From a950059053f7394acfb453cc0d8194aa3dc721fa Mon Sep 17 00:00:00 2001 From: kumvijaya Date: Thu, 26 Sep 2024 11:31:07 +0530 Subject: T6732: added same as vyos 1x --- interface-definitions/container.xml.in | 543 ++++++ interface-definitions/firewall.xml.in | 544 ++++++ interface-definitions/high-availability.xml.in | 568 ++++++ .../include/accel-ppp/auth-local-users.xml.i | 54 + .../include/accel-ppp/auth-mode.xml.i | 26 + .../include/accel-ppp/auth-protocols.xml.i | 31 + .../include/accel-ppp/client-ip-pool.xml.i | 50 + .../include/accel-ppp/client-ipv6-pool.xml.i | 69 + .../include/accel-ppp/default-ipv6-pool.xml.i | 17 + .../include/accel-ppp/default-pool.xml.i | 17 + .../include/accel-ppp/extended-scripts.xml.i | 41 + .../include/accel-ppp/gateway-address-multi.xml.i | 17 + .../include/accel-ppp/gateway-address.xml.i | 15 + .../accel-ppp/lcp-echo-interval-failure.xml.i | 20 + .../include/accel-ppp/lcp-echo-timeout.xml.i | 11 + .../include/accel-ppp/limits.xml.i | 28 + interface-definitions/include/accel-ppp/log.xml.i | 42 + .../accel-ppp/max-concurrent-sessions.xml.i | 15 + .../include/accel-ppp/mtu-128-16384.xml.i | 11 + .../include/accel-ppp/ppp-interface-cache.xml.i | 14 + .../include/accel-ppp/ppp-mppe.xml.i | 26 + .../include/accel-ppp/ppp-options-ipv4.xml.i | 23 + .../accel-ppp/ppp-options-ipv6-interface-id.xml.i | 54 + .../include/accel-ppp/ppp-options-ipv6.xml.i | 31 + .../include/accel-ppp/ppp-options.xml.i | 65 + .../radius-accounting-interim-interval.xml.i | 15 + .../radius-additions-disable-accounting.xml.i | 8 + .../accel-ppp/radius-additions-rate-limit.xml.i | 40 + .../include/accel-ppp/radius-additions.xml.i | 158 ++ .../include/accel-ppp/shaper.xml.i | 21 + interface-definitions/include/accel-ppp/snmp.xml.i | 15 + .../include/accel-ppp/vlan-mon.xml.i | 8 + interface-definitions/include/accel-ppp/vlan.xml.i | 20 + .../include/accel-ppp/wins-server.xml.i | 15 + .../include/address-ipv4-ipv6-single.xml.i | 18 + interface-definitions/include/allow-client.xml.i | 35 + .../include/arp-ndp-table-size.xml.i | 14 + .../include/auth-local-users.xml.i | 26 + .../include/babel/interface.xml.i | 187 ++ interface-definitions/include/bfd/bfd.xml.i | 10 + interface-definitions/include/bfd/common.xml.i | 90 + interface-definitions/include/bfd/profile.xml.i | 14 + .../include/bgp/afi-aggregate-address.xml.i | 15 + .../include/bgp/afi-allowas-in.xml.i | 21 + .../include/bgp/afi-attribute-unchanged.xml.i | 27 + .../include/bgp/afi-capability-orf.xml.i | 28 + .../include/bgp/afi-common-flowspec.xml.i | 7 + .../include/bgp/afi-default-originate.xml.i | 10 + .../include/bgp/afi-export-import.xml.i | 42 + .../include/bgp/afi-filter-list.xml.i | 25 + .../include/bgp/afi-ipv4-prefix-list.xml.i | 41 + .../include/bgp/afi-ipv6-nexthop-local.xml.i | 15 + .../include/bgp/afi-ipv6-prefix-list.xml.i | 41 + .../include/bgp/afi-l2vpn-advertise.xml.i | 10 + .../include/bgp/afi-l2vpn-common.xml.i | 61 + interface-definitions/include/bgp/afi-label.xml.i | 49 + .../include/bgp/afi-maximum-paths.xml.i | 33 + .../include/bgp/afi-nexthop-self.xml.i | 15 + .../include/bgp/afi-nexthop-vpn-export.xml.i | 32 + .../include/bgp/afi-path-limit.xml.i | 14 + interface-definitions/include/bgp/afi-rd.xml.i | 28 + .../bgp/afi-redistribute-metric-route-map.xml.i | 12 + .../include/bgp/afi-route-map-export-import.xml.i | 34 + .../include/bgp/afi-route-map-vpn.xml.i | 17 + .../include/bgp/afi-route-map.xml.i | 10 + .../include/bgp/afi-route-reflector-client.xml.i | 8 + .../include/bgp/afi-route-server-client.xml.i | 8 + .../include/bgp/afi-route-target-vpn.xml.i | 52 + interface-definitions/include/bgp/afi-sid.xml.i | 36 + .../include/bgp/afi-soft-reconfiguration.xml.i | 15 + .../include/bgp/afi-vpn-label.xml.i | 14 + .../include/bgp/bmp-monitor-afi-policy.xml.i | 14 + .../include/bgp/neighbor-afi-ipv4-flowspec.xml.i | 11 + .../bgp/neighbor-afi-ipv4-ipv6-common.xml.i | 204 +++ .../bgp/neighbor-afi-ipv4-labeled-unicast.xml.i | 20 + .../include/bgp/neighbor-afi-ipv4-multicast.xml.i | 20 + .../include/bgp/neighbor-afi-ipv4-unicast.xml.i | 20 + .../include/bgp/neighbor-afi-ipv4-vpn.xml.i | 11 + .../include/bgp/neighbor-afi-ipv6-flowspec.xml.i | 11 + .../bgp/neighbor-afi-ipv6-labeled-unicast.xml.i | 21 + .../include/bgp/neighbor-afi-ipv6-multicast.xml.i | 13 + .../include/bgp/neighbor-afi-ipv6-unicast.xml.i | 21 + .../include/bgp/neighbor-afi-ipv6-vpn.xml.i | 12 + .../include/bgp/neighbor-afi-l2vpn-evpn.xml.i | 16 + .../include/bgp/neighbor-bfd.xml.i | 16 + .../include/bgp/neighbor-capability.xml.i | 27 + .../neighbor-disable-capability-negotiation.xml.i | 8 + .../bgp/neighbor-disable-connected-check.xml.i | 8 + .../include/bgp/neighbor-ebgp-multihop.xml.i | 14 + .../include/bgp/neighbor-graceful-restart.xml.i | 25 + .../include/bgp/neighbor-local-as.xml.i | 29 + .../include/bgp/neighbor-local-role.xml.i | 42 + .../include/bgp/neighbor-override-capability.xml.i | 8 + .../include/bgp/neighbor-passive.xml.i | 8 + .../include/bgp/neighbor-password.xml.i | 7 + .../include/bgp/neighbor-path-attribute.xml.i | 34 + .../include/bgp/neighbor-shutdown.xml.i | 8 + .../include/bgp/neighbor-ttl-security.xml.i | 21 + .../include/bgp/neighbor-update-source.xml.i | 28 + interface-definitions/include/bgp/peer-group.xml.i | 14 + .../include/bgp/protocol-common-config.xml.i | 1868 ++++++++++++++++++++ interface-definitions/include/bgp/remote-as.xml.i | 27 + .../include/bgp/route-distinguisher.xml.i | 14 + .../include/bgp/timers-holdtime.xml.i | 18 + .../include/bgp/timers-keepalive.xml.i | 14 + interface-definitions/include/certificate-ca.xml.i | 14 + .../include/certificate-key.xml.i | 14 + interface-definitions/include/certificate.xml.i | 14 + .../include/conntrack/log-protocols.xml.i | 26 + .../conntrack/timeout-custom-protocols.xml.i | 136 ++ .../alpha-numeric-hyphen-underscore-dot.xml.i | 3 + .../alpha-numeric-hyphen-underscore.xml.i | 3 + .../include/constraint/container-network.xml.i | 6 + .../constraint/dhcp-client-string-option.xml.i | 4 + .../include/constraint/email.xml.i | 3 + .../include/constraint/host-name.xml.i | 3 + .../constraint/interface-name-with-wildcard.xml.i | 4 + .../include/constraint/interface-name.xml.i | 4 + .../include/constraint/login-username.xml.i | 3 + interface-definitions/include/constraint/vrf.xml.i | 6 + .../include/dhcp-interface-multi.xml.i | 18 + interface-definitions/include/dhcp-interface.xml.i | 15 + .../include/dhcp/captive-portal.xml.i | 11 + .../include/dhcp/domain-name.xml.i | 11 + .../include/dhcp/domain-search.xml.i | 12 + .../include/dhcp/ntp-server.xml.i | 15 + interface-definitions/include/dhcp/option-v4.xml.i | 257 +++ interface-definitions/include/dhcp/option-v6.xml.i | 122 ++ .../include/dns/time-to-live.xml.i | 14 + .../include/eigrp/protocol-common-config.xml.i | 125 ++ .../firewall/action-accept-drop-reject.xml.i | 25 + .../include/firewall/action-and-notrack.xml.i | 45 + .../include/firewall/action-forward.xml.i | 49 + .../include/firewall/action-l2.xml.i | 37 + .../include/firewall/action.xml.i | 49 + .../include/firewall/add-addr-to-group-ipv4.xml.i | 25 + .../include/firewall/add-addr-to-group-ipv6.xml.i | 25 + .../firewall/add-dynamic-address-groups.xml.i | 34 + .../firewall/add-dynamic-ipv6-address-groups.xml.i | 34 + .../include/firewall/address-inet.xml.i | 63 + .../include/firewall/address-ipv6.xml.i | 37 + .../include/firewall/address-mask-inet.xml.i | 19 + .../include/firewall/address-mask-ipv6.xml.i | 14 + .../include/firewall/address-mask.xml.i | 14 + .../include/firewall/address.xml.i | 39 + .../include/firewall/bridge-custom-name.xml.i | 45 + .../include/firewall/bridge-hook-forward.xml.i | 41 + .../include/firewall/bridge-hook-input.xml.i | 40 + .../include/firewall/bridge-hook-output.xml.i | 40 + .../include/firewall/bridge-hook-prerouting.xml.i | 37 + .../include/firewall/common-rule-bridge.xml.i | 55 + .../include/firewall/common-rule-inet.xml.i | 24 + .../include/firewall/common-rule-ipv4-raw.xml.i | 47 + .../include/firewall/common-rule-ipv4.xml.i | 44 + .../include/firewall/common-rule-ipv6-raw.xml.i | 49 + .../include/firewall/common-rule-ipv6.xml.i | 44 + .../include/firewall/connection-mark.xml.i | 15 + .../include/firewall/connection-status.xml.i | 