From a950059053f7394acfb453cc0d8194aa3dc721fa Mon Sep 17 00:00:00 2001
From: kumvijaya <kuvmijaya@gmail.com>
Date: Thu, 26 Sep 2024 11:31:07 +0530
Subject: T6732: added same as vyos 1x

---
 interface-definitions/include/policy/action.xml.i  |  21 +++
 .../include/policy/community-clear.xml.i           |   8 +
 .../include/policy/community-value-list.xml.i      |  90 ++++++++++
 .../policy/extended-community-value-list.xml.i     |  15 ++
 interface-definitions/include/policy/host.xml.i    |  14 ++
 .../include/policy/inverse-mask.xml.i              |  14 ++
 .../policy/large-community-value-list.xml.i        |  10 ++
 .../policy/local-route_rule_ipv4_address.xml.i     |  20 +++
 .../policy/local-route_rule_ipv6_address.xml.i     |  20 +++
 .../include/policy/local-route_rule_protocol.xml.i |  21 +++
 interface-definitions/include/policy/network.xml.i |  14 ++
 .../include/policy/prefix-list.xml.i               |  14 ++
 .../include/policy/prefix-list6.xml.i              |  14 ++
 .../include/policy/route-common.xml.i              | 116 ++++++++++++
 .../include/policy/route-ipv4.xml.i                |  14 ++
 .../include/policy/route-ipv6.xml.i                | 196 +++++++++++++++++++++
 .../include/policy/route-rule-action.xml.i         |  29 +++
 interface-definitions/include/policy/tag.xml.i     |  14 ++
 18 files changed, 644 insertions(+)
 create mode 100644 interface-definitions/include/policy/action.xml.i
 create mode 100644 interface-definitions/include/policy/community-clear.xml.i
 create mode 100644 interface-definitions/include/policy/community-value-list.xml.i
 create mode 100644 interface-definitions/include/policy/extended-community-value-list.xml.i
 create mode 100644 interface-definitions/include/policy/host.xml.i
 create mode 100644 interface-definitions/include/policy/inverse-mask.xml.i
 create mode 100644 interface-definitions/include/policy/large-community-value-list.xml.i
 create mode 100644 interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i
 create mode 100644 interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i
 create mode 100644 interface-definitions/include/policy/local-route_rule_protocol.xml.i
 create mode 100644 interface-definitions/include/policy/network.xml.i
 create mode 100644 interface-definitions/include/policy/prefix-list.xml.i
 create mode 100644 interface-definitions/include/policy/prefix-list6.xml.i
 create mode 100644 interface-definitions/include/policy/route-common.xml.i
 create mode 100644 interface-definitions/include/policy/route-ipv4.xml.i
 create mode 100644 interface-definitions/include/policy/route-ipv6.xml.i
 create mode 100644 interface-definitions/include/policy/route-rule-action.xml.i
 create mode 100644 interface-definitions/include/policy/tag.xml.i

(limited to 'interface-definitions/include/policy')

diff --git a/interface-definitions/include/policy/action.xml.i b/interface-definitions/include/policy/action.xml.i
new file mode 100644
index 0000000..5aa8655
--- /dev/null
+++ b/interface-definitions/include/policy/action.xml.i
@@ -0,0 +1,21 @@
+<!-- include start from policy/action.xml.i -->
+<leafNode name="action">
+  <properties>
+    <help>Action to take on entries matching this rule</help>
+    <completionHelp>
+      <list>permit deny</list>
+    </completionHelp>
+    <valueHelp>
+      <format>permit</format>
+      <description>Permit matching entries</description>
+    </valueHelp>
+    <valueHelp>
+      <format>deny</format>
+      <description>Deny matching entries</description>
+    </valueHelp>
+    <constraint>
+      <regex>(permit|deny)</regex>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/community-clear.xml.i b/interface-definitions/include/policy/community-clear.xml.i
new file mode 100644
index 0000000..0fd57cd
--- /dev/null
+++ b/interface-definitions/include/policy/community-clear.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from policy/community-clear.xml.i -->
+<leafNode name="none">
+  <properties>
+    <help>Completely remove communities attribute from a prefix</help>
+    <valueless/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/community-value-list.xml.i b/interface-definitions/include/policy/community-value-list.xml.i
new file mode 100644
index 0000000..8c665c5
--- /dev/null
+++ b/interface-definitions/include/policy/community-value-list.xml.i
@@ -0,0 +1,90 @@
+<!-- include start from policy/community-value-list.xml.i -->
+<completionHelp>
+    <list>
+      local-as
+      no-advertise
+      no-export
+      internet
+      graceful-shutdown
+      accept-own
+      route-filter-translated-v4
+      route-filter-v4
+      route-filter-translated-v6
+      route-filter-v6
+      llgr-stale
+      no-llgr
+      accept-own-nexthop
+      blackhole
+      no-peer
+    </list>
