-1"> + <properties> + <help>Match on IS-IS level-1 routes</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="level-2"> + <properties> + <help>Match on IS-IS level-2 routes</help> + <valueless/> + </properties> +</leafNode>
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-local.xml.i b/interface-definitions/include/isis/lfa-local.xml.i new file mode 100644 index 0000000..c5bf6a3 --- /dev/null +++ b/interface-definitions/include/isis/lfa-local.xml.i @@ -0,0 +1,128 @@ +<!-- include start from isis/lfa-local.xml.i --> +<node name="local"> + <properties> + <help>Local loop free alternate options</help> + </properties> + <children> + <node name="load-sharing"> + <properties> + <help>Load share prefixes across multiple backups</help> + </properties> + <children> + <node name="disable"> + <properties> + <help>Disable load sharing</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="priority-limit"> + <properties> + <help>Limit backup computation up to the prefix priority</help> + </properties> + <children> + <node name="medium"> + <properties> + <help>Compute for critical, high, and medium priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="high"> + <properties> + <help>Compute for critical, and high priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="critical"> + <properties> + <help>Compute for critical priority prefixes only</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="tiebreaker"> + <properties> + <help>Configure tiebreaker for multiple backups</help> + </properties> + <children> + <node name="downstream"> + <properties> + <help>Prefer backup path via downstream node</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="lowest-backup-metric"> + <properties> + <help>Prefer backup path with lowest total metric</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="node-protecting"> + <properties> + <help>Prefer node protecting backup path</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-protocol.xml.i b/interface-definitions/include/isis/lfa-protocol.xml.i new file mode 100644 index 0000000..cfb1a6d --- /dev/null +++ b/interface-definitions/include/isis/lfa-protocol.xml.i @@ -0,0 +1,11 @@ +<!-- include start from isis/lfa-protocol.xml.i --> +<node name="lfa"> + <properties> + <help>Loop free alternate functionality</help> + </properties> + <children> + #include <include/isis/lfa-remote.xml.i> + #include <include/isis/lfa-local.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-remote.xml.i b/interface-definitions/include/isis/lfa-remote.xml.i new file mode 100644 index 0000000..8434e35 --- /dev/null +++ b/interface-definitions/include/isis/lfa-remote.xml.i @@ -0,0 +1,28 @@ +<!-- include start from isis/lfa-remote.xml.i --> +<node name="remote"> + <properties> + <help>Remote loop free alternate options</help> + </properties> + <children> + <tagNode name="prefix-list"> + <properties> + <help>Filter PQ node router ID based on prefix list</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv4/IPv6 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/metric.xml.i b/interface-definitions/include/isis/metric.xml.i new file mode 100644 index 0000000..30e2cdc --- /dev/null +++ b/interface-definitions/include/isis/metric.xml.i @@ -0,0 +1,14 @@ +<!-- include start from isis/metric.xml.i --> +<leafNode name="metric"> + <properties> + <help>Set default metric for circuit</help> + <valueHelp> + <format>u32:0-16777215</format> + <description>Default metric value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/passive.xml.i b/interface-definitions/include/isis/passive.xml.i new file mode 100644 index 0000000..6d05f8c --- /dev/null +++ b/interface-definitions/include/isis/passive.xml.i @@ -0,0 +1,8 @@ +<!-- include start from isis/passive.xml.i --> +<leafNode name="passive"> + <properties> + <help>Configure passive mode for interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/password.xml.i b/interface-definitions/include/isis/password.xml.i new file mode 100644 index 0000000..27c3b0f --- /dev/null +++ b/interface-definitions/include/isis/password.xml.i @@ -0,0 +1,20 @@ +<!-- include start from isis/password.xml.i --> +<leafNode name="plaintext-password"> + <properties> + <help>Plain-text authentication type</help> + <valueHelp> + <format>txt</format> + <description>Circuit password</description> + </valueHelp> + </properties> +</leafNode> +<leafNode name="md5"> + <properties> + <help>MD5 authentication type</help> + <valueHelp> + <format>txt</format> + <description>Level-wide password</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i new file mode 100644 index 0000000..35ce80b --- /dev/null +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -0,0 +1,729 @@ +<!-- include start from isis/protocol-common-config.xml.i --> +<leafNode name="advertise-high-metrics"> + <properties> + <help>Advertise high metric value on all interfaces</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="advertise-passive-only"> + <properties> + <help>Advertise prefixes of passive interfaces only</help> + <valueless/> + </properties> +</leafNode> +<node name="area-password"> + <properties> + <help>Configure the authentication password for an area</help> + </properties> + <children> + #include <include/isis/password.xml.i> + </children> +</node> +<node name="default-information"> + <properties> + <help>Control distribution of default information</help> + </properties> + <children> + <node name="originate"> + <properties> + <help>Distribute a default route</help> + </properties> + <children> + <node name="ipv4"> + <properties> + <help>Distribute default route for IPv4</help> + </properties> + <children> + #include <include/isis/default-information-level.xml.i> + </children> + </node> + <node name="ipv6"> + <properties> + <help>Distribute default route for IPv6</help> + </properties> + <children> + #include <include/isis/default-information-level.xml.i> + </children> + </node> + </children> + </node> + </children> +</node> +<node name="domain-password"> + <properties> + <help>Set the authentication password for a routing domain</help> + </properties> + <children> + #include <include/isis/password.xml.i> + </children> +</node> +<leafNode name="dynamic-hostname"> + <properties> + <help>Dynamic hostname for IS-IS</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="level"> + <properties> + <help>IS-IS level number</help> + <completionHelp> + <list>level-1 level-1-2 level-2</list> + </completionHelp> + <valueHelp> + <format>level-1</format> + <description>Act as a station router</description> + </valueHelp> + <valueHelp> + <format>level-1-2</format> + <description>Act as both a station and an area router</description> + </valueHelp> + <valueHelp> + <format>level-2</format> + <description>Act as an area router</description> + </valueHelp> + <constraint> + <regex>(level-1|level-1-2|level-2)</regex> + </constraint> + </properties> +</leafNode> +#include <include/log-adjacency-changes.xml.i> +<leafNode name="lsp-gen-interval"> + <properties> + <help>Minimum interval between regenerating same LSP</help> + <valueHelp> + <format>u32:1-120</format> + <description>Minimum interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-120"/> + </constraint> + </properties> +</leafNode> +<leafNode name="lsp-mtu"> + <properties> + <help>Configure the maximum size of generated LSPs</help> + <valueHelp> + <format>u32:128-4352</format> + <description>Maximum size of generated LSPs</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 128-4352"/> + </constraint> + </properties> + <defaultValue>1497</defaultValue> +</leafNode> +<leafNode name="lsp-refresh-interval"> + <properties> + <help>LSP refresh interval</help> + <valueHelp> + <format>u32:1-65235</format> + <description>LSP refresh interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65235"/> + </constraint> + </properties> +</leafNode> +<leafNode name="max-lsp-lifetime"> + <properties> + <help>Maximum LSP lifetime</help> + <valueHelp> + <format>u32:350-65535</format> + <description>LSP lifetime in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<leafNode name="metric-style"> + <properties> + <help>Use old-style (ISO 10589) or new-style packet formats</help> + <completionHelp> + <list>narrow transition wide</list> + </completionHelp> + <valueHelp> + <format>narrow</format> + <description>Use old style of TLVs with narrow metric</description> + </valueHelp> + <valueHelp> + <format>transition</format> + <description>Send and accept both styles of TLVs during transition</description> + </valueHelp> + <valueHelp> + <format>wide</format> + <description>Use new style of TLVs to carry wider metric</description> + </valueHelp> + <constraint> + <regex>(narrow|transition|wide)</regex> + </constraint> + </properties> +</leafNode> +#include <include/isis/ldp-sync-protocol.xml.i> +<leafNode name="topology"> + <properties> + <help>Configure IS-IS topologies</help> + <completionHelp> + <list>ipv4-multicast ipv4-mgmt ipv6-unicast ipv6-multicast ipv6-mgmt ipv6-dstsrc</list> + </completionHelp> + <valueHelp> + <format>ipv4-multicast</format> + <description>Use IPv4 multicast topology</description> + </valueHelp> + <valueHelp> + <format>ipv4-mgmt</format> + <description>Use IPv4 management topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-unicast</format> + <description>Use IPv6 unicast topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-multicast</format> + <description>Use IPv6 multicast topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-mgmt</format> + <description>Use IPv6 management topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-dstsrc</format> + <description>Use IPv6 dst-src topology</description> + </valueHelp> + <constraint> + <regex>(ipv4-multicast|ipv4-mgmt|ipv6-unicast|ipv6-multicast|ipv6-mgmt|ipv6-dstsrc)</regex> + </constraint> + </properties> +</leafNode> +<node name="fast-reroute"> + <properties> + <help>IS-IS fast reroute configuration</help> + </properties> + <children> + #include <include/isis/lfa-protocol.xml.i> + </children> +</node> +#include <include/net.xml.i> +<leafNode name="purge-originator"> + <properties> + <help>Use the RFC 6232 purge-originator</help> + <valueless/> + </properties> +</leafNode> +<node name="traffic-engineering"> + <properties> + <help>IS-IS traffic engineering extensions</help> + </properties> + <children> + <leafNode name="enable"> + <properties> + <help>Enable MPLS traffic engineering extensions</help> + <valueless/> + </properties> + </leafNode> +<!-- + <node name="inter-as"> + <properties> + <help>MPLS traffic engineering inter-AS support</help> + </properties> + <children> + <leafNode name="level-1"> + <properties> + <help>Area native mode self originate inter-AS LSP with L1 only flooding scope</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="level-1-2"> + <properties> + <help>Area native mode self originate inter-AS LSP with L1 and L2 flooding scope</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="level-2"> + <properties> + <help>Area native mode self originate inter-AS LSP with L2 only flooding scope</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="inter-as"> + <properties> + <help>MPLS traffic engineering inter-AS support</help> + <valueless/> + </properties> + </leafNode> +--> + <leafNode name="address"> + <properties> + <help>MPLS traffic engineering router ID</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="segment-routing"> + <properties> + <help>Segment-Routing (SPRING) settings</help> + </properties> + <children> + <node name="global-block"> + <properties> + <help>Segment Routing Global Block label range</help> + </properties> + <children> + #include <include/segment-routing-label-value.xml.i> + </children> + </node> + <node name="local-block"> + <properties> + <help>Segment Routing Local Block label range</help> + </properties> + <children> + #include <include/segment-routing-label-value.xml.i> + </children> + </node> + <leafNode name="maximum-label-depth"> + <properties> + <help>Maximum MPLS labels allowed for this router</help> + <valueHelp> + <format>u32:1-16</format> + <description>MPLS label depth</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Static IPv4/IPv6 prefix segment/label mapping</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix segment</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix segment</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <node name="absolute"> + <properties> + <help>Specify the absolute value of prefix segment/label ID</help> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Specify the absolute value of prefix segment/label ID</help> + <valueHelp> + <format>u32:16-1048575</format> + <description>The absolute segment/label ID value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-1048575"/> + </constraint> + </properties> + </leafNode> + <leafNode name="explicit-null"> + <properties> + <help>Request upstream neighbor to replace segment/label with explicit null label</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-php-flag"> + <properties> + <help>Do not request penultimate hop popping for segment/label</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="index"> + <properties> + <help>Specify the index value of prefix segment/label ID</help> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Specify the index value of prefix segment/label ID</help> + <valueHelp> + <format>u32:0-65535</format> + <description>The index segment/label ID value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="explicit-null"> + <properties> + <help>Request upstream neighbor to replace segment/label with explicit null label</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-php-flag"> + <properties> + <help>Do not request penultimate hop popping for segment/label</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> +</node> +<node name="redistribute"> + <properties> + <help>Redistribute information from another routing protocol</help> + </properties> + <children> + <node name="ipv4"> + <properties> + <help>Redistribute IPv4 routes</help> + </properties> + <children> + <node name="bgp"> + <properties> + <help>Border Gateway Protocol (BGP)</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="connected"> + <properties> + <help>Redistribute connected routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="ospf"> + <properties> + <help>Redistribute OSPF routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="rip"> + <properties> + <help>Redistribute RIP routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + </children> + </node> + <node name="ipv6"> + <properties> + <help>Redistribute IPv6 routes</help> + </properties> + <children> + <node name="bgp"> + <properties> + <help>Redistribute BGP routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="connected"> + <properties> + <help>Redistribute connected routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="ospf6"> + <properties> + <help>Redistribute OSPFv3 routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="ripng"> + <properties> + <help>Redistribute RIPng routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> + </children> + </node> + </children> +</node> +<leafNode name="set-attached-bit"> + <properties> + <help>Set attached bit to identify as L1/L2 router for inter-area traffic</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="set-overload-bit"> + <properties> + <help>Set overload bit to avoid any transit traffic</help> + <valueless/> + </properties> +</leafNode> +<node name="spf-delay-ietf"> + <properties> + <help>IETF SPF delay algorithm</help> + </properties> + <children> + <leafNode name="init-delay"> + <properties> + <help>Delay used while in QUIET state</help> + <valueHelp> + <format>u32:0-60000</format> + <description>Delay used while in QUIET state (in ms)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="short-delay"> + <properties> + <help>Delay used while in SHORT_WAIT state</help> + <valueHelp> + <format>u32:0-60000</format> + <description>Delay used while in SHORT_WAIT state (in ms)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="long-delay"> + <properties> + <help>Delay used while in LONG_WAIT</help> + <valueHelp> + <format>u32:0-60000</format> + <description>Delay used while in LONG_WAIT state in ms</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="holddown"> + <properties> + <help>Time with no received IGP events before considering IGP stable</help> + <valueHelp> + <format>u32:0-60000</format> + <description>Time with no received IGP events before considering IGP stable in ms</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time-to-learn"> + <properties> + <help>Maximum duration needed to learn all the events related to a single failure</help> + <valueHelp> + <format>u32:0-60000</format> + <description>Maximum duration needed to learn all the events related to a single failure in ms</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="spf-interval"> + <properties> + <help>Minimum interval between SPF calculations</help> + <valueHelp> + <format>u32:1-120</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-120"/> + </constraint> + </properties> +</leafNode> +<tagNode name="interface"> + <properties> + <help>Interface params</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + </properties> + <children> + #include <include/bfd/bfd.xml.i> + <leafNode name="circuit-type"> + <properties> + <help>Configure circuit type for interface</help> + <completionHelp> + <list>level-1 level-1-2 level-2-only</list> + </completionHelp> + <valueHelp> + <format>level-1</format> + <description>Level-1 only adjacencies are formed</description> + </valueHelp> + <valueHelp> + <format>level-1-2</format> + <description>Level-1-2 adjacencies are formed</description> + </valueHelp> + <valueHelp> + <format>level-2-only</format> + <description>Level-2 only adjacencies are formed</description> + </valueHelp> + <constraint> + <regex>(level-1|level-1-2|level-2-only)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="hello-padding"> + <properties> + <help>Add padding to IS-IS hello packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="hello-interval"> + <properties> + <help>Set Hello interval</help> + <valueHelp> + <format>u32:1-600</format> + <description>Set Hello interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="hello-multiplier"> + <properties> + <help>Set Hello interval</help> + <valueHelp> + <format>u32:2-100</format> + <description>Set multiplier for Hello holding time</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-100"/> + </constraint> + </properties> + </leafNode> + #include <include/isis/metric.xml.i> + #include <include/isis/ldp-sync-interface.xml.i> + <node name="network"> + <properties> + <help>Set network type</help> + </properties> + <children> + <leafNode name="point-to-point"> + <properties> + <help>point-to-point network type</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + #include <include/isis/passive.xml.i> + <node name="password"> + <properties> + <help>Configure the authentication password for a circuit</help> + </properties> + <children> + #include <include/isis/password.xml.i> + </children> + </node> + <leafNode name="priority"> + <properties> + <help>Set priority for Designated Router election</help> + <valueHelp> + <format>u32:0-127</format> + <description>Priority value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-127"/> + </constraint> + </properties> + </leafNode> + <leafNode name="psnp-interval"> + <properties> + <help>Set PSNP interval</help> + <valueHelp> + <format>u32:0-127</format> + <description>PSNP interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-127"/> + </constraint> + </properties> + </leafNode> + <leafNode name="no-three-way-handshake"> + <properties> + <help>Disable three-way handshake</help> + <valueless/> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/redistribute-level-1-2.xml.i b/interface-definitions/include/isis/redistribute-level-1-2.xml.i new file mode 100644 index 0000000..abb8527 --- /dev/null +++ b/interface-definitions/include/isis/redistribute-level-1-2.xml.i @@ -0,0 +1,20 @@ +<!-- include start from isis/redistribute-level-1-2.xml.i --> +<node name="level-1"> + <properties> + <help>Redistribute into level-1</help> + </properties> + <children> + #include <include/isis/metric.xml.i> + #include <include/route-map.xml.i> + </children> +</node> +<node name="level-2"> + <properties> + <help>Redistribute into level-2</help> + </properties> + <children> + #include <include/isis/metric.xml.i> + #include <include/route-map.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/listen-address-ipv4-single.xml.i b/interface-definitions/include/listen-address-ipv4-single.xml.i new file mode 100644 index 0000000..81e9479 --- /dev/null +++ b/interface-definitions/include/listen-address-ipv4-single.xml.i @@ -0,0 +1,17 @@ +<!-- include start from listen-address-ipv4-single.xml.i --> +<leafNode name="listen-address"> + <properties> + <help>Local IPv4 addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/listen-address-ipv4.xml.i b/interface-definitions/include/listen-address-ipv4.xml.i new file mode 100644 index 0000000..9cca297 --- /dev/null +++ b/interface-definitions/include/listen-address-ipv4.xml.i @@ -0,0 +1,18 @@ +<!-- include start from listen-address-ipv4.xml.i --> +<leafNode name="listen-address"> + <properties> + <help>Local IPv4 addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/listen-address-single.xml.i b/interface-definitions/include/listen-address-single.xml.i new file mode 100644 index 0000000..6cc5aef --- /dev/null +++ b/interface-definitions/include/listen-address-single.xml.i @@ -0,0 +1,22 @@ +<!-- include start from listen-address-single.xml.i --> +<leafNode name="listen-address"> + <properties> + <help>Local IP addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ipv6-link-local"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/listen-address-vrf.xml.i b/interface-definitions/include/listen-address-vrf.xml.i new file mode 100644 index 0000000..23ecc24 --- /dev/null +++ b/interface-definitions/include/listen-address-vrf.xml.i @@ -0,0 +1,24 @@ +<!-- include start from listen-address-vrf.xml.i --> +<tagNode name="listen-address"> + <properties> + <help>Local IP addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + #include <include/interface/vrf.xml.i> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/listen-address.xml.i b/interface-definitions/include/listen-address.xml.i new file mode 100644 index 0000000..2454f43 --- /dev/null +++ b/interface-definitions/include/listen-address.xml.i @@ -0,0 +1,23 @@ +<!-- include start from listen-address.xml.i --> +<leafNode name="listen-address"> + <properties> + <help>Local IP addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-address"/> + <validator name="ipv6-link-local"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/listen-interface-multi-broadcast.xml.i b/interface-definitions/include/listen-interface-multi-broadcast.xml.i new file mode 100644 index 0000000..00bd45e --- /dev/null +++ b/interface-definitions/include/listen-interface-multi-broadcast.xml.i @@ -0,0 +1,18 @@ +<!-- include start from listen-interface-multi-broadcast.xml.i --> +<leafNode name="listen-interface"> + <properties> + <help>Interface to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/log-adjacency-changes.xml.i b/interface-definitions/include/log-adjacency-changes.xml.i new file mode 100644 index 0000000..a0628b8 --- /dev/null +++ b/interface-definitions/include/log-adjacency-changes.xml.i @@ -0,0 +1,8 @@ +<!-- include start from log-adjacency-changes.xml.i --> +<leafNode name="log-adjacency-changes"> + <properties> + <help>Log changes in adjacency state</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i new file mode 100644 index 0000000..b326a65 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i @@ -0,0 +1,24 @@ +<!-- include start from name-server-ipv4-ipv6-port.xml.i --> +<tagNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses to forward queries to</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>53</defaultValue> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/name-server-ipv4-ipv6.xml.i b/interface-definitions/include/name-server-ipv4-ipv6.xml.i new file mode 100644 index 0000000..cf483e5 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6.xml.i @@ -0,0 +1,19 @@ +<!-- include start from name-server-ipv4-ipv6.xml.i --> +<leafNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/name-server-ipv4.xml.i b/interface-definitions/include/name-server-ipv4.xml.i new file mode 100644 index 0000000..0cf884e --- /dev/null +++ b/interface-definitions/include/name-server-ipv4.xml.i @@ -0,0 +1,15 @@ +<!-- include start from name-server-ipv4.xml.i --> +<leafNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/name-server-ipv6.xml.i b/interface-definitions/include/name-server-ipv6.xml.i new file mode 100644 index 0000000..d4517c4 --- /dev/null +++ b/interface-definitions/include/name-server-ipv6.xml.i @@ -0,0 +1,15 @@ +<!-- include start from name-server-ipv6.xml.i --> +<leafNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses</help> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat-address.xml.i b/interface-definitions/include/nat-address.xml.i new file mode 100644 index 0000000..a6460ac --- /dev/null +++ b/interface-definitions/include/nat-address.xml.i @@ -0,0 +1,39 @@ +<!-- include start from nat-address.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv4range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv4-range"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv4-range-exclude"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat-exclude.xml.i b/interface-definitions/include/nat-exclude.xml.i new file mode 100644 index 0000000..4d53cf8 --- /dev/null +++ b/interface-definitions/include/nat-exclude.xml.i @@ -0,0 +1,8 @@ +<!-- include start from nat-exclude.xml.i --> +<leafNode name="exclude"> + <properties> + <help>Exclude packets matching this rule from NAT</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat-interface.xml.i b/interface-definitions/include/nat-interface.xml.i new file mode 100644 index 0000000..ef1ffc1 --- /dev/null +++ b/interface-definitions/include/nat-interface.xml.i @@ -0,0 +1,11 @@ +<!-- include start from nat-interface.xml.i --> +<leafNode name="outbound-interface"> + <properties> + <help>Outbound interface of NAT traffic</help> + <completionHelp> + <list>any</list> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i new file mode 100644 index 0000000..5f762cf --- /dev/null +++ b/interface-definitions/include/nat-port.xml.i @@ -0,0 +1,26 @@ +<!