28 + .../include/firewall/conntrack-helper.xml.i | 46 + .../firewall/default-action-base-chains.xml.i | 22 + .../include/firewall/default-action-bridge.xml.i | 34 + .../include/firewall/default-action.xml.i | 38 + .../include/firewall/default-log.xml.i | 8 + interface-definitions/include/firewall/dscp.xml.i | 36 + interface-definitions/include/firewall/eq.xml.i | 14 + .../firewall/firewall-hashing-parameters.xml.i | 35 + .../include/firewall/firewall-mark.xml.i | 26 + interface-definitions/include/firewall/fqdn.xml.i | 14 + .../include/firewall/fragment.xml.i | 21 + .../include/firewall/fwmark.xml.i | 14 + interface-definitions/include/firewall/geoip.xml.i | 28 + .../include/firewall/global-options.xml.i | 366 ++++ interface-definitions/include/firewall/gre.xml.i | 116 ++ interface-definitions/include/firewall/gt.xml.i | 14 + .../include/firewall/hop-limit.xml.i | 12 + .../include/firewall/icmp-type-name.xml.i | 73 + interface-definitions/include/firewall/icmp.xml.i | 34 + .../include/firewall/icmpv6-type-name.xml.i | 85 + .../include/firewall/icmpv6.xml.i | 34 + .../firewall/inbound-interface-no-group.xml.i | 34 + .../include/firewall/inbound-interface.xml.i | 10 + .../include/firewall/ipv4-custom-name.xml.i | 43 + .../include/firewall/ipv4-hook-forward.xml.i | 40 + .../include/firewall/ipv4-hook-input.xml.i | 37 + .../include/firewall/ipv4-hook-output.xml.i | 65 + .../include/firewall/ipv4-hook-prerouting.xml.i | 52 + .../include/firewall/ipv6-custom-name.xml.i | 43 + .../include/firewall/ipv6-hook-forward.xml.i | 40 + .../include/firewall/ipv6-hook-input.xml.i | 37 + .../include/firewall/ipv6-hook-output.xml.i | 65 + .../include/firewall/ipv6-hook-prerouting.xml.i | 52 + interface-definitions/include/firewall/limit.xml.i | 33 + .../include/firewall/log-options.xml.i | 89 + interface-definitions/include/firewall/log.xml.i | 8 + interface-definitions/include/firewall/lt.xml.i | 14 + .../include/firewall/mac-address.xml.i | 19 + .../include/firewall/mac-group.xml.i | 10 + .../include/firewall/match-ether-type.xml.i | 30 + .../include/firewall/match-interface.xml.i | 43 + .../include/firewall/match-ipsec-in.xml.i | 21 + .../include/firewall/match-ipsec-out.xml.i | 21 + .../include/firewall/match-ipsec.xml.i | 33 + .../include/firewall/match-vlan.xml.i | 42 + interface-definitions/include/firewall/name.xml.i | 18 + .../include/firewall/nat-balance.xml.i | 28 + .../include/firewall/nft-queue.xml.i | 34 + .../include/firewall/offload-target.xml.i | 10 + .../firewall/outbound-interface-no-group.xml.i | 34 + .../include/firewall/outbound-interface.xml.i | 10 + .../include/firewall/packet-options.xml.i | 63 + interface-definitions/include/firewall/port.xml.i | 26 + .../include/firewall/protocol.xml.i | 34 + .../include/firewall/recent.xml.i | 44 + .../include/firewall/rule-log-level.xml.i | 45 + .../firewall/set-packet-modifications.xml.i | 96 + .../source-destination-dynamic-group-ipv6.xml.i | 17 + .../source-destination-dynamic-group.xml.i | 17 + .../firewall/source-destination-group-inet.xml.i | 50 + .../firewall/source-destination-group-ipv4.xml.i | 41 + .../firewall/source-destination-group-ipv6.xml.i | 42 + .../firewall/source-destination-group.xml.i | 42 + interface-definitions/include/firewall/state.xml.i | 30 + .../include/firewall/synproxy.xml.i | 40 + .../include/firewall/tcp-flags.xml.i | 119 ++ .../include/firewall/tcp-mss.xml.i | 25 + interface-definitions/include/firewall/time.xml.i | 70 + .../firewall/timeout-common-protocols.xml.i | 171 ++ interface-definitions/include/firewall/ttl.xml.i | 12 + .../include/generic-description.xml.i | 15 + .../include/generic-disable-node.xml.i | 8 + .../include/generic-interface-broadcast.xml.i | 17 + .../generic-interface-multi-broadcast.xml.i | 18 + .../include/generic-interface-multi-wildcard.xml.i | 18 + .../include/generic-interface-multi.xml.i | 18 + .../include/generic-interface.xml.i | 17 + .../include/generic-password.xml.i | 15 + .../include/generic-username.xml.i | 15 + .../include/haproxy/http-response-headers.xml.i | 29 + .../include/haproxy/logging.xml.i | 10 + interface-definitions/include/haproxy/mode.xml.i | 23 + .../include/haproxy/rule-backend.xml.i | 131 ++ .../include/haproxy/rule-frontend.xml.i | 131 ++ .../include/haproxy/tcp-request.xml.i | 22 + .../include/haproxy/timeout.xml.i | 45 + interface-definitions/include/ids/threshold.xml.i | 38 + .../include/inbound-interface.xml.i | 11 + .../include/interface/address-ipv4-ipv6-dhcp.xml.i | 31 + .../include/interface/address-ipv4-ipv6.xml.i | 19 + .../include/interface/adjust-mss.xml.i | 23 + .../include/interface/arp-cache-timeout.xml.i | 16 + .../include/interface/authentication.xml.i | 11 + .../include/interface/base-reachable-time.xml.i | 16 + .../include/interface/default-route-distance.xml.i | 15 + .../include/interface/dhcp-options.xml.i | 80 + .../include/interface/dhcpv6-options.xml.i | 95 + .../include/interface/dial-on-demand.xml.i | 8 + .../include/interface/disable-arp-filter.xml.i | 8 + .../include/interface/disable-forwarding.xml.i | 8 + .../include/interface/disable-link-detect.xml.i | 8 + .../include/interface/disable.xml.i | 8 + interface-definitions/include/interface/duid.xml.i | 15 + .../include/interface/eapol.xml.i | 11 + .../include/interface/enable-arp-accept.xml.i | 8 + .../include/interface/enable-arp-announce.xml.i | 8 + .../include/interface/enable-arp-ignore.xml.i | 8 + .../interface/enable-directed-broadcast.xml.i | 8 + .../include/interface/enable-proxy-arp.xml.i | 8 + .../include/interface/evpn-mh-uplink.xml.i | 8 + .../include/interface/hw-id.xml.i | 14 + .../include/interface/inbound-interface.xml.i | 10 + .../include/interface/ipv4-options.xml.i | 20 + .../include/interface/ipv6-accept-dad.xml.i | 20 + .../include/interface/ipv6-address-autoconf.xml.i | 8 + .../include/interface/ipv6-address-eui64.xml.i | 16 + .../ipv6-address-no-default-link-local.xml.i | 8 + .../include/interface/ipv6-address.xml.i | 12 + .../interface/ipv6-dup-addr-detect-transmits.xml.i | 19 + .../include/interface/ipv6-options.xml.i | 16 + .../include/interface/mac-multi.xml.i | 15 + interface-definitions/include/interface/mac.xml.i | 14 + .../include/interface/macsec-key.xml.i | 15 + .../include/interface/mirror.xml.i | 33 + .../include/interface/mtu-1200-16000.xml.i | 16 + .../include/interface/mtu-1450-16000.xml.i | 16 + .../include/interface/mtu-64-8024.xml.i | 16 + .../include/interface/mtu-68-1500.xml.i | 16 + .../include/interface/mtu-68-16000.xml.i | 15 + .../include/interface/netns.xml.i | 14 + .../include/interface/no-default-route.xml.i | 8 + .../include/interface/no-peer-dns.xml.i | 8 + .../include/interface/parameters-df.xml.i | 26 + .../include/interface/parameters-flowlabel.xml.i | 22 + .../include/interface/parameters-innerproto.xml.i | 8 + .../include/interface/parameters-key.xml.i | 15 + .../include/interface/parameters-tos.xml.i | 16 + .../include/interface/parameters-ttl.xml.i | 20 + .../include/interface/per-client-thread.xml.i | 8 + .../include/interface/proxy-arp-pvlan.xml.i | 8 + .../include/interface/redirect.xml.i | 17 + .../include/interface/source-validation.xml.i | 25 + .../include/interface/tunnel-remote-multi.xml.i | 19 + .../include/interface/tunnel-remote.xml.i | 18 + .../include/interface/vif-s.xml.i | 55 + interface-definitions/include/interface/vif.xml.i | 56 + .../include/interface/vlan-protocol.xml.i | 23 + interface-definitions/include/interface/vrf.xml.i | 15 + interface-definitions/include/ip-protocol.xml.i | 17 + .../include/ipsec/authentication-id.xml.i | 11 + .../ipsec/authentication-pre-shared-secret.xml.i | 11 + .../include/ipsec/authentication-rsa.xml.i | 30 + .../include/ipsec/authentication-x509.xml.i | 11 + interface-definitions/include/ipsec/bind.xml.i | 10 + .../include/ipsec/esp-group.xml.i | 10 + .../include/ipsec/ike-group.xml.i | 10 + .../include/ipsec/local-address.xml.i | 27 + .../include/ipsec/local-traffic-selector.xml.i | 28 + .../include/ipsec/remote-address.xml.i | 29 + .../include/ipsec/replay-window.xml.i | 19 + .../include/ipv4-address-prefix-range.xml.i | 39 + .../include/ipv4-address-prefix.xml.i | 19 + .../include/isis/default-information-level.xml.i | 32 + .../include/isis/ldp-sync-holddown.xml.i | 14 + .../include/isis/ldp-sync-interface.xml.i | 11 + .../include/isis/ldp-sync-protocol.xml.i | 10 + .../include/isis/level-1-2-leaf.xml.i | 13 + interface-definitions/include/isis/lfa-local.xml.i | 128 ++ .../include/isis/lfa-protocol.xml.i | 11 + .../include/isis/lfa-remote.xml.i | 28 + interface-definitions/include/isis/metric.xml.i | 14 + interface-definitions/include/isis/passive.xml.i | 8 + interface-definitions/include/isis/password.xml.i | 20 + .../include/isis/protocol-common-config.xml.i | 729 ++++++++ .../include/isis/redistribute-level-1-2.xml.i | 20 + .../include/listen-address-ipv4-single.xml.i | 17 + .../include/listen-address-ipv4.xml.i | 18 + .../include/listen-address-single.xml.i | 22 + .../include/listen-address-vrf.xml.i | 24 + interface-definitions/include/listen-address.xml.i | 23 + .../include/listen-interface-multi-broadcast.xml.i | 18 + .../include/log-adjacency-changes.xml.i | 8 + .../include/name-server-ipv4-ipv6-port.xml.i | 24 + .../include/name-server-ipv4-ipv6.xml.i | 19 + .../include/name-server-ipv4.xml.i | 15 + .../include/name-server-ipv6.xml.i | 15 + interface-definitions/include/nat-address.xml.i | 39 + interface-definitions/include/nat-exclude.xml.i | 8 + interface-definitions/include/nat-interface.xml.i | 11 + interface-definitions/include/nat-port.xml.i | 26 + interface-definitions/include/nat-rule.xml.i | 325 ++++ .../include/nat-translation-options.xml.i | 49 + .../include/nat-translation-port.xml.i | 18 + interface-definitions/include/nat/protocol.xml.i | 34 + interface-definitions/include/nat64/protocol.xml.i | 27 + interface-definitions/include/net.xml.i | 14 + .../include/openfabric/password.xml.i | 20 + .../include/ospf/authentication.xml.i | 56 + interface-definitions/include/ospf/auto-cost.xml.i | 22 + .../include/ospf/default-information.xml.i | 25 + .../include/ospf/distance-global.xml.i | 14 + .../include/ospf/distance-per-protocol.xml.i | 38 + .../include/ospf/graceful-restart.xml.i | 67 + .../include/ospf/interface-common.xml.i | 34 + interface-definitions/include/ospf/intervals.xml.i | 54 + .../include/ospf/log-adjacency-changes.xml.i | 15 + .../include/ospf/metric-type.xml.i | 15 + interface-definitions/include/ospf/metric.xml.i | 14 + .../include/ospf/protocol-common-config.xml.i | 959 ++++++++++ .../include/ospfv3/no-summary.xml.i | 8 + .../include/ospfv3/protocol-common-config.xml.i | 296 ++++ interface-definitions/include/pim/bsm.xml.i | 14 + .../include/pim/dr-priority.xml.i | 14 + interface-definitions/include/pim/hello.xml.i | 14 + .../include/pim/join-prune-interval.xml.i | 15 + .../include/pim/keep-alive-timer.xml.i | 14 + interface-definitions/include/pim/packets.xml.i | 15 + interface-definitions/include/pim/passive.xml.i | 8 + .../include/pim/register-suppress-time.xml.i | 14 + .../include/pki/ca-certificate-multi.xml.i | 15 + .../include/pki/ca-certificate.xml.i | 14 + .../include/pki/certificate-key.xml.i | 12 + .../include/pki/certificate-multi.xml.i | 15 + .../include/pki/certificate.xml.i | 14 + .../include/pki/cli-certificate-base64.xml.i | 11 + .../include/pki/cli-private-key-base64.xml.i | 11 + .../include/pki/cli-public-key-base64.xml.i | 11 + interface-definitions/include/pki/cli-revoke.xml.i | 8 + interface-definitions/include/pki/dh-params.xml.i | 10 + .../include/pki/openssh-key.xml.i | 14 + .../include/pki/password-protected.xml.i | 8 + .../include/pki/private-key.xml.i | 30 + interface-definitions/include/pki/public-key.xml.i | 14 + interface-definitions/include/policy/action.xml.i | 21 + .../include/policy/community-clear.xml.i | 8 + .../include/policy/community-value-list.xml.i | 90 + .../policy/extended-community-value-list.xml.i | 15 + interface-definitions/include/policy/host.xml.i | 14 + .../include/policy/inverse-mask.xml.i | 14 + .../policy/large-community-value-list.xml.i | 10 + .../policy/local-route_rule_ipv4_address.xml.i | 20 + .../policy/local-route_rule_ipv6_address.xml.i | 20 + .../include/policy/local-route_rule_protocol.xml.i | 21 + interface-definitions/include/policy/network.xml.i | 14 + .../include/policy/prefix-list.xml.i | 