+</completionHelp>
+<valueHelp>
+    <format>&lt;AS:VAL&gt;</format>
+    <description>Community number in &lt;0-65535:0-65535&gt; format</description>
+</valueHelp>
+<valueHelp>
+    <format>local-as</format>
+    <description>Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03</description>
+</valueHelp>
+<valueHelp>
+    <format>no-advertise</format>
+    <description>Well-known communities value NO_ADVERTISE 0xFFFFFF02</description>
+</valueHelp>
+<valueHelp>
+    <format>no-export</format>
+    <description>Well-known communities value NO_EXPORT 0xFFFFFF01</description>
+</valueHelp>
+<valueHelp>
+    <format>internet</format>
+    <description>Well-known communities value 0</description>
+</valueHelp>
+<valueHelp>
+    <format>graceful-shutdown</format>
+    <description>Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000</description>
+</valueHelp>
+<valueHelp>
+    <format>accept-own</format>
+    <description>Well-known communities value ACCEPT_OWN 0xFFFF0001</description>
+</valueHelp>
+<valueHelp>
+    <format>route-filter-translated-v4</format>
+    <description>Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002</description>
+</valueHelp>
+<valueHelp>
+    <format>route-filter-v4</format>
+    <description>Well-known communities value ROUTE_FILTER_v4 0xFFFF0003</description>
+</valueHelp>
+<valueHelp>
+    <format>route-filter-translated-v6</format>
+    <description>Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004</description>
+</valueHelp>
+<valueHelp>
+    <format>route-filter-v6</format>
+    <description>Well-known communities value ROUTE_FILTER_v6 0xFFFF0005</description>
+</valueHelp>
+<valueHelp>
+    <format>llgr-stale</format>
+    <description>Well-known communities value LLGR_STALE 0xFFFF0006</description>
+</valueHelp>
+<valueHelp>
+    <format>no-llgr</format>
+    <description>Well-known communities value NO_LLGR 0xFFFF0007</description>
+</valueHelp>
+<valueHelp>
+    <format>accept-own-nexthop</format>
+    <description>Well-known communities value accept-own-nexthop 0xFFFF0008</description>
+</valueHelp>
+<valueHelp>
+    <format>blackhole</format>
+    <description>Well-known communities value BLACKHOLE 0xFFFF029A</description>
+</valueHelp>
+<valueHelp>
+    <format>no-peer</format>
+    <description>Well-known communities value NOPEER 0xFFFFFF04</description>
+</valueHelp>
+<multi/>
+<constraint>
+    <regex>local-as|no-advertise|no-export|internet|graceful-shutdown|accept-own|route-filter-translated-v4|route-filter-v4|route-filter-translated-v6|route-filter-v6|llgr-stale|no-llgr|accept-own-nexthop|blackhole|no-peer</regex>
+    <validator name="bgp-regular-community"/>
+</constraint>
+        <!-- include end -->
diff --git a/interface-definitions/include/policy/extended-community-value-list.xml.i b/interface-definitions/include/policy/extended-community-value-list.xml.i
new file mode 100644
index 0000000..33a279b
--- /dev/null
+++ b/interface-definitions/include/policy/extended-community-value-list.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from policy/community-value-list.xml.i -->
+<valueHelp>
+  <format>ASN:NN</format>
+  <description>based on autonomous system number in format &lt;0-65535:0-4294967295&gt;</description>
+</valueHelp>
+<valueHelp>
+  <format>IP:NN</format>
+  <description>Based on a router-id IP address in format &lt;IP:0-65535&gt;</description>
+</valueHelp>
+<constraint>
+  <validator name="bgp-extended-community"/>
+</constraint>
+<constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage>
+<multi/>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/host.xml.i b/interface-definitions/include/policy/host.xml.i
new file mode 100644
index 0000000..ac017c6
--- /dev/null
+++ b/interface-definitions/include/policy/host.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/host.xml.i -->
+<leafNode name="host">
+  <properties>
+    <help>Single host IP address to match</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Host address to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/inverse-mask.xml.i b/interface-definitions/include/policy/inverse-mask.xml.i
new file mode 100644
index 0000000..cec69a8
--- /dev/null
+++ b/interface-definitions/include/policy/inverse-mask.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/inverse-mask.xml.i -->
+<leafNode name="inverse-mask">
+  <properties>
+    <help>Network/netmask to match (requires network be defined)</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Inverse-mask to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/large-community-value-list.xml.i b/interface-definitions/include/policy/large-community-value-list.xml.i
new file mode 100644
index 0000000..33b1f13
--- /dev/null