-- include start from nat-port.xml.i --> +<leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>txt</format> + <description>Named port (any name in /etc/services, e.g., http)</description> + </valueHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>Numbered port range (e.g. 1001-1005)</description> + </valueHelp> + <valueHelp> + <format/> + <description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description> + </valueHelp> + <constraint> + <validator name="port-multi"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i new file mode 100644 index 0000000..deb1352 --- /dev/null +++ b/interface-definitions/include/nat-rule.xml.i @@ -0,0 +1,325 @@ +<!-- include start from nat-rule.xml.i --> +<tagNode name="rule"> + <properties> + <help>Rule number for NAT</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number of NAT rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + <node name="destination"> + <properties> + <help>NAT destination parameters</help> + </properties> + <children> + #include <include/nat-address.xml.i> + #include <include/nat-port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> + </node> + #include <include/generic-disable-node.xml.i> + #include <include/nat-exclude.xml.i> + <node name="load-balance"> + <properties> + <help>Apply NAT load balance</help> + </properties> + <children> + #include <include/firewall/firewall-hashing-parameters.xml.i> + #include <include/firewall/nat-balance.xml.i> + </children> + </node> + #include <include/firewall/log.xml.i> + <leafNode name="packet-type"> + <properties> + <help>Packet type</help> + <completionHelp> + <list>broadcast host multicast other</list> + </completionHelp> + <valueHelp> + <format>broadcast</format> + <description>Match broadcast packet type</description> + </valueHelp> + <valueHelp> + <format>host</format> + <description>Match host packet type, addressed to local host</description> + </valueHelp> + <valueHelp> + <format>multicast</format> + <description>Match multicast packet type</description> + </valueHelp> + <valueHelp> + <format>other</format> + <description>Match packet addressed to another host</description> + </valueHelp> + <constraint> + <regex>(broadcast|host|multicast|other)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="protocol"> + <properties> + <help>Protocol to NAT</help> + <completionHelp> + <list>all ip hopopt icmp igmp ggp ipencap st tcp egp igp pup udp tcp_udp hmp xns-idp rdp iso-tp4 dccp xtp ddp idpr-cmtp ipv6 ipv6-route ipv6-frag idrp rsvp gre esp ah skip ipv6-icmp ipv6-nonxt ipv6-opts rspf vmtp eigrp ospf ax.25 ipip etherip encap 99 pim ipcomp vrrp l2tp isis sctp fc mobility-header udplite mpls-in-ip manet hip shim6 wesp rohc</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>ip</format> + <description>Internet Protocol, pseudo protocol number</description> + </valueHelp> + <valueHelp> + <format>hopopt</format> + <description>IPv6 Hop-by-Hop Option [RFC1883]</description> + </valueHelp> + <valueHelp> + <format>icmp</format> + <description>internet control message protocol</description> + </valueHelp> + <valueHelp> + <format>igmp</format> + <description>Internet Group Management</description> + </valueHelp> + <valueHelp> + <format>ggp</format> + <description>gateway-gateway protocol</description> + </valueHelp> + <valueHelp> + <format>ipencap</format> + <description>IP encapsulated in IP (officially IP)</description> + </valueHelp> + <valueHelp> + <format>st</format> + <description>ST datagram mode</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>transmission control protocol</description> + </valueHelp> + <valueHelp> + <format>egp</format> + <description>exterior gateway protocol</description> + </valueHelp> + <valueHelp> + <format>igp</format> + <description>any private interior gateway (Cisco)</description> + </valueHelp> + <valueHelp> + <format>pup</format> + <description>PARC universal packet protocol</description> + </valueHelp> + <valueHelp> + <format>udp</format> + <description>user datagram protocol</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>hmp</format> + <description>host monitoring protocol</description> + </valueHelp> + <valueHelp> + <format>xns-idp</format> + <description>Xerox NS IDP</description> + </valueHelp> + <valueHelp> + <format>rdp</format> + <description>"reliable datagram" protocol</description> + </valueHelp> + <valueHelp> + <format>iso-tp4</format> + <description>ISO Transport Protocol class 4 [RFC905]</description> + </valueHelp> + <valueHelp> + <format>dccp</format> + <description>Datagram Congestion Control Prot. [RFC4340]</description> + </valueHelp> + <valueHelp> + <format>xtp</format> + <description>Xpress Transfer Protocol</description> + </valueHelp> + <valueHelp> + <format>ddp</format> + <description>Datagram Delivery Protocol</description> + </valueHelp> + <valueHelp> + <format>idpr-cmtp</format> + <description>IDPR Control Message Transport</description> + </valueHelp> + <valueHelp> + <format>Ipv6</format> + <description>Internet Protocol, version 6</description> + </valueHelp> + <valueHelp> + <format>ipv6-route</format> + <description>Routing Header for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv6-frag</format> + <description>Fragment Header for IPv6</description> + </valueHelp> + <valueHelp> + <format>idrp</format> + <description>Inter-Domain Routing Protocol</description> + </valueHelp> + <valueHelp> + <format>rsvp</format> + <description>Reservation Protocol</description> + </valueHelp> + <valueHelp> + <format>gre</format> + <description>General Routing Encapsulation</description> + </valueHelp> + <valueHelp> + <format>esp</format> + <description>Encap Security Payload [RFC2406]</description> + </valueHelp> + <valueHelp> + <format>ah</format> + <description>Authentication Header [RFC2402]</description> + </valueHelp> + <valueHelp> + <format>skip</format> + <description>SKIP</description> + </valueHelp> + <valueHelp> + <format>ipv6-icmp</format> + <description>ICMP for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv6-nonxt</format> + <description>No Next Header for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv6-opts</format> + <description>Destination Options for IPv6</description> + </valueHelp> + <valueHelp> + <format>rspf</format> + <description>Radio Shortest Path First (officially CPHB)</description> + </valueHelp> + <valueHelp> + <format>vmtp</format> + <description>Versatile Message Transport</description> + </valueHelp> + <valueHelp> + <format>eigrp</format> + <description>Enhanced Interior Routing Protocol (Cisco)</description> + </valueHelp> + <valueHelp> + <format>ospf</format> + <description>Open Shortest Path First IGP</description> + </valueHelp> + <valueHelp> + <format>ax.25</format> + <description>AX.25 frames</description> + </valueHelp> + <valueHelp> + <format>ipip</format> + <description>IP-within-IP Encapsulation Protocol</description> + </valueHelp> + <valueHelp> + <format>etherip</format> + <description>Ethernet-within-IP Encapsulation [RFC3378]</description> + </valueHelp> + <valueHelp> + <format>encap</format> + <description>Yet Another IP encapsulation [RFC1241]</description> + </valueHelp> + <valueHelp> + <format>99</format> + <description>Any private encryption scheme</description> + </valueHelp> + <valueHelp> + <format>pim</format> + <description>Protocol Independent Multicast</description> + </valueHelp> + <valueHelp> + <format>ipcomp</format> + <description>IP Payload Compression Protocol</description> + </valueHelp> + <valueHelp> + <format>vrrp</format> + <description>Virtual Router Redundancy Protocol [RFC5798]</description> + </valueHelp> + <valueHelp> + <format>l2tp</format> + <description>Layer Two Tunneling Protocol [RFC2661]</description> + </valueHelp> + <valueHelp> + <format>isis</format> + <description>IS-IS over IPv4</description> + </valueHelp> + <valueHelp> + <format>sctp</format> + <description>Stream Control Transmission Protocol</description> + </valueHelp> + <valueHelp> + <format>fc</format> + <description>Fibre Channel</description> + </valueHelp> + <valueHelp> + <format>mobility-header</format> + <description>Mobility Support for IPv6 [RFC3775]</description> + </valueHelp> + <valueHelp> + <format>udplite</format> + <description>UDP-Lite [RFC3828]</description> + </valueHelp> + <valueHelp> + <format>mpls-in-ip</format> + <description>MPLS-in-IP [RFC4023]</description> + </valueHelp> + <valueHelp> + <format>manet</format> + <description>MANET Protocols [RFC5498]</description> + </valueHelp> + <valueHelp> + <format>hip</format> + <description>Host Identity Protocol</description> + </valueHelp> + <valueHelp> + <format>shim6</format> + <description>Shim6 Protocol</description> + </valueHelp> + <valueHelp> + <format>wesp</format> + <description>Wrapped Encapsulating Security Payload</description> + </valueHelp> + <valueHelp> + <format>rohc</format> + <description>Robust Header Compression</description> + </valueHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> + <defaultValue>all</defaultValue> + </leafNode> + <node name="source"> + <properties> + <help>NAT source parameters</help> + </properties> + <children> + #include <include/nat-address.xml.i> + #include <include/nat-port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i new file mode 100644 index 0000000..c890059 --- /dev/null +++ b/interface-definitions/include/nat-translation-options.xml.i @@ -0,0 +1,49 @@ +<!-- include start from nat-translation-options.xml.i --> +<node name="options"> + <properties> + <help>Translation options</help> + </properties> + <children> + <leafNode name="address-mapping"> + <properties> + <help>Address mapping options</help> + <completionHelp> + <list>persistent random</list> + </completionHelp> + <valueHelp> + <format>persistent</format> + <description>Gives a client the same source or destination-address for each connection</description> + </valueHelp> + <valueHelp> + <format>random</format> + <description>Random source or destination address allocation for each connection</description> + </valueHelp> + <constraint> + <regex>(persistent|random)</regex> + </constraint> + </properties> + <defaultValue>random</defaultValue> + </leafNode> + <leafNode name="port-mapping"> + <properties> + <help>Port mapping options</help> + <completionHelp> + <list>random none</list> + </completionHelp> + <valueHelp> + <format>random</format> + <description>Randomize source port mapping</description> + </valueHelp> + <valueHelp> + <format>none</format> + <description>Do not apply port randomization</description> + </valueHelp> + <constraint> + <regex>(random|none)</regex> + </constraint> + </properties> + <defaultValue>none</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i new file mode 100644 index 0000000..6f17df3 --- /dev/null +++ b/interface-definitions/include/nat-translation-port.xml.i @@ -0,0 +1,18 @@ +<!-- include start from nat-translation-port.xml.i --> +<leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <valueHelp> + <format>range</format> + <description>Numbered port range (e.g., 1001-1005)</description> + </valueHelp> + <constraint> + <validator name="port-range"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat/protocol.xml.i b/interface-definitions/include/nat/protocol.xml.i new file mode 100644 index 0000000..54e7ff0 --- /dev/null +++ b/interface-definitions/include/nat/protocol.xml.i @@ -0,0 +1,34 @@ +<!-- include start from nat/protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + <list>all tcp_udp</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format><protocol></format> + <description>IP protocol name</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol name</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat64/protocol.xml.i b/interface-definitions/include/nat64/protocol.xml.i new file mode 100644 index 0000000..a640873 --- /dev/null +++ b/interface-definitions/include/nat64/protocol.xml.i @@ -0,0 +1,27 @@ +<!-- include start from nat64/protocol.xml.i --> +<node name="protocol"> + <properties> + <help>Apply translation address to a specfic protocol</help> + </properties> + <children> + <leafNode name="tcp"> + <properties> + <help>Transmission Control Protocol</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="udp"> + <properties> + <help>User Datagram Protocol</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="icmp"> + <properties> + <help>Internet Control Message Protocol</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/net.xml.i b/interface-definitions/include/net.xml.i new file mode 100644 index 0000000..10b54ee --- /dev/null +++ b/interface-definitions/include/net.xml.i @@ -0,0 +1,14 @@ +<!-- include start from net.xml.i --> +<leafNode name="net"> + <properties> + <help>A Network Entity Title for the process (ISO only)</help> + <valueHelp> + <format>XX.XXXX. ... .XXX.XX</format> + <description>Network entity title (NET)</description> + </valueHelp> + <constraint> + <regex>[a-fA-F0-9]{2}(\.[a-fA-F0-9]{4}){3,9}\.[a-fA-F0-9]{2}</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/openfabric/password.xml.i b/interface-definitions/include/openfabric/password.xml.i new file mode 100644 index 0000000..fa34a4d --- /dev/null +++ b/interface-definitions/include/openfabric/password.xml.i @@ -0,0 +1,20 @@ +<!-- include start from openfabric/password.xml.i --> +<leafNode name="plaintext-password"> + <properties> + <help>Use plain text password</help> + <valueHelp> + <format>txt</format> + <description>Authentication password</description> + </valueHelp> + </properties> +</leafNode> +<leafNode name="md5"> + <properties> + <help>Use MD5 hash authentication</help> + <valueHelp> + <format>txt</format> + <description>Authentication password</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospf/authentication.xml.i b/interface-definitions/include/ospf/authentication.xml.i new file mode 100644 index 0000000..8e8cad0 --- /dev/null +++ b/interface-definitions/include/ospf/authentication.xml.i @@ -0,0 +1,56 @@ +<!-- include start from ospf/authentication.xml.i --> +<node name="authentication"> + <properties> + <help>Authentication</help> + </properties> + <children> + <node name="md5"> + <properties> + <help>MD5 key id</help> + </properties> + <children> + <tagNode name="key-id"> + <properties> + <help>MD5 key id</help> + <valueHelp> + <format>u32:1-255</format> + <description>MD5 key id</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + <leafNode name="md5-key"> + <properties> + <help>MD5 authentication type</help> + <valueHelp> + <format>txt</format> + <description>MD5 Key (16 characters or less)</description> + </valueHelp> + <constraint> + <regex>[^[:space:]]{1,16}</regex> + </constraint> + <constraintErrorMessage>Password must be 16 characters or less</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="plaintext-password"> + <properties> + <help>Plain text password</help> + <valueHelp> + <format>txt</format> + <description>Plain text password (8 characters or less)</description> + </valueHelp> + <constraint> + <regex>[^[:space:]]{1,8}</regex> + </constraint> + <constraintErrorMessage>Password must be 8 characters or less</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/auto-cost.xml.i b/interface-definitions/include/ospf/auto-cost.xml.i new file mode 100644 index 0000000..da6483a --- /dev/null +++ b/interface-definitions/include/ospf/auto-cost.xml.i @@ -0,0 +1,22 @@ +<!-- include start from ospf/auto-cost.xml.i --> +<node name="auto-cost"> + <properties> + <help>Calculate interface cost according to bandwidth</help> + </properties> + <children> + <leafNode name="reference-bandwidth"> + <properties> + <help>Reference bandwidth method to assign cost</help> + <valueHelp> + <format>u32:1-4294967</format> + <description>Reference bandwidth cost in Mbits/sec</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967"/> + </constraint> + </properties> + <defaultValue>100</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/default-information.xml.i b/interface-definitions/include/ospf/default-information.xml.i new file mode 100644 index 0000000..50cda54 --- /dev/null +++ b/interface-definitions/include/ospf/default-information.xml.i @@ -0,0 +1,25 @@ +<!-- include start from ospf/intervals.xml.i --> +<node name="default-information"> + <properties> + <help>Default route advertisment settings</help> + </properties> + <children> + <node name="originate"> + <properties> + <help>Distribute a default route</help> + </properties> + <children> + <leafNode name="always"> + <properties> + <help>Always advertise a default route</help> + <valueless/> + </properties> + </leafNode> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/distance-global.xml.i b/interface-definitions/include/ospf/distance-global.xml.i new file mode 100644 index 0000000..31809cb --- /dev/null +++ b/interface-definitions/include/ospf/distance-global.xml.i @@ -0,0 +1,14 @@ +<!-- include start from ospf/distance-global.xml.i --> +<leafNode name="global"> + <properties> + <help>Administrative distance</help> + <valueHelp> + <format>u32:1-255</format> + <description>Administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospf/distance-per-protocol.xml.i b/interface-definitions/include/ospf/distance-per-protocol.xml.i new file mode 100644 index 0000000..da3f16c --- /dev/null +++ b/interface-definitions/include/ospf/distance-per-protocol.xml.i @@ -0,0 +1,38 @@ +<!-- include start from ospf/distance-per-protocol.xml.i --> +<leafNode name="external"> + <properties> + <help>Distance for external routes</help> + <valueHelp> + <format>u32:1-255</format> + <description>Distance for external routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<leafNode name="inter-area"> + <properties> + <help>Distance for inter-area routes</help> + <valueHelp> + <format>u32:1-255</format> + <description>Distance for inter-area routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<leafNode name="intra-area"> + <properties> + <help>Distance for intra-area routes</help> + <valueHelp> + <format>u32:1-255</format> + <description>Distance for intra-area routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospf/graceful-restart.xml.i b/interface-definitions/include/ospf/graceful-restart.xml.i new file mode 100644 index 0000000..37d9a7f --- /dev/null +++ b/interface-definitions/include/ospf/graceful-restart.xml.i @@ -0,0 +1,67 @@ +<!-- include start from ospf/graceful-restart.xml.i --> +<node name="graceful-restart"> + <properties> + <help>Graceful Restart</help> + </properties> + <children> + <leafNode name="grace-period"> + <properties> + <help>Maximum length of the grace period</help> + <valueHelp> + <format>u32:1-1800</format> + <description>Maximum length of the grace period in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-1800"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <node name="helper"> + <properties> + <help>OSPF graceful-restart helpers</help> + </properties> + <children> + <node name="enable"> + <properties> + <help>Enable helper support</help> + </properties> + <children> + <leafNode name="router-id"> + <properties> + <help>Advertising Router-ID</help> + <valueHelp> + <format>ipv4</format> + <description>Router-ID in IP address format</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="planned-only"> + <properties> + <help>Supported only planned restart</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="supported-grace-time"> + <properties> + <help>Supported grace timer</help> + <valueHelp> + <format>u32:10-1800</format> + <description>Grace interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-1800"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/interface-common.xml.i b/interface-definitions/include/ospf/interface-common.xml.i new file mode 100644 index 0000000..9c8b94f --- /dev/null +++ b/interface-definitions/include/ospf/interface-common.xml.i @@ -0,0 +1,34 @@ +<!-- include start from ospf/interface-common.xml.i --> +#include <include/bfd/bfd.xml.i> +<leafNode name="cost"> + <properties> + <help>Interface cost</help> + <valueHelp> + <format>u32:1-65535</format> + <description>OSPF interface cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<leafNode name="mtu-ignore"> + <properties> + <help>Disable Maximum Transmission Unit (MTU) mismatch detection</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="priority"> + <properties> + <help>Router priority</help> + <valueHelp> + <format>u32:0-255</format> + <description>OSPF router priority cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + <defaultValue>1</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospf/intervals.xml.i b/interface-definitions/include/ospf/intervals.xml.i new file mode 100644 index 0000000..9f6e5df --- /dev/null +++ b/interface-definitions/include/ospf/intervals.xml.i @@ -0,0 +1,54 @@ +<!-- include start from ospf/intervals.xml.i --> +<leafNode name="dead-interval"> + <properties> + <help>Interval after which a neighbor is declared dead</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Neighbor dead interval (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>40</defaultValue> +</leafNode> +<leafNode name="hello-interval"> + <properties> + <help>Interval between hello packets</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Hello interval (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> +</leafNode> +<leafNode name="retransmit-interval"> + <properties> + <help>Interval between retransmitting lost link state advertisements</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Retransmit interval (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> +</leafNode> +<leafNode name="transmit-delay"> + <properties> + <help>Link state transmit delay</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Link state transmit delay (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospf/log-adjacency-changes.xml.i b/interface-definitions/include/ospf/log-adjacency-changes.xml.i new file mode 100644 index 0000000..24c6cbe --- /dev/null +++ b/interface-definitions/include/ospf/log-adjacency-changes.xml.i @@ -0,0 +1,15 @@ +<!-- include start from ospf/metric-type.xml.i --> +<node name="log-adjacency-changes"> + <properties> + <help>Log adjacency state changes</help> + </properties> + <children> + <leafNode name="detail"> + <properties> + <help>Log all state changes</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/metric-type.xml.i b/interface-definitions/include/ospf/metric-type.xml.i new file mode 100644 index 0000000..de55c76 --- /dev/null +++ b/interface-definitions/include/ospf/metric-type.xml.i @@ -0,0 +1,15 @@ +<!-- include start from ospf/metric-type.xml.i --> +<leafNode name="metric-type"> + <properties> + <help>OSPF metric type for default routes</help> + <valueHelp> + <format>u32:1-2</format> + <description>Set OSPF External Type 1/2 metrics</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2"/> + </constraint> + </properties> + <defaultValue>2</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospf/metric.xml.i b/interface-definitions/include/ospf/metric.xml.i new file mode 100644 index 0000000..64b455b --- /dev/null +++ b/interface-definitions/include/ospf/metric.xml.i @@ -0,0 +1,14 @@ +<!-- include start from ospf/metric.xml.i --> +<leafNode name="metric"> + <properties> + <help>OSPF default metric</help> + <valueHelp> + <format>u32:0-16777214</format> + <description>Default metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777214"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i new file mode 100644 index 0000000..c4778e1 --- /dev/null +++ b/interface-definitions/include/ospf/protocol-common-config.xml.i @@ -0,0 +1,959 @@ +<!