14 + .../include/policy/prefix-list6.xml.i | 14 + .../include/policy/route-common.xml.i | 116 ++ .../include/policy/route-ipv4.xml.i | 14 + .../include/policy/route-ipv6.xml.i | 196 ++ .../include/policy/route-rule-action.xml.i | 29 + interface-definitions/include/policy/tag.xml.i | 14 + .../include/port-number-start-zero.xml.i | 15 + interface-definitions/include/port-number.xml.i | 15 + .../include/port-port-range.xml.i | 26 + .../include/pppoe-access-concentrator.xml.i | 11 + .../include/protocol-tcp-udp.xml.i | 22 + .../include/qos/bandwidth-auto.xml.i | 47 + interface-definitions/include/qos/bandwidth.xml.i | 39 + interface-definitions/include/qos/burst.xml.i | 16 + .../include/qos/class-match-group.xml.i | 15 + .../include/qos/class-match-ipv4-address.xml.i | 19 + .../include/qos/class-match-ipv4.xml.i | 31 + .../include/qos/class-match-ipv6-address.xml.i | 14 + .../include/qos/class-match-ipv6.xml.i | 31 + .../include/qos/class-match-mark.xml.i | 14 + .../include/qos/class-match-vif.xml.i | 15 + .../include/qos/class-match.xml.i | 98 + .../include/qos/class-police-exceed.xml.i | 66 + .../include/qos/class-priority.xml.i | 15 + .../include/qos/codel-quantum.xml.i | 16 + interface-definitions/include/qos/flows.xml.i | 16 + interface-definitions/include/qos/hfsc-d.xml.i | 15 + interface-definitions/include/qos/hfsc-m1.xml.i | 32 + interface-definitions/include/qos/hfsc-m2.xml.i | 32 + interface-definitions/include/qos/interval.xml.i | 16 + interface-definitions/include/qos/match-dscp.xml.i | 142 ++ interface-definitions/include/qos/max-length.xml.i | 15 + interface-definitions/include/qos/mtu.xml.i | 14 + .../include/qos/queue-average-packet.xml.i | 16 + .../include/qos/queue-limit-1-4294967295.xml.i | 15 + .../include/qos/queue-limit-2-10999.xml.i | 16 + .../include/qos/queue-mark-probability.xml.i | 16 + .../include/qos/queue-maximum-threshold.xml.i | 16 + .../include/qos/queue-minimum-threshold.xml.i | 15 + interface-definitions/include/qos/queue-type.xml.i | 33 + interface-definitions/include/qos/set-dscp.xml.i | 143 ++ interface-definitions/include/qos/target.xml.i | 16 + interface-definitions/include/qos/tcp-flags.xml.i | 21 + .../include/radius-acct-server-ipv4.xml.i | 26 + .../include/radius-auth-server-ipv4.xml.i | 27 + .../include/radius-nas-identifier.xml.i | 7 + .../include/radius-nas-ip-address.xml.i | 14 + .../include/radius-priority.xml.i | 14 + .../include/radius-server-acct-port.xml.i | 15 + .../include/radius-server-auth-port.xml.i | 6 + .../include/radius-server-ipv4-ipv6.xml.i | 51 + .../include/radius-server-key.xml.i | 15 + interface-definitions/include/radius-timeout.xml.i | 16 + .../include/rip/access-list.xml.i | 39 + .../include/rip/access-list6.xml.i | 39 + .../include/rip/default-information.xml.i | 15 + .../include/rip/default-metric.xml.i | 14 + interface-definitions/include/rip/interface.xml.i | 33 + .../include/rip/prefix-list.xml.i | 33 + .../include/rip/prefix-list6.xml.i | 33 + .../include/rip/redistribute.xml.i | 15 + interface-definitions/include/rip/timers.xml.i | 48 + interface-definitions/include/rip/version.xml.i | 18 + interface-definitions/include/route-map.xml.i | 18 + interface-definitions/include/router-id.xml.i | 14 + .../include/routing-passive-interface.xml.i | 24 + .../include/segment-routing-label-value.xml.i | 26 + .../include/server-ipv4-fqdn.xml.i | 15 + .../include/snmp/access-mode.xml.i | 23 + .../include/snmp/authentication-type.xml.i | 22 + .../include/snmp/privacy-type.xml.i | 22 + .../include/source-address-ipv4-ipv6-multi.xml.i | 22 + .../include/source-address-ipv4-ipv6.xml.i | 21 + .../include/source-address-ipv4-multi.xml.i | 18 + .../include/source-address-ipv4.xml.i | 17 + .../include/source-interface-ethernet.xml.i | 14 + .../include/source-interface.xml.i | 17 + interface-definitions/include/ssh-group.xml.i | 12 + interface-definitions/include/ssh-user.xml.i | 12 + .../include/static/static-route-bfd.xml.i | 36 + .../include/static/static-route-blackhole.xml.i | 11 + .../include/static/static-route-distance.xml.i | 14 + .../include/static/static-route-interface.xml.i | 