+++ b/interface-definitions/include/policy/large-community-value-list.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from policy/community-value-list.xml.i -->
+<valueHelp>
+    <description>Community in format &lt;0-4294967295:0-4294967295:0-4294967295&gt;</description>
+    <format>&lt;GA:LDP1:LDP2&gt;</format>
+</valueHelp>
+<multi/>
+<constraint>
+    <validator name="bgp-large-community"/>
+</constraint>
+        <!-- include end -->
diff --git a/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i
new file mode 100644
index 0000000..ffe73ee
--- /dev/null
+++ b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i
@@ -0,0 +1,20 @@
+<!-- include start from policy/local-route_rule_ipv4_address.xml.i -->
+<leafNode name="address">
+  <properties>
+    <help>IPv4 address or prefix</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>Address to match against</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv4net</format>
+      <description>Prefix to match against</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+      <validator name="ip-prefix"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i
new file mode 100644
index 0000000..d8fb6c0
--- /dev/null
+++ b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i
@@ -0,0 +1,20 @@
+<!-- include start from policy/local-route_rule_ipv6_address.xml.i -->
+<leafNode name="address">
+  <properties>
+    <help>IPv6 address or prefix</help>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>Address to match against</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv6net</format>
+      <description>Prefix to match against</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv6-address"/>
+      <validator name="ipv6-prefix"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/local-route_rule_protocol.xml.i b/interface-definitions/include/policy/local-route_rule_protocol.xml.i
new file mode 100644
index 0000000..57582eb
--- /dev/null
+++ b/interface-definitions/include/policy/local-route_rule_protocol.xml.i
@@ -0,0 +1,21 @@
+<!-- include start from policy/local-route_rule_protocol.xml.i -->
+<leafNode name="protocol">
+  <properties>
+    <help>Protocol to match (protocol name or number)</help>
+    <completionHelp>
+      <script>${vyos_completion_dir}/list_protocols.sh</script>
+    </completionHelp>
+    <valueHelp>
+      <format>u32:0-255</format>
+      <description>IP protocol number</description>
+    </valueHelp>
+    <valueHelp>
+      <format>&lt;protocol&gt;</format>
+      <description>IP protocol name</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-protocol"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/network.xml.i b/interface-definitions/include/policy/network.xml.i
new file mode 100644
index 0000000..f2aea6b
--- /dev/null
+++ b/interface-definitions/include/policy/network.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/network.xml.i -->
+<leafNode name="network">
+  <properties>
+    <help>Network/netmask to match (requires inverse-mask be defined)</help>
+    <valueHelp>
+      <format>ipv4net</format>
+      <description>Inverse-mask to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/prefix-list.xml.i b/interface-definitions/include/policy/prefix-list.xml.i
new file mode 100644
index 0000000..5d7980e
--- /dev/null
+++ b/interface-definitions/include/policy/prefix-list.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/prefix-list.xml.i -->
+<leafNode name="prefix-list">
+  <properties>
+    <help>Prefix-list to use</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Prefix-list to apply (IPv4)</description>
+    </valueHelp>
+    <completionHelp>
+      <path>policy prefix-list</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/prefix-list6.xml.i b/interface-definitions/include/policy/prefix-list6.xml.i
new file mode 100644
index 0000000..101702f
--- /dev/null
+++ b/interface-definitions/include/policy/prefix-list6.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/prefix-list6.xml.i -->
+<leafNode name="prefix-list6">
+  <properties>
+    <help>Prefix-list to use</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Prefix-list to apply (IPv6)</description>
+    </valueHelp>
+    <completionHelp>
+      <path>policy prefix-list6</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i
new file mode 100644
index 0000000..19ffc05
--- /dev/null
+++ b/interface-definitions/include/policy/route-common.xml.i
@@ -0,0 +1,116 @@
+<!-- include start from policy/route-common.xml.i -->
+#include <include/policy/route-rule-action.xml.i>
+#include <include/generic-description.xml.i>
+#include <include/firewall/firewall-mark.xml.i>
+#include <include/generic-disable-node.xml.i>
+#include <include/firewall/fragment.xml.i>
+#include <include/firewall/match-ipsec.xml.i>
+#include <include/firewall/limit.xml.i>
+#include <include/firewall/log.xml.i>
+<leafNode name="protocol">