-- include start from ospf/protocol-common-config.xml.i --> +<node name="aggregation"> + <properties> + <help>External route aggregation</help> + </properties> + <children> + <leafNode name="timer"> + <properties> + <help>Delay timer</help> + <valueHelp> + <format>u32:5-1800</format> + <description>Timer interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-1800"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + </children> +</node> +<tagNode name="access-list"> + <properties> + <help>Access list to filter networks in routing updates</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format>u32</format> + <description>Access-list number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Filter for outgoing routing update</help> + <completionHelp> + <list>bgp connected kernel rip static</list> + </completionHelp> + <valueHelp> + <format>bgp</format> + <description>Filter BGP routes</description> + </valueHelp> + <valueHelp> + <format>connected</format> + <description>Filter connected routes</description> + </valueHelp> + <valueHelp> + <format>isis</format> + <description>Filter IS-IS routes</description> + </valueHelp> + <valueHelp> + <format>kernel</format> + <description>Filter Kernel routes</description> + </valueHelp> + <valueHelp> + <format>rip</format> + <description>Filter RIP routes</description> + </valueHelp> + <valueHelp> + <format>static</format> + <description>Filter static routes</description> + </valueHelp> + <constraint> + <regex>(bgp|connected|isis|kernel|rip|static)</regex> + </constraint> + <constraintErrorMessage>Must be bgp, connected, kernel, rip, or static</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> +</tagNode> +<tagNode name="area"> + <properties> + <help>OSPF area settings</help> + <valueHelp> + <format>u32</format> + <description>OSPF area number in decimal notation</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>OSPF area number in dotted decimal notation</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + <node name="area-type"> + <properties> + <help>Area type</help> + </properties> + <children> + <leafNode name="normal"> + <properties> + <help>Normal OSPF area</help> + <valueless/> + </properties> + </leafNode> + <node name="nssa"> + <properties> + <help>Not-So-Stubby OSPF area</help> + </properties> + <children> + <leafNode name="default-cost"> + <properties> + <help>Summary-default cost of an NSSA area</help> + <valueHelp> + <format>u32:0-16777215</format> + <description>Summary default cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + <leafNode name="no-summary"> + <properties> + <help>Do not inject inter-area routes into stub</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="translate"> + <properties> + <help>Configure NSSA-ABR</help> + <completionHelp> + <list>always candidate never</list> + </completionHelp> + <valueHelp> + <format>always</format> + <description>Always translate LSA types</description> + </valueHelp> + <valueHelp> + <format>candidate</format> + <description>Translate for election</description> + </valueHelp> + <valueHelp> + <format>never</format> + <description>Never translate LSA types</description> + </valueHelp> + <constraint> + <regex>(always|candidate|never)</regex> + </constraint> + </properties> + <defaultValue>candidate</defaultValue> + </leafNode> + </children> + </node> + <node name="stub"> + <properties> + <help>Stub OSPF area</help> + </properties> + <children> + <leafNode name="default-cost"> + <properties> + <help>Summary-default cost</help> + <valueHelp> + <format>u32:0-16777215</format> + <description>Summary default cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + <leafNode name="no-summary"> + <properties> + <help>Do not inject inter-area routes into the stub</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="authentication"> + <properties> + <help>OSPF area authentication type</help> + <completionHelp> + <list>plaintext-password md5</list> + </completionHelp> + <valueHelp> + <format>plaintext-password</format> + <description>Use plain-text authentication</description> + </valueHelp> + <valueHelp> + <format>md5</format> + <description>Use MD5 authentication</description> + </valueHelp> + <constraint> + <regex>(plaintext-password|md5)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="network"> + <properties> + <help>OSPF network</help> + <valueHelp> + <format>ipv4net</format> + <description>OSPF network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="range"> + <properties> + <help>Summarize routes matching a prefix (border routers only)</help> + <valueHelp> + <format>ipv4net</format> + <description>Area range prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="cost"> + <properties> + <help>Metric for this range</help> + <valueHelp> + <format>u32:0-16777215</format> + <description>Metric for this range</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + <leafNode name="not-advertise"> + <properties> + <help>Do not advertise this range</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="substitute"> + <properties> + <help>Advertise area range as another prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Advertise area range as another prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="shortcut"> + <properties> + <help>Area shortcut mode</help> + <completionHelp> + <list>default disable enable</list> + </completionHelp> + <valueHelp> + <format>default</format> + <description>Set default</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable shortcutting mode</description> + </valueHelp> + <valueHelp> + <format>enable</format> + <description>Enable shortcutting mode</description> + </valueHelp> + <constraint> + <regex>(default|disable|enable)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="export-list"> + <properties> + <help>Set the filter for networks announced to other areas</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format>u32</format> + <description>Access-list number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import-list"> + <properties> + <help>Set the filter for networks from other areas announced</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format>u32</format> + <description>Access-list number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <tagNode name="virtual-link"> + <properties> + <help>Virtual link</help> + <valueHelp> + <format>ipv4</format> + <description>OSPF area in dotted decimal notation</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + #include <include/ospf/authentication.xml.i> + #include <include/ospf/intervals.xml.i> + </children> + </tagNode> + </children> +</tagNode> +#include <include/ospf/auto-cost.xml.i> +<node name="capability"> + <properties> + <help>Enable specific OSPF features</help> + </properties> + <children> + <leafNode name="opaque"> + <properties> + <help>Opaque LSA</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +#include <include/ospf/default-information.xml.i> +<leafNode name="default-metric"> + <properties> + <help>Metric of redistributed routes</help> + <valueHelp> + <format>u32:0-16777214</format> + <description>Metric of redistributed routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777214"/> + </constraint> + </properties> +</leafNode> +#include <include/ospf/graceful-restart.xml.i> +<node name="graceful-restart"> + <children> + <node name="helper"> + <children> + <leafNode name="no-strict-lsa-checking"> + <properties> + <help>Disable strict LSA check</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<leafNode name="maximum-paths"> + <properties> + <help>Maximum multiple paths (ECMP)</help> + <valueHelp> + <format>u32:1-64</format> + <description>Maximum multiple paths (ECMP)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-64"/> + </constraint> + </properties> +</leafNode> +#include <include/isis/ldp-sync-protocol.xml.i> +<node name="distance"> + <properties> + <help>Administrative distance</help> + </properties> + <children> + #include <include/ospf/distance-global.xml.i> + <node name="ospf"> + <properties> + <help>OSPF administrative distance</help> + </properties> + <children> + #include <include/ospf/distance-per-protocol.xml.i> + </children> + </node> + </children> +</node> +<tagNode name="interface"> + <properties> + <help>Interface configuration</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <leafNode name="area"> + <properties> + <help>Enable OSPF on this interface</help> + <completionHelp> + <path>protocols ospf area</path> + </completionHelp> + <valueHelp> + <format>u32</format> + <description>OSPF area ID as decimal notation</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>OSPF area ID in IP address notation</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + #include <include/ospf/authentication.xml.i> + #include <include/ospf/intervals.xml.i> + #include <include/ospf/interface-common.xml.i> + #include <include/isis/ldp-sync-interface.xml.i> + <leafNode name="bandwidth"> + <properties> + <help>Interface bandwidth (Mbit/s)</help> + <valueHelp> + <format>u32:1-100000</format> + <description>Bandwidth in Megabit/sec (for calculating OSPF cost)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-100000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="hello-multiplier"> + <properties> + <help>Hello multiplier factor</help> + <valueHelp> + <format>u32:1-10</format> + <description>Number of Hellos to send each second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + <leafNode name="network"> + <properties> + <help>Network type</help> + <completionHelp> + <list>broadcast non-broadcast point-to-multipoint point-to-point</list> + </completionHelp> + <valueHelp> + <format>broadcast</format> + <description>Broadcast network type</description> + </valueHelp> + <valueHelp> + <format>non-broadcast</format> + <description>Non-broadcast network type</description> + </valueHelp> + <valueHelp> + <format>point-to-multipoint</format> + <description>Point-to-multipoint network type</description> + </valueHelp> + <valueHelp> + <format>point-to-point</format> + <description>Point-to-point network type</description> + </valueHelp> + <constraint> + <regex>(broadcast|non-broadcast|point-to-multipoint|point-to-point)</regex> + </constraint> + <constraintErrorMessage>Must be broadcast, non-broadcast, point-to-multipoint or point-to-point</constraintErrorMessage> + </properties> + </leafNode> + <node name="passive"> + <properties> + <help>Suppress routing updates on an interface</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + </children> + </node> + </children> +</tagNode> +#include <include/ospf/log-adjacency-changes.xml.i> +<node name="max-metric"> + <properties> + <help>OSPF maximum and infinite-distance metric</help> + </properties> + <children> + <node name="router-lsa"> + <properties> + <help>Advertise own Router-LSA with infinite distance (stub router)</help> + </properties> + <children> + <leafNode name="administrative"> + <properties> + <help>Administratively apply, for an indefinite period</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="on-shutdown"> + <properties> + <help>Advertise stub-router prior to full shutdown of OSPF</help> + <valueHelp> + <format>u32:5-100</format> + <description>Time (seconds) to advertise self as stub-router</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-100"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-startup"> + <properties> + <help>Automatically advertise stub Router-LSA on startup of OSPF</help> + <valueHelp> + <format>u32:5-86400</format> + <description>Time (seconds) to advertise self as stub-router</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-86400"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<node name="mpls-te"> + <properties> + <help>MultiProtocol Label Switching-Traffic Engineering (MPLS-TE) parameters</help> + </properties> + <children> + <leafNode name="enable"> + <properties> + <help>Enable MPLS-TE functionality</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="router-address"> + <properties> + <help>Stable IP address of the advertising router</help> + <valueHelp> + <format>ipv4</format> + <description>Stable IP address of the advertising router</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <defaultValue>0.0.0.0</defaultValue> + </leafNode> + </children> +</node> +<tagNode name="neighbor"> + <properties> + <help>Specify neighbor router</help> + <valueHelp> + <format>ipv4</format> + <description>Neighbor IP address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="poll-interval"> + <properties> + <help>Dead neighbor polling interval</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Seconds between dead neighbor polling interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Neighbor priority in seconds</help> + <valueHelp> + <format>u32:0-255</format> + <description>Neighbor priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + </children> +</tagNode> +<node name="parameters"> + <properties> + <help>OSPF specific parameters</help> + </properties> + <children> + <leafNode name="abr-type"> + <properties> + <help>OSPF ABR type</help> + <completionHelp> + <list>cisco ibm shortcut standard</list> + </completionHelp> + <valueHelp> + <format>cisco</format> + <description>Cisco ABR type</description> + </valueHelp> + <valueHelp> + <format>ibm</format> + <description>IBM ABR type</description> + </valueHelp> + <valueHelp> + <format>shortcut</format> + <description>Shortcut ABR type</description> + </valueHelp> + <valueHelp> + <format>standard</format> + <description>Standard ABR type</description> + </valueHelp> + <constraint> + <regex>(cisco|ibm|shortcut|standard)</regex> + </constraint> + </properties> + <defaultValue>cisco</defaultValue> + </leafNode> + <leafNode name="opaque-lsa"> + <properties> + <help>Enable the Opaque-LSA capability (rfc2370)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="rfc1583-compatibility"> + <properties> + <help>Enable RFC1583 criteria for handling AS external routes</help> + <valueless/> + </properties> + </leafNode> + #include <include/router-id.xml.i> + </children> +</node> +<leafNode name="passive-interface"> + <properties> + <help>Suppress routing updates on an interface</help> + <completionHelp> + <list>default</list> + </completionHelp> + <valueHelp> + <format>default</format> + <description>Default to suppress routing updates on all interfaces</description> + </valueHelp> + <constraint> + <regex>(default)</regex> + </constraint> + </properties> +</leafNode> +<node name="segment-routing"> + <properties> + <help>Segment-Routing (SPRING) settings</help> + </properties> + <children> + <node name="global-block"> + <properties> + <help>Segment Routing Global Block label range</help> + </properties> + <children> + #include <include/segment-routing-label-value.xml.i> + </children> + </node> + <node name="local-block"> + <properties> + <help>Segment Routing Local Block label range</help> + </properties> + <children> + #include <include/segment-routing-label-value.xml.i> + </children> + </node> + <leafNode name="maximum-label-depth"> + <properties> + <help>Maximum MPLS labels allowed for this router</help> + <valueHelp> + <format>u32:1-16</format> + <description>MPLS label depth</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Static IPv4 prefix segment/label mapping</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix segment</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <node name="index"> + <properties> + <help>Specify the index value of prefix segment/label ID</help> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Specify the index value of prefix segment/label ID</help> + <valueHelp> + <format>u32:0-65535</format> + <description>The index segment/label ID value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="explicit-null"> + <properties> + <help>Request upstream neighbor to replace segment/label with explicit null label</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-php-flag"> + <properties> + <help>Do not request penultimate hop popping for segment/label</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> +</node> +<node name="redistribute"> + <properties> + <help>Redistribute information from another routing protocol</help> + </properties> + <children> + <node name="bgp"> + <properties> + <help>Redistribute BGP routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="connected"> + <properties> + <help>Redistribute connected routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="isis"> + <properties> + <help>Redistribute IS-IS routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute Kernel routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="rip"> + <properties> + <help>Redistribute RIP routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute statically configured routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <tagNode name="table"> + <properties> + <help>Redistribute non-main Kernel Routing Table</help> + <completionHelp> + <path>protocols static table</path> + </completionHelp> + <valueHelp> + <format>u32:1-200</format> + <description>Policy route table number</description> + </valueHelp> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </tagNode> + </children> +</node> +<node name="refresh"> + <properties> + <help>Adjust refresh parameters</help> + </properties> + <children> + <leafNode name="timers"> + <properties> + <help>Refresh timer</help> + <valueHelp> + <format>u32:10-1800</format> + <description>Timer value in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-1800"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<tagNode name="summary-address"> + <properties> + <help>External summary address</help> + <valueHelp> + <format>ipv4net</format> + <description>OSPF area number in dotted decimal notation</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="no-advertise"> + <properties> + <help>Don not advertise summary route</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="tag"> + <properties> + <help>Router tag</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Router tag value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<node name="timers"> + <properties> + <help>Adjust routing timers</help> + </properties> + <children> + <node name="throttle"> + <properties> + <help>Throttling adaptive timers</help> + </properties> + <children> + <node name="spf"> + <properties> + <help>OSPF SPF timers</help> + </properties> + <children> + <leafNode name="delay"> + <properties> + <help>Delay from the first change received to SPF calculation</help> + <valueHelp> + <format>u32:0-600000</format> + <description>Delay in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600000"/> + </constraint> + </properties> + <defaultValue>200</defaultValue> + </leafNode> + <leafNode name="initial-holdtime"> + <properties> + <help>Initial hold time between consecutive SPF calculations</help> + <valueHelp> + <format>u32:0-600000</format> + <description>Initial hold time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600000"/> + </constraint> + </properties> + <defaultValue>1000</defaultValue> + </leafNode> + <leafNode name="max-holdtime"> + <properties> + <help>Maximum hold time</help> + <valueHelp> + <format>u32:0-600000</format> + <description>Max hold time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600000"/> + </constraint> + </properties> + <defaultValue>10000</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospfv3/no-summary.xml.i b/interface-definitions/include/ospfv3/no-summary.xml.i new file mode 100644 index 0000000..a6afda3 --- /dev/null +++ b/interface-definitions/include/ospfv3/no-summary.xml.i @@ -0,0 +1,8 @@ +<!-- include start from ospfv3/no-summary.xml.i --> +<leafNode name="no-summary"> + <properties> + <help>Do not inject inter-area routes into the stub</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i new file mode 100644 index 0000000..72fb86d --- /dev/null +++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i @@ -0,0 +1,296 @@ +<!-- include start from ospfv3/protocol-common-config.xml.i --> +<tagNode name="area"> + <properties> + <help>OSPFv3 Area</help> + <valueHelp> + <format>u32</format> + <description>Area ID as a decimal value</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>Area ID in IP address forma</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + <node name="area-type"> + <properties> + <help>OSPFv3 Area type</help> + </properties> + <children> + <node name="nssa"> + <properties> + <help>NSSA OSPFv3 area</help> + </properties> + <children> + <leafNode name="default-information-originate"> + <properties> + <help>Originate Type 7 default into NSSA area</help> + <valueless/> + </properties> + </leafNode> + #include <include/ospfv3/no-summary.xml.i> + </children> + </node> + <node name="stub"> + <properties> + <help>Stub OSPFv3 area</help> + </properties> + <children> + #include <include/ospfv3/no-summary.xml.i> + </children> + </node> + </children> + </node> + <leafNode name="export-list"> + <properties> + <help>Name of export-list</help> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import-list"> + <properties> + <help>Name of import-list</help> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="range"> + <properties> + <help>Specify IPv6 prefix (border routers only)</help> + <valueHelp> + <format>ipv6net</format> + <description>Specify IPv6 prefix (border routers only)</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="advertise"> + <properties> + <help>Advertise this range</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="not-advertise"> + <properties> + <help>Do not advertise this range</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</tagNode> +#include <include/ospf/auto-cost.xml.i> +#include <include/ospf/default-information.xml.i> +<node name="distance"> + <properties> + <help>Administrative distance</help> + </properties> + <children> + #include <include/ospf/distance-global.xml.i> + <node name="ospfv3"> + <properties> + <help>OSPFv3 administrative distance</help> + </properties> + <children> + #include <include/ospf/distance-per-protocol.xml.i> + </children> + </node> + </children> +</node> +#include <include/ospf/graceful-restart.xml.i> +<node name="graceful-restart"> + <children> + <node name="helper"> + <children> + <leafNode name="lsa-check-disable"> + <properties> + <help>Disable strict LSA check</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<tagNode name="interface"> + <properties> + <help>Enable routing on an IPv6 interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface used for routing information exchange</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <leafNode name="area"> + <properties> + <help>Enable OSPF on this interface</help> + <completionHelp> + <path>protocols ospfv3 area</path> + </completionHelp> + <valueHelp> + <format>u32</format> + <description>OSPF area ID as decimal notation</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>OSPF area ID in IP address notation</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + #include <include/ospf/intervals.xml.i> + #include <include/ospf/interface-common.xml.i> + <leafNode name="ifmtu"> + <properties> + <help>Interface MTU</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Interface MTU</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="instance-id"> + <properties> + <help>Instance ID</help> + <valueHelp> + <format>u32:0-255</format> + <description>Instance Id</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="network"> + <properties> + <help>Network type</help> + <completionHelp> + <list>broadcast point-to-point</list> + </completionHelp> + <valueHelp> + <format>broadcast</format> + <description>Broadcast network type</description> + </valueHelp> + <valueHelp> + <format>point-to-point</format> + <description>Point-to-point network type</description> + </valueHelp> + <constraint> + <regex>(broadcast|point-to-point)</regex> + </constraint> + <constraintErrorMessage>Must be broadcast or point-to-point</constraintErrorMessage> + </properties> + </leafNode> + #include <include/isis/passive.xml.i> + </children> +</tagNode> +#include <include/ospf/log-adjacency-changes.xml.i> +<node name="parameters"> + <properties> + <help>OSPFv3 specific parameters</help> + </properties> + <children> + #include <include/router-id.xml.i> + </children> +</node> +<node name="redistribute"> + <properties> + <help>Redistribute information from another routing protocol</help> + </properties> + <children> + <node name="babel"> + <properties> + <help>Redistribute Babel routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="bgp"> + <properties> + <help>Redistribute BGP routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="connected"> + <properties> + <help>Redistribute connected routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="isis"> + <properties> + <help>Redistribute IS-IS routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="ripng"> + <properties> + <help>Redistribute RIPNG routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/pim/bsm.xml.i b/interface-definitions/include/pim/bsm.xml.i new file mode 100644 index 0000000..cc2cf14 --- /dev/null +++ b/interface-definitions/include/pim/bsm.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/bsm.xml.i --> +<leafNode name="no-bsm"> + <properties> + <help>Do not process bootstrap messages</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="no-unicast-bsm"> + <properties> + <help>Do not process unicast bootstrap messages</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/dr-priority.xml.i b/interface-definitions/include/pim/dr-priority.xml.i new file mode 100644 index 0000000..e4b3067 --- /dev/null +++ b/interface-definitions/include/pim/dr-priority.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/dr-priority.xml.i --> +<leafNode name="dr-priority"> + <properties> + <help>Designated router election priority</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>DR Priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/hello.xml.i b/interface-definitions/include/pim/hello.xml.i new file mode 100644 index 0000000..0c7601b --- /dev/null +++ b/interface-definitions/include/pim/hello.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/hello.xml.i --> +<leafNode name="hello"> + <properties> + <help>Hello Interval</help> + <valueHelp> + <format>u32:1-180</format> + <description>Hello Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-180"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/join-prune-interval.xml.i b/interface-definitions/include/pim/join-prune-interval.xml.i new file mode 100644 index 0000000..882787d --- /dev/null +++ b/interface-definitions/include/pim/join-prune-interval.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pim/join-prune-interval.xml.i --> +<leafNode name="join-prune-interval"> + <properties> + <help>Join prune send interval</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/keep-alive-timer.xml.i b/interface-definitions/include/pim/keep-alive-timer.xml.i new file mode 100644 index 0000000..0dd27d6 --- /dev/null +++ b/interface-definitions/include/pim/keep-alive-timer.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/keep-alive-timer.xml.i --> +<leafNode name="keep-alive-timer"> + <properties> + <help>Keep alive Timer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Keep alive Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/packets.xml.i b/interface-definitions/include/pim/packets.xml.i new file mode 100644 index 0000000..1dc00c9 --- /dev/null +++ b/interface-definitions/include/pim/packets.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pim/packets.xml.i --> +<leafNode name="packets"> + <properties> + <help>Packets to process at once</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/passive.xml.i b/interface-definitions/include/pim/passive.xml.i new file mode 100644 index 0000000..e4e9ca0 --- /dev/null +++ b/interface-definitions/include/pim/passive.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pim/passive.xml.i --> +<leafNode name="passive"> + <properties> + <help>Disable sending and receiving PIM control packets on the interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/register-suppress-time.xml.i b/interface-definitions/include/pim/register-suppress-time.xml.i new file mode 100644 index 0000000..919945b --- /dev/null +++ b/interface-definitions/include/pim/register-suppress-time.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/register-suppress-time.xml.i --> +<leafNode name="register-suppress-time"> + <properties> + <help>Register suppress timer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/ca-certificate-multi.xml.i b/interface-definitions/include/pki/ca-certificate-multi.xml.i new file mode 100644 index 0000000..646131b --- /dev/null +++ b/interface-definitions/include/pki/ca-certificate-multi.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pki/ca-certificate-multi.xml.i --> +<leafNode name="ca-certificate"> + <properties> + <help>Certificate Authority chain in PKI configuration</help> + <completionHelp> + <path>pki ca</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of CA in PKI configuration</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/ca-certificate.xml.i b/interface-definitions/include/pki/ca-certificate.xml.i new file mode 100644 index 0000000..b32bb67 --- /dev/null +++ b/interface-definitions/include/pki/ca-certificate.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pki/ca-certificate.xml.i --> +<leafNode name="ca-certificate"> + <properties> + <help>Certificate Authority in PKI configuration</help> + <completionHelp> + <path>pki ca</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of CA in PKI configuration</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/certificate-key.xml.i b/interface-definitions/include/pki/certificate-key.xml.i new file mode 100644 index 0000000..7f26d25 --- /dev/null +++ b/interface-definitions/include/pki/certificate-key.xml.i @@ -0,0 +1,12 @@ +<!-- include start from pki/certificate-key.xml.i --> +#include <include/pki/certificate.xml.i> +<leafNode name="passphrase"> + <properties> + <help>Private key passphrase</help> + <valueHelp> + <format>txt</format> + <description>Passphrase to decrypt the private key</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/certificate-multi.xml.i b/interface-definitions/include/pki/certificate-multi.xml.i new file mode 100644 index 0000000..c49c5d9 --- /dev/null +++ b/interface-definitions/include/pki/certificate-multi.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pki/certificate-multi.xml.i --> +<leafNode name="certificate"> + <properties> + <help>Certificate in PKI configuration</help> + <completionHelp> + <path>pki certificate</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of certificate in PKI configuration</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/certificate.xml.i b/interface-definitions/include/pki/certificate.xml.i new file mode 100644 index 0000000..1ba70e0 --- /dev/null +++ b/interface-definitions/include/pki/certificate.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pki/certificate.xml.i --> +<leafNode name="certificate"> + <properties> + <help>Certificate in PKI configuration</help> + <completionHelp> + <path>pki certificate</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of certificate in PKI configuration</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-certificate-base64.xml.i b/interface-definitions/include/pki/cli-certificate-base64.xml.i new file mode 100644 index 0000000..a3eff79 --- /dev/null +++ b/interface-definitions/include/pki/cli-certificate-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/cli-certificate-base64.xml.i --> +<leafNode name="certificate"> + <properties> + <help>Certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-private-key-base64.xml.i b/interface-definitions/include/pki/cli-private-key-base64.xml.i new file mode 100644 index 0000000..f57e9b1 --- /dev/null +++ b/interface-definitions/include/pki/cli-private-key-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/cli-private-key-base64.xml.i --> +<leafNode name="key"> + <properties> + <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-public-key-base64.xml.i b/interface-definitions/include/pki/cli-public-key-base64.xml.i new file mode 100644 index 0000000..f7cffae --- /dev/null +++ b/interface-definitions/include/pki/cli-public-key-base64.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pki/cli-public-key-base64.xml.i --> +<leafNode name="key"> + <properties> + <help>Public key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/cli-revoke.xml.i b/interface-definitions/include/pki/cli-revoke.xml.i new file mode 100644 index 0000000..61cd978 --- /dev/null +++ b/interface-definitions/include/pki/cli-revoke.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pki/cli-revoke.xml.i --> +<leafNode name="revoke"> + <properties> + <help>Include certificate in parent CRL</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/dh-params.xml.i b/interface-definitions/include/pki/dh-params.xml.i new file mode 100644 index 0000000..a422df8 --- /dev/null +++ b/interface-definitions/include/pki/dh-params.xml.i @@ -0,0 +1,10 @@ +<!-- include start from pki/certificate-multi.xml.i --> +<leafNode name="dh-params"> + <properties> + <help>Diffie Hellman parameters (server only)</help> + <completionHelp> + <path>pki dh</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/openssh-key.xml.i b/interface-definitions/include/pki/openssh-key.xml.i new file mode 100644 index 0000000..8f005d0 --- /dev/null +++ b/interface-definitions/include/pki/openssh-key.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pki/openssh-key.xml.i --> +<leafNode name="key"> + <properties> + <help>OpenSSH key in PKI configuration</help> + <completionHelp> + <path>pki openssh</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of OpenSSH key in PKI configuration</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/password-protected.xml.i b/interface-definitions/include/pki/password-protected.xml.i new file mode 100644 index 0000000..b72e4ec --- /dev/null +++ b/interface-definitions/include/pki/password-protected.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pki/password-protected.xml.i --> +<leafNode name="password-protected"> + <properties> + <help>Private key portion is password protected</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/private-key.xml.i b/interface-definitions/include/pki/private-key.xml.i new file mode 100644 index 0000000..ae4e910 --- /dev/null +++ b/interface-definitions/include/pki/private-key.xml.i @@ -0,0 +1,30 @@ +<!-- include start from pki/private-key.xml.i --> +<node name="private"> + <properties> + <help>Private key</help> + </properties> + <children> + <leafNode name="key"> + <properties> + <help>Private key in PKI configuration</help> + <completionHelp> + <path>pki key-pair</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of private key in PKI configuration</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="passphrase"> + <properties> + <help>Private key passphrase</help> + <valueHelp> + <format>txt</format> + <description>Passphrase to decrypt the private key</description> + </valueHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/pki/public-key.xml.i b/interface-definitions/include/pki/public-key.xml.i new file mode 100644 index 0000000..3067bff --- /dev/null +++ b/interface-definitions/include/pki/public-key.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pki/public-key.xml.i --> +<leafNode name="public-key"> + <properties> + <help>Public key in PKI configuration</help> + <completionHelp> + <path>pki key-pair</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of public key in PKI configuration</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/action.xml.i b/interface-definitions/include/policy/action.xml.i new file mode 100644 index 0000000..5aa8655 --- /dev/null +++ b/interface-definitions/include/policy/action.xml.i @@ -0,0 +1,21 @@ +<!-- include start from policy/action.xml.i --> +<leafNode name="action"> + <properties> + <help>Action to take on entries matching this rule</help> + <completionHelp> + <list>permit deny</list> + </completionHelp> + <valueHelp> + <format>permit</format> + <description>Permit matching entries</description> + </valueHelp> + <valueHelp> + <format>deny</format> + <description>Deny matching entries</description> + </valueHelp> + <constraint> + <regex>(permit|deny)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/community-clear.xml.i b/interface-definitions/include/policy/community-clear.xml.i new file mode 100644 index 0000000..0fd57cd --- /dev/null +++ b/interface-definitions/include/policy/community-clear.xml.i @@ -0,0 +1,8 @@ +<!-- include start from policy/community-clear.xml.i --> +<leafNode name="none"> + <properties> + <help>Completely remove communities attribute from a prefix</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/community-value-list.xml.i b/interface-definitions/include/policy/community-value-list.xml.i new file mode 100644 index 0000000..8c665c5 --- /dev/null +++ b/interface-definitions/include/policy/community-value-list.xml.i @@ -0,0 +1,90 @@ +<!-- include start from policy/community-value-list.xml.i --> +<completionHelp> + <list> + local-as + no-advertise + no-export + internet + graceful-shutdown + accept-own + route-filter-translated-v4 + route-filter-v4 + route-filter-translated-v6 + route-filter-v6 + llgr-stale + no-llgr + accept-own-nexthop + blackhole + no-peer + </list> +</completionHelp> +<valueHelp> + <format><AS:VAL></format> + <description>Community number in <0-65535:0-65535> format</description> +</valueHelp> +<valueHelp> + <format>local-as</format> + <description>Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03</description> +</valueHelp> +<valueHelp> + <format>no-advertise</format> + <description>Well-known communities value NO_ADVERTISE 0xFFFFFF02</description> +</valueHelp> +<valueHelp> + <format>no-export</format> + <description>Well-known communities value NO_EXPORT 0xFFFFFF01</description> +</valueHelp> +<valueHelp> + <format>internet</format> + <description>Well-known communities value 0</description> +</valueHelp> +<valueHelp> + <format>graceful-shutdown</format> + <description>Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000</description> +</valueHelp> +<valueHelp> + <format>accept-own</format> + <description>Well-known communities value ACCEPT_OWN 0xFFFF0001</description> +</valueHelp> +<valueHelp> + <format>route-filter-translated-v4</format> + <description>Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002</description> +</valueHelp> +<valueHelp> + <format>route-filter-v4</format> + <description>Well-known communities value ROUTE_FILTER_v4 0xFFFF0003</description> +</valueHelp> +<valueHelp> + <format>route-filter-translated-v6</format> + <description>Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004</description> +</valueHelp> +<valueHelp> + <format>route-filter-v6</format> + <description>Well-known communities value ROUTE_FILTER_v6 0xFFFF0005</description> +</valueHelp> +<valueHelp> + <format>llgr-stale</format> + <description>Well-known communities value LLGR_STALE 0xFFFF0006</description> +</valueHelp> +<valueHelp> + <format>no-llgr</format> + <description>Well-known communities value NO_LLGR 0xFFFF0007</description> +</valueHelp> +<valueHelp> + <format>accept-own-nexthop</format> + <description>Well-known communities value accept-own-nexthop 0xFFFF0008</description> +</valueHelp> +<valueHelp> + <format>blackhole</format> + <description>Well-known communities value BLACKHOLE 0xFFFF029A</description> +</valueHelp> +<valueHelp> + <format>no-peer</format> + <description>Well-known communities value NOPEER 0xFFFFFF04</description> +</valueHelp> +<multi/> +<constraint> + <regex>local-as|no-advertise|no-export|internet|graceful-shutdown|accept-own|route-filter-translated-v4|route-filter-v4|route-filter-translated-v6|route-filter-v6|llgr-stale|no-llgr|accept-own-nexthop|blackhole|no-peer</regex> + <validator name="bgp-regular-community"/> +</constraint> + <!-- include end --> diff --git a/interface-definitions/include/policy/extended-community-value-list.xml.i b/interface-definitions/include/policy/extended-community-value-list.xml.i new file mode 100644 index 0000000..33a279b --- /dev/null +++ b/interface-definitions/include/policy/extended-community-value-list.xml.i @@ -0,0 +1,15 @@ +<!-- include start from policy/community-value-list.xml.i --> +<valueHelp> + <format>ASN:NN</format> + <description>based on autonomous system number in format <0-65535:0-4294967295></description> +</valueHelp> +<valueHelp> + <format>IP:NN</format> + <description>Based on a router-id IP address in format <IP:0-65535></description> +</valueHelp> +<constraint> + <validator name="bgp-extended-community"/> +</constraint> +<constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage> +<multi/> +<!-- include end --> diff --git a/interface-definitions/include/policy/host.xml.i b/interface-definitions/include/policy/host.xml.i new file mode 100644 index 0000000..ac017c6 --- /dev/null +++ b/interface-definitions/include/policy/host.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/host.xml.i --> +<leafNode name="host"> + <properties> + <help>Single host IP address to match</help> + <valueHelp> + <format>ipv4</format> + <description>Host address to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/inverse-mask.xml.i b/interface-definitions/include/policy/inverse-mask.xml.i new file mode 100644 index 0000000..cec69a8 --- /dev/null +++ b/interface-definitions/include/policy/inverse-mask.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/inverse-mask.xml.i --> +<leafNode name="inverse-mask"> + <properties> + <help>Network/netmask to match (requires network be defined)</help> + <valueHelp> + <format>ipv4</format> + <description>Inverse-mask to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/large-community-value-list.xml.i b/interface-definitions/include/policy/large-community-value-list.xml.i new file mode 100644 index 0000000..33b1f13 --- /dev/null +++ b/interface-definitions/include/policy/large-community-value-list.xml.i @@ -0,0 +1,10 @@ +<!-- include start from policy/community-value-list.xml.i --> +<valueHelp> + <description>Community in format <0-4294967295:0-4294967295:0-4294967295></description> + <format><GA:LDP1:LDP2></format> +</valueHelp> +<multi/> +<constraint> + <validator name="bgp-large-community"/> +</constraint> + <!-- include end --> diff --git a/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i new file mode 100644 index 0000000..ffe73ee --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i @@ -0,0 +1,20 @@ +<!-- include start from policy/local-route_rule_ipv4_address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv4 address or prefix</help> + <valueHelp> + <format>ipv4</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>Prefix to match against</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i new file mode 100644 index 0000000..d8fb6c0 --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i @@ -0,0 +1,20 @@ +<!-- include start from policy/local-route_rule_ipv6_address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv6 address or prefix</help> + <valueHelp> + <format>ipv6</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Prefix to match against</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/local-route_rule_protocol.xml.i b/interface-definitions/include/policy/local-route_rule_protocol.xml.i new file mode 100644 index 0000000..57582eb --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_protocol.xml.i @@ -0,0 +1,21 @@ +<!-- include start from policy/local-route_rule_protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name or number)</help> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + </completionHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format><protocol></format> + <description>IP protocol name</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/network.xml.i b/interface-definitions/include/policy/network.xml.i new file mode 100644 index 0000000..f2aea6b --- /dev/null +++ b/interface-definitions/include/policy/network.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/network.xml.i --> +<leafNode name="network"> + <properties> + <help>Network/netmask to match (requires inverse-mask be defined)</help> + <valueHelp> + <format>ipv4net</format> + <description>Inverse-mask to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/prefix-list.xml.i b/interface-definitions/include/policy/prefix-list.xml.i new file mode 100644 index 0000000..5d7980e --- /dev/null +++ b/interface-definitions/include/policy/prefix-list.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/prefix-list.xml.i --> +<leafNode name="prefix-list"> + <properties> + <help>Prefix-list to use</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply (IPv4)</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/prefix-list6.xml.i b/interface-definitions/include/policy/prefix-list6.xml.i new file mode 100644 index 0000000..101702f --- /dev/null +++ b/interface-definitions/include/policy/prefix-list6.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/prefix-list6.xml.i --> +<leafNode name="prefix-list6"> + <properties> + <help>Prefix-list to use</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply (IPv6)</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i new file mode 100644 index 0000000..19ffc05 --- /dev/null +++ b/interface-definitions/include/policy/route-common.xml.i @@ -0,0 +1,116 @@ +<!-- include start from policy/route-common.xml.i --> +#include <include/policy/route-rule-action.xml.i> +#include <include/generic-description.xml.i> +#include <include/firewall/firewall-mark.xml.i> +#include <include/generic-disable-node.xml.i> +#include <include/firewall/fragment.xml.i> +#include <include/firewall/match-ipsec.xml.i> +#include <include/firewall/limit.xml.i> +#include <include/firewall/log.xml.i> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol number</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> + <defaultValue>all</defaultValue> +</leafNode> +<node name="recent"> + <properties> + <help>Parameters for matching recently seen sources</help> + </properties> + <children> + <leafNode name="count"> + <properties> + <help>Source addresses seen more than N times</help> + <valueHelp> + <format>u32:1-255</format> + <description>Source addresses seen more than N times</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time"> + <properties> + <help>Source addresses seen in the last N seconds</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Source addresses seen in the last N seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +#include <include/firewall/set-packet-modifications.xml.i> +#include <include/firewall/state.xml.i> +#include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> +<node name="time"> + <properties> + <help>Time to match rule</help> + </properties> + <children> + <leafNode name="monthdays"> + <properties> + <help>Monthdays to match rule on</help> + </properties> + </leafNode> + <leafNode name="startdate"> + <properties> + <help>Date to start matching rule</help> + </properties> + </leafNode> + <leafNode name="starttime"> + <properties> + <help>Time of day to start matching rule</help> + </properties> + </leafNode> + <leafNode name="stopdate"> + <properties> + <help>Date to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="stoptime"> + <properties> + <help>Time of day to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="utc"> + <properties> + <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weekdays"> + <properties> + <help>Weekdays to match rule on</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-ipv4.xml.i b/interface-definitions/include/policy/route-ipv4.xml.i new file mode 100644 index 0000000..c12abca --- /dev/null +++ b/interface-definitions/include/policy/route-ipv4.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/route-ipv4.xml.i --> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + </children> +</node> +#include <include/firewall/icmp.xml.i> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-ipv6.xml.i b/interface-definitions/include/policy/route-ipv6.xml.i new file mode 100644 index 0000000..d636a65 --- /dev/null +++ b/interface-definitions/include/policy/route-ipv6.xml.i @@ -0,0 +1,196 @@ +<!-- include start from policy/route-ipv6.xml.i --> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + </children> +</node> +<node name="icmpv6"> + <properties> + <help>ICMPv6 type and code information</help> + </properties> + <children> + <leafNode name="type"> + <properties> + <help>ICMP type-name</help> + <completionHelp> + <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply packet-too-big</list> + </completionHelp> + <valueHelp> + <format>any</format> + <description>Any ICMP type/code</description> + </valueHelp> + <valueHelp> + <format>echo-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>pong</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>destination-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>protocol-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>port-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>fragmentation-needed</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>source-route-failed</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-unknown</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-unknown</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-network-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-host-unreachable</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>communication-prohibited</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-precedence-violation</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>precedence-cutoff</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>source-quench</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>network-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>host-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS-network-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>TOS host-redirect</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>echo-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ping</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>router-advertisement</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>router-solicitation</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>time-exceeded</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-exceeded</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-zero-during-transit</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ttl-zero-during-reassembly</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>parameter-problem</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>ip-header-bad</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>required-option-missing</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>timestamp-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>timestamp-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>address-mask-request</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>address-mask-reply</format> + <description>ICMP type/code name</description> + </valueHelp> + <valueHelp> + <format>packet-too-big</format> + <description>ICMP type/code name</description> + </valueHelp> + <constraint> + <regex>(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)</regex> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-rule-action.xml.i b/interface-definitions/include/policy/route-rule-action.xml.i new file mode 100644 index 0000000..c2698db --- /dev/null +++ b/interface-definitions/include/policy/route-rule-action.xml.i @@ -0,0 +1,29 @@ +<!-- include start from policy/route-rule-action.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept reject return drop</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <constraint> + <regex>(accept|reject|return|drop)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/tag.xml.i b/interface-definitions/include/policy/tag.xml.i new file mode 100644 index 0000000..ec25b93 --- /dev/null +++ b/interface-definitions/include/policy/tag.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/tag.xml.i --> +<leafNode name="tag"> + <properties> + <help>Route tag value</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Route tag</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/port-number-start-zero.xml.i b/interface-definitions/include/port-number-start-zero.xml.i new file mode 100644 index 0000000..04a1442 --- /dev/null +++ b/interface-definitions/include/port-number-start-zero.xml.i @@ -0,0 +1,15 @@ +<!-- include start from port-number-start-zero.xml.i --> +<leafNode name="port"> + <properties> + <help>Port number used by connection</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + <constraintErrorMessage>Port number must be in range 0 to 65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/port-number.xml.i b/interface-definitions/include/port-number.xml.i new file mode 100644 index 0000000..6820df0 --- /dev/null +++ b/interface-definitions/include/port-number.xml.i @@ -0,0 +1,15 @@ +<!-- include start from port-number.xml.i --> +<leafNode name="port"> + <properties> + <help>Port number used by connection</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/port-port-range.xml.i b/interface-definitions/include/port-port-range.xml.i new file mode 100644 index 0000000..ce550f5 --- /dev/null +++ b/interface-definitions/include/port-port-range.xml.i @@ -0,0 +1,26 @@ +<!-- include start from port-port-range.xml.i --> +<leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>txt</format> + <description>Named port (any name in /etc/services, e.g., http)</description> + </valueHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>Numbered port range (e.g. 1001-1005)</description> + </valueHelp> + <valueHelp> + <format/> + <description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description> + </valueHelp> + <constraint> + <validator name="port-multi"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pppoe-access-concentrator.xml.i b/interface-definitions/include/pppoe-access-concentrator.xml.i new file mode 100644 index 0000000..8a75dae --- /dev/null +++ b/interface-definitions/include/pppoe-access-concentrator.xml.i @@ -0,0 +1,11 @@ +<!-- include start from pppoe-access-concentrator.xml.i --> +<leafNode name="access-concentrator"> + <properties> + <help>Access concentrator name</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Access-concentrator name can only contain alpha-numeric letters, hyphen and underscores(max. 100 characters)</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/protocol-tcp-udp.xml.i b/interface-definitions/include/protocol-tcp-udp.xml.i new file mode 100644 index 0000000..c186c02 --- /dev/null +++ b/interface-definitions/include/protocol-tcp-udp.xml.i @@ -0,0 +1,22 @@ +<!-- include start from snmp/protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to be used (TCP/UDP)</help> + <completionHelp> + <list>udp tcp</list> + </completionHelp> + <valueHelp> + <format>udp</format> + <description>Listen protocol UDP</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>Listen protocol TCP</description> + </valueHelp> + <constraint> + <regex>(udp|tcp)</regex> + </constraint> + </properties> + <defaultValue>udp</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/bandwidth-auto.xml.i b/interface-definitions/include/qos/bandwidth-auto.xml.i new file mode 100644 index 0000000..fa16a6c --- /dev/null +++ b/interface-definitions/include/qos/bandwidth-auto.xml.i @@ -0,0 +1,47 @@ +<!-- include start from qos/bandwidth-auto.xml.i --> +<leafNode name="bandwidth"> + <properties> + <help>Available bandwidth for this policy</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Bandwidth matches interface speed</description> + </valueHelp> + <valueHelp> + <format><number></format> + <description>Bits per second</description> + </valueHelp> + <valueHelp> + <format><number>bit</format> + <description>Bits per second</description> + </valueHelp> + <valueHelp> + <format><number>kbit</format> + <description>Kilobits per second</description> + </valueHelp> + <valueHelp> + <format><number>mbit</format> + <description>Megabits per second</description> + </valueHelp> + <valueHelp> + <format><number>gbit</format> + <description>Gigabits per second</description> + </valueHelp> + <valueHelp> + <format><number>tbit</format> + <description>Terabits per second</description> + </valueHelp> + <valueHelp> + <format><number>%%</format> + <description>Percentage of interface link speed</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--positive"/> + <regex>(auto|\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%)</regex> + </constraint> + </properties> + <defaultValue>auto</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/bandwidth.xml.i b/interface-definitions/include/qos/bandwidth.xml.i new file mode 100644 index 0000000..0e29b64 --- /dev/null +++ b/interface-definitions/include/qos/bandwidth.xml.i @@ -0,0 +1,39 @@ +<!