+  <properties>
+    <help>Protocol to match (protocol name, number, or "all")</help>
+    <completionHelp>
+      <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script>
+    </completionHelp>
+    <valueHelp>
+      <format>all</format>
+      <description>All IP protocols</description>
+    </valueHelp>
+    <valueHelp>
+      <format>tcp_udp</format>
+      <description>Both TCP and UDP</description>
+    </valueHelp>
+    <valueHelp>
+      <format>0-255</format>
+      <description>IP protocol number</description>
+    </valueHelp>
+    <valueHelp>
+      <format>!&lt;protocol&gt;</format>
+      <description>IP protocol number</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-protocol"/>
+    </constraint>
+  </properties>
+  <defaultValue>all</defaultValue>
+</leafNode>
+<node name="recent">
+  <properties>
+    <help>Parameters for matching recently seen sources</help>
+  </properties>
+  <children>
+    <leafNode name="count">
+      <properties>
+        <help>Source addresses seen more than N times</help>
+        <valueHelp>
+          <format>u32:1-255</format>
+          <description>Source addresses seen more than N times</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-255"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="time">
+      <properties>
+        <help>Source addresses seen in the last N seconds</help>
+        <valueHelp>
+          <format>u32:0-4294967295</format>
+          <description>Source addresses seen in the last N seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 0-4294967295"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+#include <include/firewall/set-packet-modifications.xml.i>
+#include <include/firewall/state.xml.i>
+#include <include/firewall/tcp-flags.xml.i>
+#include <include/firewall/tcp-mss.xml.i>
+<node name="time">
+  <properties>
+    <help>Time to match rule</help>
+  </properties>
+  <children>
+    <leafNode name="monthdays">
+      <properties>
+        <help>Monthdays to match rule on</help>
+      </properties>
+    </leafNode>
+    <leafNode name="startdate">
+      <properties>
+        <help>Date to start matching rule</help>
+      </properties>
+    </leafNode>
+    <leafNode name="starttime">
+      <properties>
+        <help>Time of day to start matching rule</help>
+      </properties>
+    </leafNode>
+    <leafNode name="stopdate">
+      <properties>
+        <help>Date to stop matching rule</help>
+      </properties>
+    </leafNode>
+    <leafNode name="stoptime">
+      <properties>
+        <help>Time of day to stop matching rule</help>
+      </properties>
+    </leafNode>
+    <leafNode name="utc">
+      <properties>
+        <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help>
+        <valueless/>
+      </properties>
+    </leafNode>
+    <leafNode name="weekdays">
+      <properties>
+        <help>Weekdays to match rule on</help>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/route-ipv4.xml.i b/interface-definitions/include/policy/route-ipv4.xml.i
new file mode 100644
index 0000000..c12abca
--- /dev/null
+++ b/interface-definitions/include/policy/route-ipv4.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/route-ipv4.xml.i -->
+<node name="source">
+  <properties>
+    <help>Source parameters</help>
+  </properties>
+  <children>
+    #include <include/firewall/address.xml.i>
+    #include <include/firewall/source-destination-group.xml.i>
+    #include <include/firewall/mac-address.xml.i>
+    #include <include/firewall/port.xml.i>
+  </children>
+</node>
+#include <include/firewall/icmp.xml.i>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/route-ipv6.xml.i b/interface-definitions/include/policy/route-ipv6.xml.i
new file mode 100644
index 0000000..d636a65
--- /dev/null
+++ b/interface-definitions/include/policy/route-ipv6.xml.i
@@ -0,0 +1,196 @@
+<!-- include start from policy/route-ipv6.xml.i -->
+<node name="source">
+  <properties>
+    <help>Source parameters</help>
+  </properties>
+  <children>
+    #include <include/firewall/address-ipv6.xml.i>
+    #include <include/firewall/source-destination-group.xml.i>
+    #include <include/firewall/mac-address.xml.i>
+    #include <include/firewall/port.xml.i>
+  </children>
+</node>
+<node name="icmpv6">
+  <properties>
+    <help>ICMPv6 type and code information</help>
+  </properties>
+  <children>
+    <leafNode name="type">
+      <properties>
+        <help>ICMP type-name</help>
+        <completionHelp>
+          <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply packet-too-big</list>
+        </completionHelp>
+        <valueHelp>
+          <format>any</format>
+          <description>Any ICMP type/code</description>
+        </valueHelp>
+        <valueHelp>