-- include start from qos/bandwidth.xml.i --> +<leafNode name="bandwidth"> + <properties> + <help>Available bandwidth for this policy</help> + <valueHelp> + <format><number></format> + <description>Bits per second</description> + </valueHelp> + <valueHelp> + <format><number>bit</format> + <description>Bits per second</description> + </valueHelp> + <valueHelp> + <format><number>kbit</format> + <description>Kilobits per second</description> + </valueHelp> + <valueHelp> + <format><number>mbit</format> + <description>Megabits per second</description> + </valueHelp> + <valueHelp> + <format><number>gbit</format> + <description>Gigabits per second</description> + </valueHelp> + <valueHelp> + <format><number>tbit</format> + <description>Terabits per second</description> + </valueHelp> + <valueHelp> + <format><number>%%</format> + <description>Percentage of interface link speed</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--positive"/> + <regex>(\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/burst.xml.i b/interface-definitions/include/qos/burst.xml.i new file mode 100644 index 0000000..7616180 --- /dev/null +++ b/interface-definitions/include/qos/burst.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/burst.xml.i --> +<leafNode name="burst"> + <properties> + <help>Burst size for this class</help> + <valueHelp> + <format><number></format> + <description>Bytes</description> + </valueHelp> + <valueHelp> + <format><number><suffix></format> + <description>Bytes with scaling suffix (kb, mb, gb)</description> + </valueHelp> + </properties> + <defaultValue>15k</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-group.xml.i b/interface-definitions/include/qos/class-match-group.xml.i new file mode 100644 index 0000000..40e3b72 --- /dev/null +++ b/interface-definitions/include/qos/class-match-group.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/class-match-group.xml.i --> +<leafNode name="match-group"> + <properties> + <help>Filter group for QoS policy</help> + <valueHelp> + <format>txt</format> + <description>Match group name</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/qos/list_traffic_match_group.py</script> + </completionHelp> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv4-address.xml.i b/interface-definitions/include/qos/class-match-ipv4-address.xml.i new file mode 100644 index 0000000..8e84c98 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv4-address.xml.i @@ -0,0 +1,19 @@ +<!-- include start from qos/class-match-ipv4-address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv4 destination address for this match</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv4.xml.i b/interface-definitions/include/qos/class-match-ipv4.xml.i new file mode 100644 index 0000000..dc44d32 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv4.xml.i @@ -0,0 +1,31 @@ +<!-- include start from qos/class-match-ipv4.xml.i --> +<node name="ip"> + <properties> + <help>Match IP protocol header</help> + </properties> + <children> + <node name="destination"> + <properties> + <help>Match on destination port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv4-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/match-dscp.xml.i> + #include <include/qos/max-length.xml.i> + #include <include/ip-protocol.xml.i> + <node name="source"> + <properties> + <help>Match on source port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv4-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/tcp-flags.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv6-address.xml.i b/interface-definitions/include/qos/class-match-ipv6-address.xml.i new file mode 100644 index 0000000..fd73881 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv6-address.xml.i @@ -0,0 +1,14 @@ +<!-- include start from qos/class-match-ipv6-address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv6 destination address for this match</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv6.xml.i b/interface-definitions/include/qos/class-match-ipv6.xml.i new file mode 100644 index 0000000..ed7acef --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv6.xml.i @@ -0,0 +1,31 @@ +<!-- include start from qos/class-match-ipv6.xml.i --> +<node name="ipv6"> + <properties> + <help>Match IPv6 protocol header</help> + </properties> + <children> + <node name="destination"> + <properties> + <help>Match on destination port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv6-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/match-dscp.xml.i> + #include <include/qos/max-length.xml.i> + #include <include/ip-protocol.xml.i> + <node name="source"> + <properties> + <help>Match on source port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv6-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/tcp-flags.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-mark.xml.i b/interface-definitions/include/qos/class-match-mark.xml.i new file mode 100644 index 0000000..a7481c6 --- /dev/null +++ b/interface-definitions/include/qos/class-match-mark.xml.i @@ -0,0 +1,14 @@ +<!-- include start from qos/class-match-mark.xml.i --> +<leafNode name="mark"> + <properties> + <help>Match on mark applied by firewall</help> + <valueHelp> + <format>u32</format> + <description>FW mark to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-vif.xml.i b/interface-definitions/include/qos/class-match-vif.xml.i new file mode 100644 index 0000000..ec58db6 --- /dev/null +++ b/interface-definitions/include/qos/class-match-vif.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/class-match-vif.xml.i --> +<leafNode name="vif"> + <properties> + <help>Virtual Local Area Network (VLAN) ID for this match</help> + <valueHelp> + <format>u32:0-4095</format> + <description>Virtual Local Area Network (VLAN) tag </description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4095"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4095</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match.xml.i b/interface-definitions/include/qos/class-match.xml.i new file mode 100644 index 0000000..77d1933 --- /dev/null +++ b/interface-definitions/include/qos/class-match.xml.i @@ -0,0 +1,98 @@ +<!-- include start from qos/class-match.xml.i --> +<tagNode name="match"> + <properties> + <help>Class matching rule name</help> + <constraint> + <regex>[^-].*</regex> + </constraint> + <constraintErrorMessage>Match queue name cannot start with hyphen</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + <node name="ether"> + <properties> + <help>Ethernet header match</help> + </properties> + <children> + <leafNode name="destination"> + <properties> + <help>Ethernet destination address for this match</help> + <valueHelp> + <format>macaddr</format> + <description>MAC address to match</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="protocol"> + <properties> + <help>Ethernet protocol for this match</help> + <!-- this refers to /etc/protocols --> + <completionHelp> + <list>all 802.1Q 802_2 802_3 aarp aoe arp atalk dec ip ipv6 ipx lat localtalk rarp snap x25</list> + </completionHelp> + <valueHelp> + <format>u32:0-65535</format> + <description>Ethernet protocol number</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Ethernet protocol name</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Any protocol</description> + </valueHelp> + <valueHelp> + <format>ip</format> + <description>Internet IP (IPv4)</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Internet IP (IPv6)</description> + </valueHelp> + <valueHelp> + <format>arp</format> + <description>Address Resolution Protocol</description> + </valueHelp> + <valueHelp> + <format>atalk</format> + <description>Appletalk</description> + </valueHelp> + <valueHelp> + <format>ipx</format> + <description>Novell Internet Packet Exchange</description> + </valueHelp> + <valueHelp> + <format>802.1Q</format> + <description>802.1Q VLAN tag</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> + </leafNode> + <leafNode name="source"> + <properties> + <help>Ethernet source address for this match</help> + <valueHelp> + <format>macaddr</format> + <description>MAC address to match</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + #include <include/generic-interface.xml.i> + #include <include/qos/class-match-ipv4.xml.i> + #include <include/qos/class-match-ipv6.xml.i> + #include <include/qos/class-match-mark.xml.i> + #include <include/qos/class-match-vif.xml.i> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-police-exceed.xml.i b/interface-definitions/include/qos/class-police-exceed.xml.i new file mode 100644 index 0000000..ee2ce16 --- /dev/null +++ b/interface-definitions/include/qos/class-police-exceed.xml.i @@ -0,0 +1,66 @@ +<!-- include start from qos/police.xml.i --> +<leafNode name="exceed"> + <properties> + <help>Default action for packets exceeding the limiter</help> + <completionHelp> + <list>continue drop ok reclassify pipe</list> + </completionHelp> + <valueHelp> + <format>continue</format> + <description>Do not do anything, just continue with the next action in line</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop the packet immediately</description> + </valueHelp> + <valueHelp> + <format>ok</format> + <description>Accept the packet</description> + </valueHelp> + <valueHelp> + <format>reclassify</format> + <description>Treat the packet as non-matching to the filter this action is attached to and continue with the next filter in line (if any)</description> + </valueHelp> + <valueHelp> + <format>pipe</format> + <description>Pass the packet to the next action in line</description> + </valueHelp> + <constraint> + <regex>(continue|drop|ok|reclassify|pipe)</regex> + </constraint> + </properties> + <defaultValue>drop</defaultValue> +</leafNode> +<leafNode name="not-exceed"> + <properties> + <help>Default action for packets not exceeding the limiter</help> + <completionHelp> + <list>continue drop ok reclassify pipe</list> + </completionHelp> + <valueHelp> + <format>continue</format> + <description>Do not do anything, just continue with the next action in line</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop the packet immediately</description> + </valueHelp> + <valueHelp> + <format>ok</format> + <description>Accept the packet</description> + </valueHelp> + <valueHelp> + <format>reclassify</format> + <description>Treat the packet as non-matching to the filter this action is attached to and continue with the next filter in line (if any)</description> + </valueHelp> + <valueHelp> + <format>pipe</format> + <description>Pass the packet to the next action in line</description> + </valueHelp> + <constraint> + <regex>(continue|drop|ok|reclassify|pipe)</regex> + </constraint> + </properties> + <defaultValue>ok</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-priority.xml.i b/interface-definitions/include/qos/class-priority.xml.i new file mode 100644 index 0000000..3fd848c --- /dev/null +++ b/interface-definitions/include/qos/class-priority.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/class-priority.xml.i --> +<leafNode name="priority"> + <properties> + <help>Priority for rule evaluation</help> + <valueHelp> + <format>u32:0-20</format> + <description>Priority for match rule evaluation</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-20"/> + </constraint> + <constraintErrorMessage>Priority must be between 0 and 20</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/codel-quantum.xml.i b/interface-definitions/include/qos/codel-quantum.xml.i new file mode 100644 index 0000000..bc24630 --- /dev/null +++ b/interface-definitions/include/qos/codel-quantum.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/codel-quantum.xml.i --> +<leafNode name="codel-quantum"> + <properties> + <help>Deficit in the fair queuing algorithm</help> + <valueHelp> + <format>u32:0-1048576</format> + <description>Number of bytes used as 'deficit'</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-1048576"/> + </constraint> + <constraintErrorMessage>Interval must be in range 0 to 1048576</constraintErrorMessage> + </properties> + <defaultValue>1514</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/flows.xml.i b/interface-definitions/include/qos/flows.xml.i new file mode 100644 index 0000000..a7d7c64 --- /dev/null +++ b/interface-definitions/include/qos/flows.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/flows.xml.i --> +<leafNode name="flows"> + <properties> + <help>Number of flows into which the incoming packets are classified</help> + <valueHelp> + <format>u32:1-65536</format> + <description>Number of flows</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65536"/> + </constraint> + <constraintErrorMessage>Interval must be in range 1 to 65536</constraintErrorMessage> + </properties> + <defaultValue>1024</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-d.xml.i b/interface-definitions/include/qos/hfsc-d.xml.i new file mode 100644 index 0000000..2a51350 --- /dev/null +++ b/interface-definitions/include/qos/hfsc-d.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/hfsc-d.xml.i --> +<leafNode name="d"> + <properties> + <help>Service curve delay</help> + <valueHelp> + <format><number></format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + <constraintErrorMessage>Priority must be between 0 and 65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i new file mode 100644 index 0000000..21b9c4f --- /dev/null +++ b/interface-definitions/include/qos/hfsc-m1.xml.i @@ -0,0 +1,32 @@ +<!-- include start from qos/hfsc-m1.xml.i --> +<leafNode name="m1"> + <properties> + <help>Linkshare m1 parameter for class traffic</help> + <valueHelp> + <format><number></format> + <description>Rate in kbit (kilobit per second)</description> + </valueHelp> + <valueHelp> + <format><number>%%</format> + <description>Percentage of overall rate</description> + </valueHelp> + <valueHelp> + <format><number>bit</format> + <description>bit(1), kbit(10^3), mbit(10^6), gbit, tbit</description> + </valueHelp> + <valueHelp> + <format><number>ibit</format> + <description>kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)</description> + </valueHelp> + <valueHelp> + <format><number>ibps</format> + <description>kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec</description> + </valueHelp> + <valueHelp> + <format><number>bps</format> + <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> + </valueHelp> + </properties> + <defaultValue>0bit</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i new file mode 100644 index 0000000..24e8f5d --- /dev/null +++ b/interface-definitions/include/qos/hfsc-m2.xml.i @@ -0,0 +1,32 @@ +<!-- include start from qos/hfsc-m2.xml.i --> +<leafNode name="m2"> + <properties> + <help>Linkshare m2 parameter for class traffic</help> + <valueHelp> + <format><number></format> + <description>Rate in kbit (kilobit per second)</description> + </valueHelp> + <valueHelp> + <format><number>%%</format> + <description>Percentage of overall rate</description> + </valueHelp> + <valueHelp> + <format><number>bit</format> + <description>bit(1), kbit(10^3), mbit(10^6), gbit, tbit</description> + </valueHelp> + <valueHelp> + <format><number>ibit</format> + <description>kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)</description> + </valueHelp> + <valueHelp> + <format><number>ibps</format> + <description>kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec</description> + </valueHelp> + <valueHelp> + <format><number>bps</format> + <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> + </valueHelp> + </properties> + <defaultValue>100%</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/interval.xml.i b/interface-definitions/include/qos/interval.xml.i new file mode 100644 index 0000000..41896ac --- /dev/null +++ b/interface-definitions/include/qos/interval.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/interval.xml.i --> +<leafNode name="interval"> + <properties> + <help>Interval used to measure the delay</help> + <valueHelp> + <format>u32</format> + <description>Interval in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>Interval must be in range 0 to 4294967295</constraintErrorMessage> + </properties> + <defaultValue>100</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/match-dscp.xml.i b/interface-definitions/include/qos/match-dscp.xml.i new file mode 100644 index 0000000..2d2fd0a --- /dev/null +++ b/interface-definitions/include/qos/match-dscp.xml.i @@ -0,0 +1,142 @@ +<!-- include start from qos/match-dscp.xml.i --> +<leafNode name="dscp"> + <properties> + <help>Match on Differentiated Services Codepoint (DSCP)</help> + <completionHelp> + <list>default reliability throughput lowdelay priority immediate flash flash-override critical internet network AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF</list> + </completionHelp> + <valueHelp> + <format>u32:0-63</format> + <description>Differentiated Services Codepoint (DSCP) value </description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>match DSCP (000000)</description> + </valueHelp> + <valueHelp> + <format>reliability</format> + <description>match DSCP (000001)</description> + </valueHelp> + <valueHelp> + <format>throughput</format> + <description>match DSCP (000010)</description> + </valueHelp> + <valueHelp> + <format>lowdelay</format> + <description>match DSCP (000100)</description> + </valueHelp> + <valueHelp> + <format>priority</format> + <description>match DSCP (001000)</description> + </valueHelp> + <valueHelp> + <format>immediate</format> + <description>match DSCP (010000)</description> + </valueHelp> + <valueHelp> + <format>flash</format> + <description>match DSCP (011000)</description> + </valueHelp> + <valueHelp> + <format>flash-override</format> + <description>match DSCP (100000)</description> + </valueHelp> + <valueHelp> + <format>critical</format> + <description>match DSCP (101000)</description> + </valueHelp> + <valueHelp> + <format>internet</format> + <description>match DSCP (110000)</description> + </valueHelp> + <valueHelp> + <format>network</format> + <description>match DSCP (111000)</description> + </valueHelp> + <valueHelp> + <format>AF11</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF12</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF13</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF21</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF22</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF23</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF31</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF32</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF33</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF41</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>AF42</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>AF43</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>CS1</format> + <description>Low-priority data</description> + </valueHelp> + <valueHelp> + <format>CS2</format> + <description>OAM</description> + </valueHelp> + <valueHelp> + <format>CS3</format> + <description>Broadcast video</description> + </valueHelp> + <valueHelp> + <format>CS4</format> + <description>Real-time interactive</description> + </valueHelp> + <valueHelp> + <format>CS5</format> + <description>Signaling</description> + </valueHelp> + <valueHelp> + <format>CS6</format> + <description>Network control</description> + </valueHelp> + <valueHelp> + <format>CS7</format> + <description></description> + </valueHelp> + <valueHelp> + <format>EF</format> + <description>Expedited Forwarding</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-63"/> + <regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/max-length.xml.i b/interface-definitions/include/qos/max-length.xml.i new file mode 100644 index 0000000..64cdd02 --- /dev/null +++ b/interface-definitions/include/qos/max-length.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/max-length.xml.i --> +<leafNode name="max-length"> + <properties> + <help>Maximum packet length</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Maximum packet/payload length</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Maximum packet length is 65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/mtu.xml.i b/interface-definitions/include/qos/mtu.xml.i new file mode 100644 index 0000000..161d4c2 --- /dev/null +++ b/interface-definitions/include/qos/mtu.xml.i @@ -0,0 +1,14 @@ +<!-- include start from qos/mtu.xml.i --> +<leafNode name="mtu"> + <properties> + <help>MTU size for this class</help> + <valueHelp> + <format>u32:256-65535</format> + <description>Bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 256-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/queue-average-packet.xml.i b/interface-definitions/include/qos/queue-average-packet.xml.i new file mode 100644 index 0000000..2f8bfe2 --- /dev/null +++ b/interface-definitions/include/qos/queue-average-packet.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/queue-average-packet.xml.i --> +<leafNode name="average-packet"> + <properties> + <help>Average packet size (bytes)</help> + <valueHelp> + <format>u32:16-10240</format> + <description>Average packet size in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-10240"/> + </constraint> + <constraintErrorMessage>Average packet size must be between 16 and 10240</constraintErrorMessage> + </properties> + <defaultValue>1024</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i b/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i new file mode 100644 index 0000000..2f2d446 --- /dev/null +++ b/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/queue-limit-1-4294967295.xml.i --> +<leafNode name="queue-limit"> + <properties> + <help>Maximum queue size</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Queue size in packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + <constraintErrorMessage>Queue limit must be greater than zero</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/queue-limit-2-10999.xml.i b/interface-definitions/include/qos/queue-limit-2-10999.xml.i new file mode 100644 index 0000000..7a9c826 --- /dev/null +++ b/interface-definitions/include/qos/queue-limit-2-10999.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/queue-limit.xml.i --> +<leafNode name="queue-limit"> + <properties> + <help>Upper limit of the queue</help> + <valueHelp> + <format>u32:2-10999</format> + <description>Queue size in packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-10999"/> + </constraint> + <constraintErrorMessage>Queue limit must greater than 1 and less than 11000</constraintErrorMessage> + </properties> + <defaultValue>10240</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/queue-mark-probability.xml.i b/interface-definitions/include/qos/queue-mark-probability.xml.i new file mode 100644 index 0000000..1a28628 --- /dev/null +++ b/interface-definitions/include/qos/queue-mark-probability.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/queue-mark-probability.xml.i --> +<leafNode name="mark-probability"> + <properties> + <help>Mark probability for random detection</help> + <valueHelp> + <format>u32</format> + <description>Numeric value (1/N)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + <constraintErrorMessage>Mark probability must be greater than 0</constraintErrorMessage> + </properties> + <defaultValue>10</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/queue-maximum-threshold.xml.i b/interface-definitions/include/qos/queue-maximum-threshold.xml.i new file mode 100644 index 0000000..66d17cc --- /dev/null +++ b/interface-definitions/include/qos/queue-maximum-threshold.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/queue-maximum-threshold.xml.i --> +<leafNode name="maximum-threshold"> + <properties> + <help>Maximum threshold for random detection</help> + <valueHelp> + <format>u32:0-4096</format> + <description>Maximum threshold in packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4096"/> + </constraint> + <constraintErrorMessage>Threshold must be between 0 and 4096</constraintErrorMessage> + </properties> + <defaultValue>18</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/queue-minimum-threshold.xml.i b/interface-definitions/include/qos/queue-minimum-threshold.xml.i new file mode 100644 index 0000000..81e12d6 --- /dev/null +++ b/interface-definitions/include/qos/queue-minimum-threshold.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/queue-minimum-threshold.xml.i --> +<leafNode name="minimum-threshold"> + <properties> + <help>Minimum threshold for random detection</help> + <valueHelp> + <format>u32:0-4096</format> + <description>Minimum threshold in packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4096"/> + </constraint> + <constraintErrorMessage>Threshold must be between 0 and 4096</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/queue-type.xml.i b/interface-definitions/include/qos/queue-type.xml.i new file mode 100644 index 0000000..c7d4cde --- /dev/null +++ b/interface-definitions/include/qos/queue-type.xml.i @@ -0,0 +1,33 @@ +<!-- include start from qos/queue-type.xml.i --> +<leafNode name="queue-type"> + <properties> + <help>Queue type for default traffic</help> + <completionHelp> + <list>drop-tail fair-queue fq-codel priority random-detect</list> + </completionHelp> + <valueHelp> + <format>drop-tail</format> + <description>First-In-First-Out (FIFO)</description> + </valueHelp> + <valueHelp> + <format>fair-queue</format> + <description>Stochastic Fair Queue (SFQ)</description> + </valueHelp> + <valueHelp> + <format>fq-codel</format> + <description>Fair Queue Codel</description> + </valueHelp> + <valueHelp> + <format>priority</format> + <description>Priority queuing</description> + </valueHelp> + <valueHelp> + <format>random-detect</format> + <description>Random Early Detection (RED)</description> + </valueHelp> + <constraint> + <regex>(drop-tail|fair-queue|fq-codel|priority|random-detect)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/set-dscp.xml.i b/interface-definitions/include/qos/set-dscp.xml.i new file mode 100644 index 0000000..07f3378 --- /dev/null +++ b/interface-definitions/include/qos/set-dscp.xml.i @@ -0,0 +1,143 @@ +<!-- include start from qos/set-dscp.xml.i --> +<leafNode name="set-dscp"> + <properties> + <help>Change the Differentiated Services (DiffServ) field in the IP header</help> + <completionHelp> + <list>default reliability throughput lowdelay priority immediate flash flash-override critical internet network AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF</list> + </completionHelp> + <valueHelp> + <format>u32:0-63</format> + <description>Priority order for bandwidth pool</description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>match DSCP (000000)</description> + </valueHelp> + <valueHelp> + <format>reliability</format> + <description>match DSCP (000001)</description> + </valueHelp> + <valueHelp> + <format>throughput</format> + <description>match DSCP (000010)</description> + </valueHelp> + <valueHelp> + <format>lowdelay</format> + <description>match DSCP (000100)</description> + </valueHelp> + <valueHelp> + <format>priority</format> + <description>match DSCP (001000)</description> + </valueHelp> + <valueHelp> + <format>immediate</format> + <description>match DSCP (010000)</description> + </valueHelp> + <valueHelp> + <format>flash</format> + <description>match DSCP (011000)</description> + </valueHelp> + <valueHelp> + <format>flash-override</format> + <description>match DSCP (100000)</description> + </valueHelp> + <valueHelp> + <format>critical</format> + <description>match DSCP (101000)</description> + </valueHelp> + <valueHelp> + <format>internet</format> + <description>match DSCP (110000)</description> + </valueHelp> + <valueHelp> + <format>network</format> + <description>match DSCP (111000)</description> + </valueHelp> + <valueHelp> + <format>AF11</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF12</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF13</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF21</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF22</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF23</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF31</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF32</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF33</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF41</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>AF42</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>AF43</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>CS1</format> + <description>Low-priority data</description> + </valueHelp> + <valueHelp> + <format>CS2</format> + <description>OAM</description> + </valueHelp> + <valueHelp> + <format>CS3</format> + <description>Broadcast video</description> + </valueHelp> + <valueHelp> + <format>CS4</format> + <description>Real-time interactive</description> + </valueHelp> + <valueHelp> + <format>CS5</format> + <description>Signaling</description> + </valueHelp> + <valueHelp> + <format>CS6</format> + <description>Network control</description> + </valueHelp> + <valueHelp> + <format>CS7</format> + <description></description> + </valueHelp> + <valueHelp> + <format>EF</format> + <description>Expedited Forwarding</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-63"/> + <regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF)</regex> + </constraint> + <constraintErrorMessage>Priority must be between 0 and 63</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/target.xml.i b/interface-definitions/include/qos/target.xml.i new file mode 100644 index 0000000..bf6342a --- /dev/null +++ b/interface-definitions/include/qos/target.xml.i @@ -0,0 +1,16 @@ +<!-- include start from qos/target.xml.i --> +<leafNode name="target"> + <properties> + <help>Acceptable minimum standing/persistent queue delay</help> + <valueHelp> + <format>u32</format> + <description>Queue delay in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>Delay must be in range 0 to 4294967295</constraintErrorMessage> + </properties> + <defaultValue>5</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/tcp-flags.xml.i b/interface-definitions/include/qos/tcp-flags.xml.i new file mode 100644 index 0000000..81d70d1 --- /dev/null +++ b/interface-definitions/include/qos/tcp-flags.xml.i @@ -0,0 +1,21 @@ +<!-- include start from qos/tcp-flags.xml.i --> +<node name="tcp"> + <properties> + <help>TCP Flags matching</help> + </properties> + <children> + <leafNode name="ack"> + <properties> + <help>Match TCP ACK</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="syn"> + <properties> + <help>Match TCP SYN</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/radius-acct-server-ipv4.xml.i b/interface-definitions/include/radius-acct-server-ipv4.xml.i new file mode 100644 index 0000000..9365aa8 --- /dev/null +++ b/interface-definitions/include/radius-acct-server-ipv4.xml.i @@ -0,0 +1,26 @@ +<!-- include start from radius-acct-server-ipv4.xml.i --> +<node name="radius"> + <properties> + <help>RADIUS accounting for users OpenConnect VPN sessions OpenConnect authentication mode radius</help> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/radius-server-key.xml.i> + #include <include/radius-server-acct-port.xml.i> + </children> + </tagNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/radius-auth-server-ipv4.xml.i b/interface-definitions/include/radius-auth-server-ipv4.xml.i new file mode 100644 index 0000000..dc6f4d8 --- /dev/null +++ b/interface-definitions/include/radius-auth-server-ipv4.xml.i @@ -0,0 +1,27 @@ +<!-- include start from radius-auth-server-ipv4.xml.i --> +<node name="radius"> + <properties> + <help>RADIUS based user authentication</help> + </properties> + <children> + #include <include/source-address-ipv4.xml.i> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/radius-server-key.xml.i> + #include <include/radius-server-auth-port.xml.i> + </children> + </tagNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/radius-nas-identifier.xml.i b/interface-definitions/include/radius-nas-identifier.xml.i new file mode 100644 index 0000000..8e6933c --- /dev/null +++ b/interface-definitions/include/radius-nas-identifier.xml.i @@ -0,0 +1,7 @@ +<!-- include start from radius-nas-identifier.xml.i --> +<leafNode name="nas-identifier"> + <properties> + <help>NAS-Identifier attribute sent to RADIUS</help> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-nas-ip-address.xml.i b/interface-definitions/include/radius-nas-ip-address.xml.i new file mode 100644 index 0000000..8d0a3fd --- /dev/null +++ b/interface-definitions/include/radius-nas-ip-address.xml.i @@ -0,0 +1,14 @@ +<!-- include start from radius-nas-ip-address.xml.i --> +<leafNode name="nas-ip-address"> + <properties> + <help>NAS-IP-Address attribute sent to RADIUS</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>NAS-IP-Address attribute</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-priority.xml.i b/interface-definitions/include/radius-priority.xml.i new file mode 100644 index 0000000..f77f501 --- /dev/null +++ b/interface-definitions/include/radius-priority.xml.i @@ -0,0 +1,14 @@ +<!-- include start from radius-priority.xml.i --> +<leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>u32:1-255</format> + <description>Server priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-server-acct-port.xml.i b/interface-definitions/include/radius-server-acct-port.xml.i new file mode 100644 index 0000000..0b356fa --- /dev/null +++ b/interface-definitions/include/radius-server-acct-port.xml.i @@ -0,0 +1,15 @@ +<!-- include start from radius-server-acct-port.xml.i --> +<leafNode name="port"> + <properties> + <help>Accounting port</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1813</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-server-auth-port.xml.i b/interface-definitions/include/radius-server-auth-port.xml.i new file mode 100644 index 0000000..d9ea1d4 --- /dev/null +++ b/interface-definitions/include/radius-server-auth-port.xml.i @@ -0,0 +1,6 @@ +<!-- include start from radius-server-auth-port.xml.i --> +#include <include/port-number.xml.i> +<leafNode name="port"> + <defaultValue>1812</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i new file mode 100644 index 0000000..e454b90 --- /dev/null +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -0,0 +1,51 @@ +<!-- include start from radius-server-ipv4-ipv6.xml.i --> +<node name="radius"> + <properties> + <help>RADIUS based user authentication</help> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>RADIUS server IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/radius-server-key.xml.i> + #include <include/radius-server-auth-port.xml.i> + </children> + </tagNode> + #include <include/source-address-ipv4-ipv6-multi.xml.i> + <leafNode name="security-mode"> + <properties> + <help>Security mode for RADIUS authentication</help> + <completionHelp> + <list>mandatory optional</list> + </completionHelp> + <valueHelp> + <format>mandatory</format> + <description>Deny access immediately if RADIUS answers with Access-Reject</description> + </valueHelp> + <valueHelp> + <format>optional</format> + <description>Pass to the next authentication method if RADIUS answers with Access-Reject</description> + </valueHelp> + <constraint> + <regex>(mandatory|optional)</regex> + </constraint> + </properties> + <defaultValue>optional</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/radius-server-key.xml.i b/interface-definitions/include/radius-server-key.xml.i new file mode 100644 index 0000000..dd5cdb0 --- /dev/null +++ b/interface-definitions/include/radius-server-key.xml.i @@ -0,0 +1,15 @@ +<!-- include start from radius-server-key.xml.i --> +<leafNode name="key"> + <properties> + <help>Shared secret key</help> + <valueHelp> + <format>txt</format> + <description>Password string (key)</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,128}</regex> + </constraint> + <constraintErrorMessage>Password must be less then 128 characters</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-timeout.xml.i b/interface-definitions/include/radius-timeout.xml.i new file mode 100644 index 0000000..22bb6d3 --- /dev/null +++ b/interface-definitions/include/radius-timeout.xml.i @@ -0,0 +1,16 @@ +<!-- include start from radius-timeout.xml.i --> +<leafNode name="timeout"> + <properties> + <help>Session timeout</help> + <valueHelp> + <format>u32:1-240</format> + <description>Session timeout in seconds (default: 2)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-240"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage> + </properties> + <defaultValue>2</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/rip/access-list.xml.i b/interface-definitions/include/rip/access-list.xml.i new file mode 100644 index 0000000..8799aa9 --- /dev/null +++ b/interface-definitions/include/rip/access-list.xml.i @@ -0,0 +1,39 @@ +<!-- include start from rip/access-list.xml.i --> +<node name="access-list"> + <properties> + <help>Access-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Access list to apply to input packets</help> + <valueHelp> + <format>u32</format> + <description>Access list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Access list to apply to output packets</help> + <valueHelp> + <format>u32</format> + <description>Access list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/rip/access-list6.xml.i b/interface-definitions/include/rip/access-list6.xml.i new file mode 100644 index 0000000..7321352 --- /dev/null +++ b/interface-definitions/include/rip/access-list6.xml.i @@ -0,0 +1,39 @@ +<!-- include start from rip/access-list.xml.i --> +<node name="access-list"> + <properties> + <help>Access-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Access list to apply to input packets</help> + <valueHelp> + <format>u32</format> + <description>Access list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Access list to apply to output packets</help> + <valueHelp> + <format>u32</format> + <description>Access list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/rip/default-information.xml.i b/interface-definitions/include/rip/default-information.xml.i new file mode 100644 index 0000000..957fb3a --- /dev/null +++ b/interface-definitions/include/rip/default-information.xml.i @@ -0,0 +1,15 @@ +<!-- include start from rip/default-information.xml.i --> +<node name="default-information"> + <properties> + <help>Control distribution of default route</help> + </properties> + <children> + <leafNode name="originate"> + <properties> + <help>Distribute a default route</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/rip/default-metric.xml.i b/interface-definitions/include/rip/default-metric.xml.i new file mode 100644 index 0000000..c0f1f9b --- /dev/null +++ b/interface-definitions/include/rip/default-metric.xml.i @@ -0,0 +1,14 @@ +<!-- include start from rip/default-metric.xml.i --> +<leafNode name="default-metric"> + <properties> + <help>Metric of redistributed routes</help> + <valueHelp> + <format>u32:1-16</format> + <description>Default metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/rip/interface.xml.i b/interface-definitions/include/rip/interface.xml.i new file mode 100644 index 0000000..7c64d07 --- /dev/null +++ b/interface-definitions/include/rip/interface.xml.i @@ -0,0 +1,33 @@ +<!-- include start from rip/interface.xml.i --> +<tagNode name="interface"> + <properties> + <help>Interface name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <node name="split-horizon"> + <properties> + <help>Split horizon parameters</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="poison-reverse"> + <properties> + <help>Disable split horizon on specified interface</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/rip/prefix-list.xml.i b/interface-definitions/include/rip/prefix-list.xml.i new file mode 100644 index 0000000..8e806aa --- /dev/null +++ b/interface-definitions/include/rip/prefix-list.xml.i @@ -0,0 +1,33 @@ +<!-- include start from rip/prefix-list.xml.i --> +<node name="prefix-list"> + <properties> + <help>Prefix-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Prefix-list to apply to input packets</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Prefix-list to apply to output packets</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/rip/prefix-list6.xml.i b/interface-definitions/include/rip/prefix-list6.xml.i new file mode 100644 index 0000000..84b6846 --- /dev/null +++ b/interface-definitions/include/rip/prefix-list6.xml.i @@ -0,0 +1,33 @@ +<!-- include start from rip/prefix-list.xml.i --> +<node name="prefix-list"> + <properties> + <help>Prefix-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Prefix-list to apply to input packets</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Prefix-list to apply to output packets</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/rip/redistribute.xml.i b/interface-definitions/include/rip/redistribute.xml.i new file mode 100644 index 0000000..34154a5 --- /dev/null +++ b/interface-definitions/include/rip/redistribute.xml.i @@ -0,0 +1,15 @@ +<!-- include start from rip/redistribute.xml.i --> +<leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format>u32:1-16</format> + <description>Redistribute route metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> +</leafNode> +#include <include/route-map.xml.i> +<!-- include end --> diff --git a/interface-definitions/include/rip/timers.xml.i b/interface-definitions/include/rip/timers.xml.i new file mode 100644 index 0000000..771a670 --- /dev/null +++ b/interface-definitions/include/rip/timers.xml.i @@ -0,0 +1,48 @@ +<!-- include start from rip/timers.xml.i --> +<node name="timers"> + <properties> + <help>RIPng timer values</help> + </properties> + <children> + <leafNode name="garbage-collection"> + <properties> + <help>Garbage collection timer</help> + <valueHelp> + <format>u32:5-2147483647</format> + <description>Garbage colletion time</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Routing information timeout timer</help> + <valueHelp> + <format>u32:5-2147483647</format> + <description>Routing information timeout timer</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + <defaultValue>180</defaultValue> + </leafNode> + <leafNode name="update"> + <properties> + <help>Routing table update timer</help> + <valueHelp> + <format>u32:5-2147483647</format> + <description>Routing table update timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/rip/version.xml.i b/interface-definitions/include/rip/version.xml.i new file mode 100644 index 0000000..61458b2 --- /dev/null +++ b/interface-definitions/include/rip/version.xml.i @@ -0,0 +1,18 @@ +<!-- include start from rip/version.xml.i --> +<leafNode name="version"> + <properties> + <help>Limit RIP protocol version</help> + <valueHelp> + <format>1</format> + <description>Allow RIPv1 only</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>Allow RIPv2 only</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i new file mode 100644 index 0000000..e49c388 --- /dev/null +++ b/interface-definitions/include/route-map.xml.i @@ -0,0 +1,18 @@ +<!-- include start from route-map.xml.i --> +<leafNode name="route-map"> + <properties> + <help>Specify route-map name to use</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/router-id.xml.i b/interface-definitions/include/router-id.xml.i new file mode 100644 index 0000000..272a8b6 --- /dev/null +++ b/interface-definitions/include/router-id.xml.i @@ -0,0 +1,14 @@ +<!-- include start from router-id.xml.i --> +<leafNode name="router-id"> + <properties> + <help>Override default router identifier</help> + <valueHelp> + <format>ipv4</format> + <description>Router-ID in IP address format</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/routing-passive-interface.xml.i b/interface-definitions/include/routing-passive-interface.xml.i new file mode 100644 index 0000000..8fa0d0f --- /dev/null +++ b/interface-definitions/include/routing-passive-interface.xml.i @@ -0,0 +1,24 @@ +<!-- include start from routing-passive-interface.xml.i --> +<leafNode name="passive-interface"> + <properties> + <help>Suppress routing updates on an interface</help> + <completionHelp> + <list>default</list> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface to be passive (i.e. suppress routing updates)</description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>Default to suppress routing updates on all interfaces</description> + </valueHelp> + <constraint> + <regex>(default)</regex> + #include <include/constraint/interface-name.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/segment-routing-label-value.xml.i b/interface-definitions/include/segment-routing-label-value.xml.i new file mode 100644 index 0000000..05e1edd --- /dev/null +++ b/interface-definitions/include/segment-routing-label-value.xml.i @@ -0,0 +1,26 @@ +<!-- include start from segment-routing-label-value.xml.i --> +<leafNode name="low-label-value"> + <properties> + <help>MPLS label lower bound</help> + <valueHelp> + <format>u32:16-1048575</format> + <description>Label value (recommended minimum value: 300)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-1048575"/> + </constraint> + </properties> +</leafNode> +<leafNode name="high-label-value"> + <properties> + <help>MPLS label upper bound</help> + <valueHelp> + <format>u32:16-1048575</format> + <description>Label value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-1048575"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/server-ipv4-fqdn.xml.i b/interface-definitions/include/server-ipv4-fqdn.xml.i new file mode 100644 index 0000000..7bab981 --- /dev/null +++ b/interface-definitions/include/server-ipv4-fqdn.xml.i @@ -0,0 +1,15 @@ +<!-- include start from server-ipv4-fqdn.xml.i --> +<leafNode name="server"> + <properties> + <help>Remote server to connect to</help> + <valueHelp> + <format>ipv4</format> + <description>Server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Server hostname/FQDN</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/snmp/access-mode.xml.i b/interface-definitions/include/snmp/access-mode.xml.i new file mode 100644 index 0000000..7469805 --- /dev/null +++ b/interface-definitions/include/snmp/access-mode.xml.i @@ -0,0 +1,23 @@ +<!-- include start from snmp/access-mode.xml.i --> +<leafNode name="mode"> + <properties> + <help>Define access permission</help> + <completionHelp> + <list>ro rw</list> + </completionHelp> + <valueHelp> + <format>ro</format> + <description>Read-Only</description> + </valueHelp> + <valueHelp> + <format>rw</format> + <description>read write</description> + </valueHelp> + <constraint> + <regex>(ro|rw)</regex> + </constraint> + <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> + </properties> + <defaultValue>ro</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/snmp/authentication-type.xml.i b/interface-definitions/include/snmp/authentication-type.xml.i new file mode 100644 index 0000000..047d8cf --- /dev/null +++ b/interface-definitions/include/snmp/authentication-type.xml.i @@ -0,0 +1,22 @@ +<!-- include start from snmp/authentication-type.xml.i --> +<leafNode name="type"> + <properties> + <help>Define used protocol</help> + <completionHelp> + <list>md5 sha</list> + </completionHelp> + <valueHelp> + <format>md5</format> + <description>Message Digest 5</description> + </valueHelp> + <valueHelp> + <format>sha</format> + <description>Secure Hash Algorithm</description> + </valueHelp> + <constraint> + <regex>(md5|sha)</regex> + </constraint> + </properties> + <defaultValue>md5</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/snmp/privacy-type.xml.i b/interface-definitions/include/snmp/privacy-type.xml.i new file mode 100644 index 0000000..d5fd1e8 --- /dev/null +++ b/interface-definitions/include/snmp/privacy-type.xml.i @@ -0,0 +1,22 @@ +<!-- include start from snmp/privacy-type.xml.i --> +<leafNode name="type"> + <properties> + <help>Defines the protocol for privacy</help> + <completionHelp> + <list>des aes</list> + </completionHelp> + <valueHelp> + <format>des</format> + <description>Data Encryption Standard</description> + </valueHelp> + <valueHelp> + <format>aes</format> + <description>Advanced Encryption Standard</description> + </valueHelp> + <constraint> + <regex>(des|aes)</regex> + </constraint> + </properties> + <defaultValue>des</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i new file mode 100644 index 0000000..d56ca5b --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i @@ -0,0 +1,22 @@ +<!-- include start from source-address-ipv4-ipv6-multi.xml.i --> +<leafNode name="source-address"> + <properties> + <help>Source IP address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i new file mode 100644 index 0000000..af3f9bb --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i @@ -0,0 +1,21 @@ +<!-- include start from source-address-ipv4-ipv6.xml.i --> +<leafNode name="source-address"> + <properties> + <help>Source IP address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-address-ipv4-multi.xml.i b/interface-definitions/include/source-address-ipv4-multi.xml.i new file mode 100644 index 0000000..319a118 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-multi.xml.i @@ -0,0 +1,18 @@ +<!-- include start from source-address-ipv4-multi.xml.i --> +<leafNode name="source-address"> + <properties> + <help>IPv4 source address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-address-ipv4.xml.i b/interface-definitions/include/source-address-ipv4.xml.i new file mode 100644 index 0000000..0526781 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4.xml.i @@ -0,0 +1,17 @@ +<!-- include start from source-address-ipv4.xml.i --> +<leafNode name="source-address"> + <properties> + <help>IPv4 source address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-interface-ethernet.xml.i b/interface-definitions/include/source-interface-ethernet.xml.i new file mode 100644 index 0000000..e06e47d --- /dev/null +++ b/interface-definitions/include/source-interface-ethernet.xml.i @@ -0,0 +1,14 @@ +<!-- include start from source-interface-ethernet.xml.i --> +<leafNode name="source-interface"> + <properties> + <help>Physical interface the traffic will go through</help> + <valueHelp> + <format>interface</format> + <description>Physical interface used for traffic forwarding</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces --type ethernet</script> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-interface.xml.i b/interface-definitions/include/source-interface.xml.i new file mode 100644 index 0000000..40fdc6c --- /dev/null +++ b/interface-definitions/include/source-interface.xml.i @@ -0,0 +1,17 @@ +<!-- include start from source-interface.xml.i --> +<leafNode name="source-interface"> + <properties> + <help>Interface used to establish connection</help> + <valueHelp> + <format>interface</format> + <description>Interface name</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ssh-group.xml.i b/interface-definitions/include/ssh-group.xml.i new file mode 100644 index 0000000..9c8b869 --- /dev/null +++ b/interface-definitions/include/ssh-group.xml.i @@ -0,0 +1,12 @@ +<!-- include start from ssh-group.xml.i --> +<leafNode name="group"> + <properties> + <help>Allow members of a group to login</help> + <constraint> + <regex>[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ssh-user.xml.i b/interface-definitions/include/ssh-user.xml.i new file mode 100644 index 0000000..6ac1f35 --- /dev/null +++ b/interface-definitions/include/ssh-user.xml.i @@ -0,0 +1,12 @@ +<!-- include start from ssh-user.xml.i --> +<leafNode name="user"> + <properties> + <help>Allow specific users to login</help> + <constraint> + <regex>[-_a-zA-Z0-9.]{1,100}</regex> + </constraint> + <constraintErrorMessage>Illegal characters or more than 100 characters</constraintErrorMessage> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-bfd.xml.i b/interface-definitions/include/static/static-route-bfd.xml.i new file mode 100644 index 0000000..d588b36 --- /dev/null +++ b/interface-definitions/include/static/static-route-bfd.xml.i @@ -0,0 +1,36 @@ +<!-- include start from static/static-route-bfd.xml.i --> +<node name="bfd"> + <properties> + <help>BFD monitoring</help> + </properties> + <children> + #include <include/bfd/profile.xml.i> + <node name="multi-hop"> + <properties> + <help>Use BFD multi hop session</help> + </properties> + <children> + <tagNode name="source"> + <properties> + <help>Use source for BFD session</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + #include <include/bfd/profile.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-blackhole.xml.i b/interface-definitions/include/static/static-route-blackhole.xml.i new file mode 100644 index 0000000..487f775 --- /dev/null +++ b/interface-definitions/include/static/static-route-blackhole.xml.i @@ -0,0 +1,11 @@ +<!-- include start from static/static-route-blackhole.xml.i --> +<node name="blackhole"> + <properties> + <help>Silently discard pkts when matched</help> + </properties> + <children> + #include <include/static/static-route-distance.xml.i> + #include <include/static/static-route-tag.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-distance.xml.i b/interface-definitions/include/static/static-route-distance.xml.i new file mode 100644 index 0000000..a651b98 --- /dev/null +++ b/interface-definitions/include/static/static-route-distance.xml.i @@ -0,0 +1,14 @@ +<!-- include start from static/static-route-distance.xml.i --> +<leafNode name="distance"> + <properties> + <help>Distance for this route</help> + <valueHelp> + <format>u32:1-255</format> + <description>Distance for this route</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-interface.xml.i b/interface-definitions/include/static/static-route-interface.xml.i new file mode 100644 index 0000000..cb54368 --- /dev/null +++ b/interface-definitions/include/static/static-route-interface.xml.i @@ -0,0 +1,17 @@ +<!-- include start from static/static-route-interface.xml.i --> +<leafNode name="interface"> + <properties> + <help>Gateway interface name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Gateway interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-reject.xml.i b/interface-definitions/include/static/static-route-reject.xml.i new file mode 100644 index 0000000..ef713ac --- /dev/null +++ b/interface-definitions/include/static/static-route-reject.xml.i @@ -0,0 +1,11 @@ +<!