+          <format>echo-reply</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>pong</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>destination-unreachable</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>network-unreachable</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>host-unreachable</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>protocol-unreachable</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>port-unreachable</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>fragmentation-needed</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>source-route-failed</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>network-unknown</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>host-unknown</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>network-prohibited</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>host-prohibited</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>TOS-network-unreachable</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>TOS-host-unreachable</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>communication-prohibited</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>host-precedence-violation</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>precedence-cutoff</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>source-quench</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>redirect</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>network-redirect</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>host-redirect</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>TOS-network-redirect</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>TOS host-redirect</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>echo-request</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ping</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>router-advertisement</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>router-solicitation</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>time-exceeded</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ttl-exceeded</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ttl-zero-during-transit</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ttl-zero-during-reassembly</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>parameter-problem</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ip-header-bad</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>required-option-missing</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>timestamp-request</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>timestamp-reply</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>address-mask-request</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>address-mask-reply</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>packet-too-big</format>
+          <description>ICMP type/code name</description>
+        </valueHelp>
+        <constraint>
+          <regex>(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)</regex>
+          <validator name="numeric" argument="--range 0-255"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/route-rule-action.xml.i b/interface-definitions/include/policy/route-rule-action.xml.i
new file mode 100644
index 0000000..c2698db
--- /dev/null
+++ b/interface-definitions/include/policy/route-rule-action.xml.i
@@ -0,0 +1,29 @@
+<!-- include start from policy/route-rule-action.xml.i -->
+<leafNode name="action">
+  <properties>
+    <help>Rule action</help>
+    <completionHelp>
+      <list>accept reject return drop</list>
+    </completionHelp>
+    <valueHelp>
+      <format>accept</format>
+      <description>Accept matching entries</description>
+    </valueHelp>
+    <valueHelp>
+      <format>reject</format>
+      <description>Reject matching entries</description>
+    </valueHelp>
+    <valueHelp>
+      <format>return</format>
+      <description>Return from the current chain and continue at the next rule of the last chain</description>
+    </valueHelp>
+    <valueHelp>
+      <format>drop</format>
+      <description>Drop matching entries</description>
+    </valueHelp>
+    <constraint>
+      <regex>(accept|reject|return|drop)</regex>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/tag.xml.i b/interface-definitions/include/policy/tag.xml.i
new file mode 100644
index 0000000..ec25b93
--- /dev/null
+++ b/interface-definitions/include/policy/tag.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from policy/tag.xml.i -->
+<leafNode name="tag">
+  <properties>
+    <help>Route tag value</help>
+    <valueHelp>
+      <format>u32:1-65535</format>
+      <description>Route tag</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-65535"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
-- 
cgit v1.2.3