-- include start from static/static-route-blackhole.xml.i --> +<node name="reject"> + <properties> + <help>Emit an ICMP unreachable when matched</help> + </properties> + <children> + #include <include/static/static-route-distance.xml.i> + #include <include/static/static-route-tag.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-segments.xml.i b/interface-definitions/include/static/static-route-segments.xml.i new file mode 100644 index 0000000..2068b1a --- /dev/null +++ b/interface-definitions/include/static/static-route-segments.xml.i @@ -0,0 +1,14 @@ +<!-- include start from static/static-route-segments.xml.i --> +<leafNode name="segments"> + <properties> + <help>SRv6 segments</help> + <valueHelp> + <format>txt</format> + <description>Segs (SIDs)</description> + </valueHelp> + <constraint> + <validator name="ipv6-srv6-segments"/> + </constraint> + </properties> + </leafNode> + <!-- include end --> diff --git a/interface-definitions/include/static/static-route-tag.xml.i b/interface-definitions/include/static/static-route-tag.xml.i new file mode 100644 index 0000000..24bfa73 --- /dev/null +++ b/interface-definitions/include/static/static-route-tag.xml.i @@ -0,0 +1,14 @@ +<!-- include start from static/static-route-tag.xml.i --> +<leafNode name="tag"> + <properties> + <help>Tag value for this route</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Tag value for this route</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-vrf.xml.i b/interface-definitions/include/static/static-route-vrf.xml.i new file mode 100644 index 0000000..e1968f0 --- /dev/null +++ b/interface-definitions/include/static/static-route-vrf.xml.i @@ -0,0 +1,19 @@ +<!-- include start from static/static-route-vrf.xml.i --> +<leafNode name="vrf"> + <properties> + <help>VRF to leak route</help> + <completionHelp> + <list>default</list> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of VRF to leak to</description> + </valueHelp> + <constraint> + <regex>(default)</regex> + <validator name="vrf-name"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route.xml.i b/interface-definitions/include/static/static-route.xml.i new file mode 100644 index 0000000..29921a7 --- /dev/null +++ b/interface-definitions/include/static/static-route.xml.i @@ -0,0 +1,60 @@ +<!-- include start from static/static-route.xml.i --> +<tagNode name="route"> + <properties> + <help>Static IPv4 route</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 static route</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + #include <include/static/static-route-blackhole.xml.i> + #include <include/static/static-route-reject.xml.i> + #include <include/dhcp-interface.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="interface"> + <properties> + <help>Next-hop IPv4 router interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Gateway interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/static/static-route-distance.xml.i> + #include <include/static/static-route-vrf.xml.i> + </children> + </tagNode> + <tagNode name="next-hop"> + <properties> + <help>Next-hop IPv4 router address</help> + <valueHelp> + <format>ipv4</format> + <description>Next-hop router address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/static/static-route-distance.xml.i> + #include <include/static/static-route-interface.xml.i> + #include <include/static/static-route-vrf.xml.i> + #include <include/static/static-route-bfd.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end --> + diff --git a/interface-definitions/include/static/static-route6.xml.i b/interface-definitions/include/static/static-route6.xml.i new file mode 100644 index 0000000..4468c80 --- /dev/null +++ b/interface-definitions/include/static/static-route6.xml.i @@ -0,0 +1,60 @@ +<!-- include start from static/static-route6.xml.i --> +<tagNode name="route6"> + <properties> + <help>Static IPv6 route</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 static route</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/static/static-route-blackhole.xml.i> + #include <include/static/static-route-reject.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="interface"> + <properties> + <help>IPv6 gateway interface name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Gateway interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/static/static-route-distance.xml.i> + #include <include/static/static-route-segments.xml.i> + #include <include/static/static-route-vrf.xml.i> + </children> + </tagNode> + <tagNode name="next-hop"> + <properties> + <help>IPv6 gateway address</help> + <valueHelp> + <format>ipv6</format> + <description>Next-hop IPv6 router</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/static/static-route-bfd.xml.i> + #include <include/static/static-route-distance.xml.i> + #include <include/static/static-route-interface.xml.i> + #include <include/static/static-route-segments.xml.i> + #include <include/static/static-route-vrf.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/address.xml.i b/interface-definitions/include/stunnel/address.xml.i new file mode 100644 index 0000000..d2901d5 --- /dev/null +++ b/interface-definitions/include/stunnel/address.xml.i @@ -0,0 +1,20 @@ +<!-- include start from stunnel/address.xml.i --> +<leafNode name="address"> + <properties> + <help>Hostname or IP address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>hostname</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid FQDN or IP address</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/connect.xml.i b/interface-definitions/include/stunnel/connect.xml.i new file mode 100644 index 0000000..cd6246a --- /dev/null +++ b/interface-definitions/include/stunnel/connect.xml.i @@ -0,0 +1,11 @@ +<!-- include start from stunnel/connect.xml.i --> +<node name="connect"> + <properties> + <help>Connect to a remote address</help> + </properties> + <children> + #include <include/stunnel/address.xml.i> + #include <include/port-number.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/listen.xml.i b/interface-definitions/include/stunnel/listen.xml.i new file mode 100644 index 0000000..13d0986 --- /dev/null +++ b/interface-definitions/include/stunnel/listen.xml.i @@ -0,0 +1,11 @@ +<!-- include start from stunnel/listen.xml.i --> +<node name="listen"> + <properties> + <help>Accept connections on specified address</help> + </properties> + <children> + #include <include/stunnel/address.xml.i> + #include <include/port-number.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-options.xml.i b/interface-definitions/include/stunnel/protocol-options.xml.i new file mode 100644 index 0000000..2f02028 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-options.xml.i @@ -0,0 +1,75 @@ +<!-- include start from stunel/protocol-options.xml.i --> +<node name="options"> + <properties> + <help>Advanced protocol options</help> + </properties> + <children> + <leafNode name="authentication"> + <properties> + <help>Authentication type for the protocol negotiations</help> + <completionHelp> + <list>basic ntlm plain login</list> + </completionHelp> + <valueHelp> + <format>basic</format> + <description>The default 'connect' authentication type</description> + </valueHelp> + <valueHelp> + <format>ntlm</format> + <description>Supported authentication types for the 'connect' protocol</description> + </valueHelp> + <valueHelp> + <format>plain</format> + <description>The default 'smtp' authentication type</description> + </valueHelp> + <valueHelp> + <format>login</format> + <description>Supported authentication types for the 'smtp' protocol</description> + </valueHelp> + <constraint> + <regex>(basic|ntlm|plain|login)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="domain"> + <properties> + <help>Domain for the 'connect' protocol.</help> + <valueHelp> + <format>domain</format> + <description>domain</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + <node name="host"> + <properties> + <help>Destination address for the 'connect' protocol</help> + </properties> + <children> + #include <include/stunnel/address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + <leafNode name="password"> + <properties> + <help>Password for the protocol negotiations</help> + <valueHelp> + <format>txt</format> + <description>Authentication password</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="username"> + <properties> + <help>Username for the protocol negotiations</help> + <valueHelp> + <format>txt</format> + <description>Authentication username</description> + </valueHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-cifs.xml.i b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i new file mode 100644 index 0000000..5b94847 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-cifs.xml.i --> +<valueHelp> + <format>cifs</format> + <description>Proprietary (undocummented) extension of CIFS protocol</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-connect.xml.i b/interface-definitions/include/stunnel/protocol-value-connect.xml.i new file mode 100644 index 0000000..3c30e71 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-connect.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-connect.xml.i --> +<valueHelp> + <format>connect</format> + <description>Based on RFC 2817 - Upgrading to TLS Within HTTP/1.1, section 5.2 - Requesting a Tunnel with CONNECT</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-imap.xml.i b/interface-definitions/include/stunnel/protocol-value-imap.xml.i new file mode 100644 index 0000000..033e547 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-imap.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-imap.xml.i --> +<valueHelp> + <format>imap</format> + <description>Based on RFC 2595 - Using TLS with IMAP, POP3 and ACAP</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-nntp.xml.i b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i new file mode 100644 index 0000000..60a6c02 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-nntp.xml.i --> +<valueHelp> + <format>nntp</format> + <description>Based on RFC 4642 - Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i new file mode 100644 index 0000000..fd3a166 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-pgsql.xml.i --> +<valueHelp> + <format>pgsql</format> + <description>Based on PostgreSQL frontend/backend protocol</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-pop3.xml.i b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i new file mode 100644 index 0000000..1c8af53 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-pop3.xml.i --> +<valueHelp> + <format>pop3</format> + <description>Based on RFC 2449 - POP3 Extension Mechanism</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-proxy.xml.i b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i new file mode 100644 index 0000000..a4c20d1 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-proxy.xml.i --> +<valueHelp> + <format>proxy</format> + <description>Passing of the original client IP address with HAProxy PROXY protocol version 1</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-smtp.xml.i b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i new file mode 100644 index 0000000..66ca204 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-smtp.xml.i --> +<valueHelp> + <format>smtp</format> + <description>Based on RFC 2487 - SMTP Service Extension for Secure SMTP over TLS</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/protocol-value-socks.xml.i b/interface-definitions/include/stunnel/protocol-value-socks.xml.i new file mode 100644 index 0000000..e110be5 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-socks.xml.i @@ -0,0 +1,6 @@ +<!-- include start from stunnel/protocol-value-socks.xml.i --> +<valueHelp> + <format>socks</format> + <description>SOCKS versions 4, 4a, and 5 are supported</description> +</valueHelp> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/psk.xml.i b/interface-definitions/include/stunnel/psk.xml.i new file mode 100644 index 0000000..db11a93 --- /dev/null +++ b/interface-definitions/include/stunnel/psk.xml.i @@ -0,0 +1,30 @@ +<!-- include start from stunnel/psk.xml.i --> +<tagNode name="psk"> + <properties> + <help>Pre-shared key name</help> + </properties> + <children> + <leafNode name="id"> + <properties> + <help>ID for authentication</help> + <valueHelp> + <format>txt</format> + <description>ID used for authentication</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="secret"> + <properties> + <help>pre-shared secret key</help> + <valueHelp> + <format>txt</format> + <description>pre-shared secret key are required to be at least 16 bytes long, which implies at least 32 characters for hexadecimal key</description> + </valueHelp> + <constraint> + <validator name="psk-secret"/> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/stunnel/ssl.xml.i b/interface-definitions/include/stunnel/ssl.xml.i new file mode 100644 index 0000000..8aba299 --- /dev/null +++ b/interface-definitions/include/stunnel/ssl.xml.i @@ -0,0 +1,11 @@ +<!-- include start from stunnel/ssl.xml.i --> +<node name="ssl"> + <properties> + <help>SSL Certificate, SSL Key and CA</help> + </properties> + <children> + #include <include/pki/ca-certificate-multi.xml.i> + #include <include/pki/certificate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/syslog-facility.xml.i b/interface-definitions/include/syslog-facility.xml.i new file mode 100644 index 0000000..e6138a1 --- /dev/null +++ b/interface-definitions/include/syslog-facility.xml.i @@ -0,0 +1,149 @@ +<!-- include start from syslog-facility.xml.i --> +<tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>all</format> + <description>All facilities excluding "mark"</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug all</list> + </completionHelp> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Log everything</description> + </valueHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + </properties> + <defaultValue>err</defaultValue> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/system-ip-nht.xml.i b/interface-definitions/include/system-ip-nht.xml.i new file mode 100644 index 0000000..4074043 --- /dev/null +++ b/interface-definitions/include/system-ip-nht.xml.i @@ -0,0 +1,15 @@ +<!-- include start from syslog-facility.xml.i --> +<node name="nht"> + <properties> + <help>Filter Next Hop tracking route resolution</help> + </properties> + <children> + <leafNode name="no-resolve-via-default"> + <properties> + <help>Do not resolve via default route</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/system-ip-protocol.xml.i b/interface-definitions/include/system-ip-protocol.xml.i new file mode 100644 index 0000000..c630eb3 --- /dev/null +++ b/interface-definitions/include/system-ip-protocol.xml.i @@ -0,0 +1,56 @@ +<!-- include start from system-ip-protocol.xml.i --> +<tagNode name="protocol"> + <properties> + <help>Filter routing info exchanged between routing protocol and zebra</help> + <completionHelp> + <list>any babel bgp connected eigrp isis kernel ospf rip static table</list> + </completionHelp> + <valueHelp> + <format>any</format> + <description>Any of the above protocols</description> + </valueHelp> + <valueHelp> + <format>babel</format> + <description>Babel routing protocol</description> + </valueHelp> + <valueHelp> + <format>bgp</format> + <description>Border Gateway Protocol</description> + </valueHelp> + <valueHelp> + <format>connected</format> + <description>Connected routes (directly attached subnet or host)</description> + </valueHelp> + <valueHelp> + <format>eigrp</format> + <description>Enhanced Interior Gateway Routing Protocol</description> + </valueHelp> + <valueHelp> + <format>isis</format> + <description>Intermediate System to Intermediate System</description> + </valueHelp> + <valueHelp> + <format>kernel</format> + <description>Kernel routes (not installed via the zebra RIB)</description> + </valueHelp> + <valueHelp> + <format>ospf</format> + <description>Open Shortest Path First (OSPFv2)</description> + </valueHelp> + <valueHelp> + <format>rip</format> + <description>Routing Information Protocol</description> + </valueHelp> + <valueHelp> + <format>static</format> + <description>Statically configured routes</description> + </valueHelp> + <constraint> + <regex>(any|babel|bgp|connected|eigrp|isis|kernel|ospf|rip|static|table)</regex> + </constraint> + </properties> + <children> + #include <include/route-map.xml.i> + </children> +</tagNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/system-ipv6-protocol.xml.i b/interface-definitions/include/system-ipv6-protocol.xml.i new file mode 100644 index 0000000..485776a --- /dev/null +++ b/interface-definitions/include/system-ipv6-protocol.xml.i @@ -0,0 +1,52 @@ +<!-- include start from system-ipv6-protocol.xml.i --> +<tagNode name="protocol"> + <properties> + <help>Filter routing info exchanged between routing protocol and zebra</help> + <completionHelp> + <list>any babel bgp connected isis kernel ospfv3 ripng static table</list> + </completionHelp> + <valueHelp> + <format>any</format> + <description>Any of the above protocols</description> + </valueHelp> + <valueHelp> + <format>babel</format> + <description>Babel routing protocol</description> + </valueHelp> + <valueHelp> + <format>bgp</format> + <description>Border Gateway Protocol</description> + </valueHelp> + <valueHelp> + <format>connected</format> + <description>Connected routes (directly attached subnet or host)</description> + </valueHelp> + <valueHelp> + <format>isis</format> + <description>Intermediate System to Intermediate System</description> + </valueHelp> + <valueHelp> + <format>kernel</format> + <description>Kernel routes (not installed via the zebra RIB)</description> + </valueHelp> + <valueHelp> + <format>ospfv3</format> + <description>Open Shortest Path First (OSPFv3)</description> + </valueHelp> + <valueHelp> + <format>ripng</format> + <description>Routing Information Protocol next-generation</description> + </valueHelp> + <valueHelp> + <format>static</format> + <description>Statically configured routes</description> + </valueHelp> + <constraint> + <regex>(any|babel|bgp|connected|isis|kernel|ospfv3|ripng|static|table)</regex> + </constraint> + </properties> + <children> + #include <include/route-map.xml.i> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/tls-version-min.xml.i b/interface-definitions/include/tls-version-min.xml.i new file mode 100644 index 0000000..b3dcbad --- /dev/null +++ b/interface-definitions/include/tls-version-min.xml.i @@ -0,0 +1,29 @@ +<!-- include start from tls-version-min.xml.i --> +<leafNode name="tls-version-min"> + <properties> + <help>Specify the minimum required TLS version</help> + <completionHelp> + <list>1.0 1.1 1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.0</format> + <description>TLS v1.0</description> + </valueHelp> + <valueHelp> + <format>1.1</format> + <description>TLS v1.1</description> + </valueHelp> + <valueHelp> + <format>1.2</format> + <description>TLS v1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLS v1.3</description> + </valueHelp> + <constraint> + <regex>(1.0|1.1|1.2|1.3)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/url-http-https.xml.i b/interface-definitions/include/url-http-https.xml.i new file mode 100644 index 0000000..f763c2b --- /dev/null +++ b/interface-definitions/include/url-http-https.xml.i @@ -0,0 +1,15 @@ +<!-- include start from url-http-https.xml.i --> +<leafNode name="url"> + <properties> + <help>Remote URL</help> + <valueHelp> + <format>url</format> + <description>Remote HTTP(S) URL</description> + </valueHelp> + <constraint> + <validator name="url" argument="--scheme http --scheme https"/> + </constraint> + <constraintErrorMessage>Invalid HTTP(S) URL format</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/version/bgp-version.xml.i b/interface-definitions/include/version/bgp-version.xml.i new file mode 100644 index 0000000..6bed718 --- /dev/null +++ b/interface-definitions/include/version/bgp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/bgp-version.xml.i --> +<syntaxVersion component='bgp' version='5'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/broadcast-relay-version.xml.i b/interface-definitions/include/version/broadcast-relay-version.xml.i new file mode 100644 index 0000000..98481f4 --- /dev/null +++ b/interface-definitions/include/version/broadcast-relay-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/broadcast-relay-version.xml.i --> +<syntaxVersion component='broadcast-relay' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/cluster-version.xml.i b/interface-definitions/include/version/cluster-version.xml.i new file mode 100644 index 0000000..402fe36 --- /dev/null +++ b/interface-definitions/include/version/cluster-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/cluster-version.xml.i --> +<syntaxVersion component='cluster' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/config-management-version.xml.i b/interface-definitions/include/version/config-management-version.xml.i new file mode 100644 index 0000000..695ba09 --- /dev/null +++ b/interface-definitions/include/version/config-management-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/config-management-version.xml.i --> +<syntaxVersion component='config-management' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/conntrack-sync-version.xml.i b/interface-definitions/include/version/conntrack-sync-version.xml.i new file mode 100644 index 0000000..f040c29 --- /dev/null +++ b/interface-definitions/include/version/conntrack-sync-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/conntrack-sync-version.xml.i --> +<syntaxVersion component='conntrack-sync' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i new file mode 100644 index 0000000..6995ce1 --- /dev/null +++ b/interface-definitions/include/version/conntrack-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/conntrack-version.xml.i --> +<syntaxVersion component='conntrack' version='5'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/container-version.xml.i b/interface-definitions/include/version/container-version.xml.i new file mode 100644 index 0000000..ed6e942 --- /dev/null +++ b/interface-definitions/include/version/container-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/container-version.xml.i --> +<syntaxVersion component='container' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/dhcp-relay-version.xml.i b/interface-definitions/include/version/dhcp-relay-version.xml.i new file mode 100644 index 0000000..75f5d54 --- /dev/null +++ b/interface-definitions/include/version/dhcp-relay-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/dhcp-relay-version.xml.i --> +<syntaxVersion component='dhcp-relay' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/dhcp-server-version.xml.i b/interface-definitions/include/version/dhcp-server-version.xml.i new file mode 100644 index 0000000..71f3d4a --- /dev/null +++ b/interface-definitions/include/version/dhcp-server-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/dhcp-server-version.xml.i --> +<syntaxVersion component='dhcp-server' version='11'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/dhcpv6-server-version.xml.i b/interface-definitions/include/version/dhcpv6-server-version.xml.i new file mode 100644 index 0000000..8b72a9c --- /dev/null +++ b/interface-definitions/include/version/dhcpv6-server-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/dhcpv6-server-version.xml.i --> +<syntaxVersion component='dhcpv6-server' version='6'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i new file mode 100644 index 0000000..346385c --- /dev/null +++ b/interface-definitions/include/version/dns-dynamic-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/dns-dynamic-version.xml.i --> +<syntaxVersion component='dns-dynamic' version='4'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/dns-forwarding-version.xml.i b/interface-definitions/include/version/dns-forwarding-version.xml.i new file mode 100644 index 0000000..86121ae --- /dev/null +++ b/interface-definitions/include/version/dns-forwarding-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/dns-forwarding-version.xml.i --> +<syntaxVersion component='dns-forwarding' version='4'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i new file mode 100644 index 0000000..a15cf0e --- /dev/null +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/firewall-version.xml.i --> +<syntaxVersion component='firewall' version='17'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/flow-accounting-version.xml.i b/interface-definitions/include/version/flow-accounting-version.xml.i new file mode 100644 index 0000000..5b01fe4 --- /dev/null +++ b/interface-definitions/include/version/flow-accounting-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/flow-accounting-version.xml.i --> +<syntaxVersion component='flow-accounting' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/https-version.xml.i b/interface-definitions/include/version/https-version.xml.i new file mode 100644 index 0000000..525314d --- /dev/null +++ b/interface-definitions/include/version/https-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/https-version.xml.i --> +<syntaxVersion component='https' version='6'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/ids-version.xml.i b/interface-definitions/include/version/ids-version.xml.i new file mode 100644 index 0000000..9133be0 --- /dev/null +++ b/interface-definitions/include/version/ids-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/ids-version.xml.i --> +<syntaxVersion component='ids' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i new file mode 100644 index 0000000..2915b31 --- /dev/null +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/interfaces-version.xml.i --> +<syntaxVersion component='interfaces' version='33'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/ipoe-server-version.xml.i b/interface-definitions/include/version/ipoe-server-version.xml.i new file mode 100644 index 0000000..b7718fc --- /dev/null +++ b/interface-definitions/include/version/ipoe-server-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/ipoe-server-version.xml.i --> +<syntaxVersion component='ipoe-server' version='4'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i new file mode 100644 index 0000000..a4d556c --- /dev/null +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/ipsec-version.xml.i --> +<syntaxVersion component='ipsec' version='13'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/isis-version.xml.i b/interface-definitions/include/version/isis-version.xml.i new file mode 100644 index 0000000..f50329b --- /dev/null +++ b/interface-definitions/include/version/isis-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/isis-version.xml.i --> +<syntaxVersion component='isis' version='3'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/l2tp-version.xml.i b/interface-definitions/include/version/l2tp-version.xml.i new file mode 100644 index 0000000..5397407 --- /dev/null +++ b/interface-definitions/include/version/l2tp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/l2tp-version.xml.i --> +<syntaxVersion component='l2tp' version='9'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/lldp-version.xml.i b/interface-definitions/include/version/lldp-version.xml.i new file mode 100644 index 0000000..b41d804 --- /dev/null +++ b/interface-definitions/include/version/lldp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/lldp-version.xml.i --> +<syntaxVersion component='lldp' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/mdns-version.xml.i b/interface-definitions/include/version/mdns-version.xml.i new file mode 100644 index 0000000..b200a68 --- /dev/null +++ b/interface-definitions/include/version/mdns-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/mdns-version.xml.i --> +<syntaxVersion component='mdns' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/monitoring-version.xml.i b/interface-definitions/include/version/monitoring-version.xml.i new file mode 100644 index 0000000..6a275a5 --- /dev/null +++ b/interface-definitions/include/version/monitoring-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/monitoring-version.xml.i --> +<syntaxVersion component='monitoring' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i new file mode 100644 index 0000000..173e91e --- /dev/null +++ b/interface-definitions/include/version/nat-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/nat-version.xml.i --> +<syntaxVersion component='nat' version='8'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i new file mode 100644 index 0000000..43a54c9 --- /dev/null +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/nat66-version.xml.i --> +<syntaxVersion component='nat66' version='3'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/ntp-version.xml.i b/interface-definitions/include/version/ntp-version.xml.i new file mode 100644 index 0000000..155c824 --- /dev/null +++ b/interface-definitions/include/version/ntp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/ntp-version.xml.i --> +<syntaxVersion component='ntp' version='3'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/openconnect-version.xml.i b/interface-definitions/include/version/openconnect-version.xml.i new file mode 100644 index 0000000..15097ee --- /dev/null +++ b/interface-definitions/include/version/openconnect-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/openconnect-version.xml.i --> +<syntaxVersion component='openconnect' version='3'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/openvpn-version.xml.i b/interface-definitions/include/version/openvpn-version.xml.i new file mode 100644 index 0000000..67ef219 --- /dev/null +++ b/interface-definitions/include/version/openvpn-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/openvpn-version.xml.i --> +<syntaxVersion component='openvpn' version='4'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/ospf-version.xml.i b/interface-definitions/include/version/ospf-version.xml.i new file mode 100644 index 0000000..df10883 --- /dev/null +++ b/interface-definitions/include/version/ospf-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/ospf-version.xml.i --> +<syntaxVersion component='ospf' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/pim-version.xml.i b/interface-definitions/include/version/pim-version.xml.i new file mode 100644 index 0000000..24cc38c --- /dev/null +++ b/interface-definitions/include/version/pim-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/pim-version.xml.i --> +<syntaxVersion component='pim' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i new file mode 100644 index 0000000..db727fe --- /dev/null +++ b/interface-definitions/include/version/policy-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/policy-version.xml.i --> +<syntaxVersion component='policy' version='8'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/pppoe-server-version.xml.i b/interface-definitions/include/version/pppoe-server-version.xml.i new file mode 100644 index 0000000..2e020fa --- /dev/null +++ b/interface-definitions/include/version/pppoe-server-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/pppoe-server-version.xml.i --> +<syntaxVersion component='pppoe-server' version='11'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/pptp-version.xml.i b/interface-definitions/include/version/pptp-version.xml.i new file mode 100644 index 0000000..a877d77 --- /dev/null +++ b/interface-definitions/include/version/pptp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/pptp-version.xml.i --> +<syntaxVersion component='pptp' version='5'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/qos-version.xml.i b/interface-definitions/include/version/qos-version.xml.i new file mode 100644 index 0000000..c67e61e --- /dev/null +++ b/interface-definitions/include/version/qos-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/qos-version.xml.i --> +<syntaxVersion component='qos' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/quagga-version.xml.i b/interface-definitions/include/version/quagga-version.xml.i new file mode 100644 index 0000000..23d884c --- /dev/null +++ b/interface-definitions/include/version/quagga-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/quagga-version.xml.i --> +<syntaxVersion component='quagga' version='11'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i new file mode 100644 index 0000000..907ea1e --- /dev/null +++ b/interface-definitions/include/version/reverseproxy-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/reverseproxy-version.xml.i --> +<syntaxVersion component='reverse-proxy' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/rip-version.xml.i b/interface-definitions/include/version/rip-version.xml.i new file mode 100644 index 0000000..30ace48 --- /dev/null +++ b/interface-definitions/include/version/rip-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/rip-version.xml.i --> +<syntaxVersion component='rip' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/rpki-version.xml.i b/interface-definitions/include/version/rpki-version.xml.i new file mode 100644 index 0000000..45ff4fb --- /dev/null +++ b/interface-definitions/include/version/rpki-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/rpki-version.xml.i --> +<syntaxVersion component='rpki' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/salt-version.xml.i b/interface-definitions/include/version/salt-version.xml.i new file mode 100644 index 0000000..fe46840 --- /dev/null +++ b/interface-definitions/include/version/salt-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/salt-version.xml.i --> +<syntaxVersion component='salt' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/snmp-version.xml.i b/interface-definitions/include/version/snmp-version.xml.i new file mode 100644 index 0000000..fa58672 --- /dev/null +++ b/interface-definitions/include/version/snmp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/snmp-version.xml.i --> +<syntaxVersion component='snmp' version='3'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/ssh-version.xml.i b/interface-definitions/include/version/ssh-version.xml.i new file mode 100644 index 0000000..0f25caf --- /dev/null +++ b/interface-definitions/include/version/ssh-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/ssh-version.xml.i --> +<syntaxVersion component='ssh' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/sstp-version.xml.i b/interface-definitions/include/version/sstp-version.xml.i new file mode 100644 index 0000000..5e30950 --- /dev/null +++ b/interface-definitions/include/version/sstp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/sstp-version.xml.i --> +<syntaxVersion component='sstp' version='6'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i new file mode 100644 index 0000000..fcb24ab --- /dev/null +++ b/interface-definitions/include/version/system-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/system-version.xml.i --> +<syntaxVersion component='system' version='27'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/vrf-version.xml.i b/interface-definitions/include/version/vrf-version.xml.i new file mode 100644 index 0000000..9d7ff35 --- /dev/null +++ b/interface-definitions/include/version/vrf-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/vrf-version.xml.i --> +<syntaxVersion component='vrf' version='3'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/vrrp-version.xml.i b/interface-definitions/include/version/vrrp-version.xml.i new file mode 100644 index 0000000..1514b19 --- /dev/null +++ b/interface-definitions/include/version/vrrp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/vrrp-version.xml.i --> +<syntaxVersion component='vrrp' version='4'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/vyos-accel-ppp-version.xml.i b/interface-definitions/include/version/vyos-accel-ppp-version.xml.i new file mode 100644 index 0000000..e5a4e16 --- /dev/null +++ b/interface-definitions/include/version/vyos-accel-ppp-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/vyos-accel-ppp-version.xml.i --> +<syntaxVersion component='vyos-accel-ppp' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/wanloadbalance-version.xml.i b/interface-definitions/include/version/wanloadbalance-version.xml.i new file mode 100644 index 0000000..59f8729 --- /dev/null +++ b/interface-definitions/include/version/wanloadbalance-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/wanloadbalance-version.xml.i --> +<syntaxVersion component='wanloadbalance' version='3'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/webproxy-version.xml.i b/interface-definitions/include/version/webproxy-version.xml.i new file mode 100644 index 0000000..42dbf3f --- /dev/null +++ b/interface-definitions/include/version/webproxy-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/webproxy-version.xml.i --> +<syntaxVersion component='webproxy' version='2'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/vni.xml.i b/interface-definitions/include/vni.xml.i new file mode 100644 index 0000000..36176ca --- /dev/null +++ b/interface-definitions/include/vni.xml.i @@ -0,0 +1,14 @@ +<!-- include start from vni.xml.i --> +<leafNode name="vni"> + <properties> + <help>Virtual Network Identifier</help> + <valueHelp> + <format>u32:0-16777214</format> + <description>VXLAN virtual network identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777214"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/vpn-ipsec-encryption.xml.i b/interface-definitions/include/vpn-ipsec-encryption.xml.i new file mode 100644 index 0000000..629e6a0 --- /dev/null +++ b/interface-definitions/include/vpn-ipsec-encryption.xml.i @@ -0,0 +1,234 @@ +<!-- include start from vpn-ipsec-encryption.xml.i --> +<leafNode name="encryption"> + <properties> + <help>Encryption algorithm</help> + <completionHelp> + <list>null aes128 aes192 aes256 aes128ctr aes192ctr aes256ctr aes128ccm64 aes192ccm64 aes256ccm64 aes128ccm96 aes192ccm96 aes256ccm96 aes128ccm128 aes192ccm128 aes256ccm128 aes128gcm64 aes192gcm64 aes256gcm64 aes128gcm96 aes192gcm96 aes256gcm96 aes128gcm128 aes192gcm128 aes256gcm128 aes128gmac aes192gmac aes256gmac 3des blowfish128 blowfish192 blowfish256 camellia128 camellia192 camellia256 camellia128ctr camellia192ctr camellia256ctr camellia128ccm64 camellia192ccm64 camellia256ccm64 camellia128ccm96 camellia192ccm96 camellia256ccm96 camellia128ccm128 camellia192ccm128 camellia256ccm128 serpent128 serpent192 serpent256 twofish128 twofish192 twofish256 cast128 chacha20poly1305</list> + </completionHelp> + <valueHelp> + <format>null</format> + <description>Null encryption</description> + </valueHelp> + <valueHelp> + <format>aes128</format> + <description>128 bit AES-CBC</description> + </valueHelp> + <valueHelp> + <format>aes192</format> + <description>192 bit AES-CBC</description> + </valueHelp> + <valueHelp> + <format>aes256</format> + <description>256 bit AES-CBC</description> + </valueHelp> + <valueHelp> + <format>aes128ctr</format> + <description>128 bit AES-COUNTER</description> + </valueHelp> + <valueHelp> + <format>aes192ctr</format> + <description>192 bit AES-COUNTER</description> + </valueHelp> + <valueHelp> + <format>aes256ctr</format> + <description>256 bit AES-COUNTER</description> + </valueHelp> + <valueHelp> + <format>aes128ccm64</format> + <description>128 bit AES-CCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes192ccm64</format> + <description>192 bit AES-CCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes256ccm64</format> + <description>256 bit AES-CCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes128ccm96</format> + <description>128 bit AES-CCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes192ccm96</format> + <description>192 bit AES-CCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes256ccm96</format> + <description>256 bit AES-CCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes128ccm128</format> + <description>128 bit AES-CCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes192ccm128</format> + <description>192 bit AES-CCM with 128 bit IC</description> + </valueHelp> + <valueHelp> + <format>aes256ccm128</format> + <description>256 bit AES-CCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes128gcm64</format> + <description>128 bit AES-GCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes192gcm64</format> + <description>192 bit AES-GCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes256gcm64</format> + <description>256 bit AES-GCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes128gcm96</format> + <description>128 bit AES-GCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes192gcm96</format> + <description>192 bit AES-GCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes256gcm96</format> + <description>256 bit AES-GCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes128gcm128</format> + <description>128 bit AES-GCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes192gcm128</format> + <description>192 bit AES-GCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes256gcm128</format> + <description>256 bit AES-GCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>aes128gmac</format> + <description>Null encryption with 128 bit AES-GMAC</description> + </valueHelp> + <valueHelp> + <format>aes192gmac</format> + <description>Null encryption with 192 bit AES-GMAC</description> + </valueHelp> + <valueHelp> + <format>aes256gmac</format> + <description>Null encryption with 256 bit AES-GMAC</description> + </valueHelp> + <valueHelp> + <format>3des</format> + <description>168 bit 3DES-EDE-CBC</description> + </valueHelp> + <valueHelp> + <format>blowfish128</format> + <description>128 bit Blowfish-CBC</description> + </valueHelp> + <valueHelp> + <format>blowfish192</format> + <description>192 bit Blowfish-CBC</description> + </valueHelp> + <valueHelp> + <format>blowfish256</format> + <description>256 bit Blowfish-CBC</description> + </valueHelp> + <valueHelp> + <format>camellia128</format> + <description>128 bit Camellia-CBC</description> + </valueHelp> + <valueHelp> + <format>camellia192</format> + <description>192 bit Camellia-CBC</description> + </valueHelp> + <valueHelp> + <format>camellia256</format> + <description>256 bit Camellia-CBC</description> + </valueHelp> + <valueHelp> + <format>camellia128ctr</format> + <description>128 bit Camellia-COUNTER</description> + </valueHelp> + <valueHelp> + <format>camellia192ctr</format> + <description>192 bit Camellia-COUNTER</description> + </valueHelp> + <valueHelp> + <format>camellia256ctr</format> + <description>256 bit Camellia-COUNTER</description> + </valueHelp> + <valueHelp> + <format>camellia128ccm64</format> + <description>128 bit Camellia-CCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia192ccm64</format> + <description>192 bit Camellia-CCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia256ccm64</format> + <description>256 bit Camellia-CCM with 64 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia128ccm96</format> + <description>128 bit Camellia-CCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia192ccm96</format> + <description>192 bit Camellia-CCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia256ccm96</format> + <description>256 bit Camellia-CCM with 96 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia128ccm128</format> + <description>128 bit Camellia-CCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia192ccm128</format> + <description>192 bit Camellia-CCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>camellia256ccm128</format> + <description>256 bit Camellia-CCM with 128 bit ICV</description> + </valueHelp> + <valueHelp> + <format>serpent128</format> + <description>128 bit Serpent-CBC</description> + </valueHelp> + <valueHelp> + <format>serpent192</format> + <description>192 bit Serpent-CBC</description> + </valueHelp> + <valueHelp> + <format>serpent256</format> + <description>256 bit Serpent-CBC</description> + </valueHelp> + <valueHelp> + <format>twofish128</format> + <description>128 bit Twofish-CBC</description> + </valueHelp> + <valueHelp> + <format>twofish192</format> + <description>192 bit Twofish-CBC</description> + </valueHelp> + <valueHelp> + <format>twofish256</format> + <description>256 bit Twofish-CBC</description> + </valueHelp> + <valueHelp> + <format>cast128</format> + <description>128 bit CAST-CBC</description> + </valueHelp> + <valueHelp> + <format>chacha20poly1305</format> + <description>256 bit ChaCha20/Poly1305 with 128 bit ICV</description> + </valueHelp> + <constraint> + <regex>(null|aes128|aes192|aes256|aes128ctr|aes192ctr|aes256ctr|aes128ccm64|aes192ccm64|aes256ccm64|aes128ccm96|aes192ccm96|aes256ccm96|aes128ccm128|aes192ccm128|aes256ccm128|aes128gcm64|aes192gcm64|aes256gcm64|aes128gcm96|aes192gcm96|aes256gcm96|aes128gcm128|aes192gcm128|aes256gcm128|aes128gmac|aes192gmac|aes256gmac|3des|blowfish128|blowfish192|blowfish256|camellia128|camellia192|camellia256|camellia128ctr|camellia192ctr|camellia256ctr|camellia128ccm64|camellia192ccm64|camellia256ccm64|camellia128ccm96|camellia192ccm96|camellia256ccm96|camellia128ccm128|camellia192ccm128|camellia256ccm128|serpent128|serpent192|serpent256|twofish128|twofish192|twofish256|cast128|chacha20poly1305)</regex> + </constraint> + </properties> + <defaultValue>aes128</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/vpn-ipsec-hash.xml.i b/interface-definitions/include/vpn-ipsec-hash.xml.i new file mode 100644 index 0000000..73d19c2 --- /dev/null +++ b/interface-definitions/include/vpn-ipsec-hash.xml.i @@ -0,0 +1,66 @@ +<!-- include start from vpn-ipsec-hash.xml.i --> +<leafNode name="hash"> + <properties> + <help>Hash algorithm</help> + <completionHelp> + <list>md5 md5_128 sha1 sha1_160 sha256 sha256_96 sha384 sha512 aesxcbc aescmac aes128gmac aes192gmac aes256gmac</list> + </completionHelp> + <valueHelp> + <format>md5</format> + <description>MD5 HMAC</description> + </valueHelp> + <valueHelp> + <format>md5_128</format> + <description>MD5_128 HMAC</description> + </valueHelp> + <valueHelp> + <format>sha1</format> + <description>SHA1 HMAC</description> + </valueHelp> + <valueHelp> + <format>sha1_160</format> + <description>SHA1_160 HMAC</description> + </valueHelp> + <valueHelp> + <format>sha256</format> + <description>SHA2_256_128 HMAC</description> + </valueHelp> + <valueHelp> + <format>sha256_96</format> + <description>SHA2_256_96 HMAC</description> + </valueHelp> + <valueHelp> + <format>sha384</format> + <description>SHA2_384_192 HMAC</description> + </valueHelp> + <valueHelp> + <format>sha512</format> + <description>SHA2_512_256 HMAC</description> + </valueHelp> + <valueHelp> + <format>aesxcbc</format> + <description>AES XCBC</description> + </valueHelp> + <valueHelp> + <format>aescmac</format> + <description>AES CMAC</description> + </valueHelp> + <valueHelp> + <format>aes128gmac</format> + <description>128-bit AES-GMAC</description> + </valueHelp> + <valueHelp> + <format>aes192gmac</format> + <description>192-bit AES-GMAC</description> + </valueHelp> + <valueHelp> + <format>aes256gmac</format> + <description>256-bit AES-GMAC</description> + </valueHelp> + <constraint> + <regex>(md5|md5_128|sha1|sha1_160|sha256|sha256_96|sha384|sha512|aesxcbc|aescmac|aes128gmac|aes192gmac|aes256gmac)</regex> + </constraint> + </properties> + <defaultValue>sha1</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/vrf-multi.xml.i b/interface-definitions/include/vrf-multi.xml.i new file mode 100644 index 0000000..0b22894 --- /dev/null +++ b/interface-definitions/include/vrf-multi.xml.i @@ -0,0 +1,22 @@ +<!-- include start from interface/vrf.xml.i --> +<leafNode name="vrf"> + <properties> + <help>VRF instance name</help> + <completionHelp> + <path>vrf name</path> + <list>default</list> + </completionHelp> + <valueHelp> + <format>default</format> + <description>Explicitly start in default VRF</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>VRF instance name</description> + </valueHelp> + #include <include/constraint/vrf.xml.i> + <multi/> + </properties> + <defaultValue>default</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/vrrp-transition-script.xml.i b/interface-definitions/include/vrrp-transition-script.xml.i new file mode 100644 index 0000000..cf57c3c --- /dev/null +++ b/interface-definitions/include/vrrp-transition-script.xml.i @@ -0,0 +1,41 @@ +<!-- include start from vrrp-transition-script.xml.i --> +<node name="transition-script"> + <properties> + <help>VRRP transition scripts</help> + </properties> + <children> + <leafNode name="master"> + <properties> + <help>Script to run on VRRP state transition to master</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="backup"> + <properties> + <help>Script to run on VRRP state transition to backup</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="fault"> + <properties> + <help>Script to run on VRRP state transition to fault</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Script to run on VRRP state transition to stop</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/vrrp/garp.xml.i b/interface-definitions/include/vrrp/garp.xml.i new file mode 100644 index 0000000..b56b490 --- /dev/null +++ b/interface-definitions/include/vrrp/garp.xml.i @@ -0,0 +1,78 @@ +<!-- include start from vrrp/garp.xml.i --> +<node name="garp"> + <properties> + <help>Gratuitous ARP parameters</help> + </properties> + <children> + <leafNode name="interval"> + <properties> + <help>Interval between Gratuitous ARP</help> + <valueHelp> + <format><0.000-1000></format> + <description>Interval in seconds, resolution microseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0.000-1000 --float"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="master-delay"> + <properties> + <help>Delay for second set of gratuitous ARPs after transition to master</help> + <valueHelp> + <format>u32:1-1000</format> + <description>Delay in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1000"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + <leafNode name="master-refresh"> + <properties> + <help>Minimum time interval for refreshing gratuitous ARPs while beeing master</help> + <valueHelp> + <format>u32:0</format> + <description>No refresh</description> + </valueHelp> + <valueHelp> + <format>u32:1-255</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + <leafNode name="master-refresh-repeat"> + <properties> + <help>Number of gratuitous ARP messages to send at a time while beeing master</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of gratuitous ARP messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + <leafNode name="master-repeat"> + <properties> + <help>Number of gratuitous ARP messages to send at a time after transition to master</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of gratuitous ARP messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/webproxy-url-filtering.xml.i b/interface-definitions/include/webproxy-url-filtering.xml.i new file mode 100644 index 0000000..7763cb3 --- /dev/null +++ b/interface-definitions/include/webproxy-url-filtering.xml.i @@ -0,0 +1,119 @@ +<!-- include start from webproxy-url-filtering.xml.i --> +<leafNode name="allow-category"> + <properties> + <help>Category to allow</help> + <completionHelp> + <script>${vyos_completion_dir}/list_webproxy_category.sh</script> + </completionHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="allow-ipaddr-url"> + <properties> + <help>Allow IP address URLs</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="block-category"> + <properties> + <help>Category to block</help> + <completionHelp> + <script>${vyos_completion_dir}/list_webproxy_category.sh</script> + </completionHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="default-action"> + <properties> + <help>Default action (default: allow)</help> + <completionHelp> + <list>allow block</list> + </completionHelp> + <valueHelp> + <format>allow</format> + <description>Default filter action is allow)</description> + </valueHelp> + <valueHelp> + <format>block</format> + <description>Default filter action is block</description> + </valueHelp> + <constraint> + <regex>(allow|block)</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="enable-safe-search"> + <properties> + <help>Enable safe-mode search on popular search engines</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="local-block-keyword"> + <properties> + <help>Local keyword to block</help> + <valueHelp> + <format>keyword</format> + <description>Keyword (or regex) to block</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="local-block-url"> + <properties> + <help>Local URL to block</help> + <valueHelp> + <format>url</format> + <description>Local URL to block (without "http://")</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="local-block"> + <properties> + <help>Local site to block</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of site to block</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="local-ok-url"> + <properties> + <help>Local URL to allow</help> + <valueHelp> + <format>url</format> + <description>Local URL to allow (without "http://")</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<leafNode name="local-ok"> + <properties> + <help>Local site to allow</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of site to allow</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="log"> + <properties> + <help>Log block category</help> + <completionHelp> + <script>${vyos_completion_dir}/list_webproxy_category.sh</script> + <list>all</list> + </completionHelp> + <multi/> + </properties> +</leafNode> +<!-- include end --> |