17 + .../include/static/static-route-reject.xml.i | 11 + .../include/static/static-route-segments.xml.i | 14 + .../include/static/static-route-tag.xml.i | 14 + .../include/static/static-route-vrf.xml.i | 19 + .../include/static/static-route.xml.i | 60 + .../include/static/static-route6.xml.i | 60 + .../include/stunnel/address.xml.i | 20 + .../include/stunnel/connect.xml.i | 11 + interface-definitions/include/stunnel/listen.xml.i | 11 + .../include/stunnel/protocol-options.xml.i | 75 + .../include/stunnel/protocol-value-cifs.xml.i | 6 + .../include/stunnel/protocol-value-connect.xml.i | 6 + .../include/stunnel/protocol-value-imap.xml.i | 6 + .../include/stunnel/protocol-value-nntp.xml.i | 6 + .../include/stunnel/protocol-value-pgsql.xml.i | 6 + .../include/stunnel/protocol-value-pop3.xml.i | 6 + .../include/stunnel/protocol-value-proxy.xml.i | 6 + .../include/stunnel/protocol-value-smtp.xml.i | 6 + .../include/stunnel/protocol-value-socks.xml.i | 6 + interface-definitions/include/stunnel/psk.xml.i | 30 + interface-definitions/include/stunnel/ssl.xml.i | 11 + .../include/syslog-facility.xml.i | 149 ++ interface-definitions/include/system-ip-nht.xml.i | 15 + .../include/system-ip-protocol.xml.i | 56 + .../include/system-ipv6-protocol.xml.i | 52 + .../include/tls-version-min.xml.i | 29 + interface-definitions/include/url-http-https.xml.i | 15 + .../include/version/bgp-version.xml.i | 3 + .../include/version/broadcast-relay-version.xml.i | 3 + .../include/version/cluster-version.xml.i | 3 + .../version/config-management-version.xml.i | 3 + .../include/version/conntrack-sync-version.xml.i | 3 + .../include/version/conntrack-version.xml.i | 3 + .../include/version/container-version.xml.i | 3 + .../include/version/dhcp-relay-version.xml.i | 3 + .../include/version/dhcp-server-version.xml.i | 3 + .../include/version/dhcpv6-server-version.xml.i | 3 + .../include/version/dns-dynamic-version.xml.i | 3 + .../include/version/dns-forwarding-version.xml.i | 3 + .../include/version/firewall-version.xml.i | 3 + .../include/version/flow-accounting-version.xml.i | 3 + .../include/version/https-version.xml.i | 3 + .../include/version/ids-version.xml.i | 3 + .../include/version/interfaces-version.xml.i | 3 + .../include/version/ipoe-server-version.xml.i | 3 + .../include/version/ipsec-version.xml.i | 3 + .../include/version/isis-version.xml.i | 3 + .../include/version/l2tp-version.xml.i | 3 + .../include/version/lldp-version.xml.i | 3 + .../include/version/mdns-version.xml.i | 3 + .../include/version/monitoring-version.xml.i | 3 + .../include/version/nat-version.xml.i | 3 + .../include/version/nat66-version.xml.i | 3 + .../include/version/ntp-version.xml.i | 3 + .../include/version/openconnect-version.xml.i | 3 + .../include/version/openvpn-version.xml.i | 3 + .../include/version/ospf-version.xml.i | 3 + .../include/version/pim-version.xml.i | 3 + .../include/version/policy-version.xml.i | 3 + .../include/version/pppoe-server-version.xml.i | 3 + .../include/version/pptp-version.xml.i | 3 + .../include/version/qos-version.xml.i | 3 + .../include/version/quagga-version.xml.i | 3 + .../include/version/reverseproxy-version.xml.i | 3 + .../include/version/rip-version.xml.i | 3 + .../include/version/rpki-version.xml.i | 3 + .../include/version/salt-version.xml.i | 3 + .../include/version/snmp-version.xml.i | 3 + .../include/version/ssh-version.xml.i | 3 + .../include/version/sstp-version.xml.i | 3 + .../include/version/system-version.xml.i | 3 + .../include/version/vrf-version.xml.i | 3 + .../include/version/vrrp-version.xml.i | 3 + .../include/version/vyos-accel-ppp-version.xml.i | 3 + .../include/version/wanloadbalance-version.xml.i | 3 + .../include/version/webproxy-version.xml.i | 3 + interface-definitions/include/vni.xml.i | 14 + .../include/vpn-ipsec-encryption.xml.i | 234 +++ interface-definitions/include/vpn-ipsec-hash.xml.i | 66 + interface-definitions/include/vrf-multi.xml.i | 22 + .../include/vrrp-transition-script.xml.i | 41 + interface-definitions/include/vrrp/garp.xml.i | 78 + .../include/webproxy-url-filtering.xml.i | 119 ++ interface-definitions/interfaces_bonding.xml.in | 297 ++++ interface-definitions/interfaces_bridge.xml.in | 233 +++ interface-definitions/interfaces_dummy.xml.in | 60 + interface-definitions/interfaces_ethernet.xml.in | 225 +++ interface-definitions/interfaces_geneve.xml.in | 61 + interface-definitions/interfaces_input.xml.in | 27 + interface-definitions/interfaces_l2tpv3.xml.in | 131 ++ interface-definitions/interfaces_loopback.xml.in | 35 + interface-definitions/interfaces_macsec.xml.in | 153 ++ interface-definitions/interfaces_openvpn.xml.in | 860 +++++++++ interface-definitions/interfaces_pppoe.xml.in | 153 ++ .../interfaces_pseudo-ethernet.xml.in | 68 + interface-definitions/interfaces_sstpc.xml.in | 47 + interface-definitions/interfaces_tunnel.xml.in | 281 +++ .../interfaces_virtual-ethernet.xml.in | 48 + interface-definitions/interfaces_vti.xml.in | 35 + interface-definitions/interfaces_vxlan.xml.in | 153 ++ interface-definitions/interfaces_wireguard.xml.in | 129 ++ interface-definitions/interfaces_wireless.xml.in | 1026 +++++++++++ interface-definitions/interfaces_wwan.xml.in | 48 + .../load-balancing_reverse-proxy.xml.in | 344 ++++ interface-definitions/load-balancing_wan.xml.in | 399 +++++ interface-definitions/nat.xml.in | 159 ++ interface-definitions/nat64.xml.in | 116 ++ interface-definitions/nat66.xml.in | 251 +++ interface-definitions/nat_cgnat.xml.in | 204 +++ interface-definitions/netns.xml.in | 23 + interface-definitions/pki.xml.in | 287 +++ interface-definitions/policy.xml.in | 1578 +++++++++++++++++ interface-definitions/policy_local-route.xml.in | 156 ++ interface-definitions/policy_route.xml.in | 117 ++ interface-definitions/protocols_babel.xml.in | 254 +++ interface-definitions/protocols_bfd.xml.in | 85 + interface-definitions/protocols_bgp.xml.in | 16 + interface-definitions/protocols_eigrp.xml.in | 17 + interface-definitions/protocols_failover.xml.in | 141 ++ interface-definitions/protocols_igmp-proxy.xml.in | 97 + interface-definitions/protocols_isis.xml.in | 16 + interface-definitions/protocols_mpls.xml.in | 560 ++++++ interface-definitions/protocols_nhrp.xml.in | 138 ++ interface-definitions/protocols_openfabric.xml.in | 218 +++ interface-definitions/protocols_ospf.xml.in | 16 + interface-definitions/protocols_ospfv3.xml.in | 16 + interface-definitions/protocols_pim.xml.in | 210 +++ interface-definitions/protocols_pim6.xml.in | 179 ++ interface-definitions/protocols_rip.xml.in | 258 +++ interface-definitions/protocols_ripng.xml.in | 155 ++ interface-definitions/protocols_rpki.xml.in | 99 ++ .../protocols_segment-routing.xml.in | 137 ++ interface-definitions/protocols_static.xml.in | 44 + interface-definitions/protocols_static_arp.xml.in | 52 + .../protocols_static_multicast.xml.in | 95 + .../protocols_static_neighbor-proxy.xml.in | 49 + interface-definitions/qos.xml.in | 874 +++++++++ interface-definitions/service_aws_glb.xml.in | 127 ++ .../service_broadcast-relay.xml.in | 46 + interface-definitions/service_config-sync.xml.in | 529 ++++++ .../service_conntrack-sync.xml.in | 185 ++ .../service_console-server.xml.in | 101 ++ interface-definitions/service_dhcp-relay.xml.in | 126 ++ interface-definitions/service_dhcp-server.xml.in | 250 +++ interface-definitions/service_dhcpv6-relay.xml.in | 82 + interface-definitions/service_dhcpv6-server.xml.in | 317 ++++ interface-definitions/service_dns_dynamic.xml.in | 200 +++ .../service_dns_forwarding.xml.in | 975 ++++++++++ interface-definitions/service_event-handler.xml.in | 71 + interface-definitions/service_https.xml.in | 190 ++ .../service_ids_ddos-protection.xml.in | 167 ++ interface-definitions/service_ipoe-server.xml.in | 198 +++ interface-definitions/service_lldp.xml.in | 192 ++ interface-definitions/service_mdns_repeater.xml.in | 82 + .../service_monitoring_telegraf.xml.in | 317 ++++ .../service_monitoring_zabbix-agent.xml.in | 195 ++ interface-definitions/service_ndp-proxy.xml.in | 133 ++ interface-definitions/service_ntp.xml.in | 175 ++ interface-definitions/service_pppoe-server.xml.in | 180 ++ interface-definitions/service_router-advert.xml.in | 405 +++++ interface-definitions/service_salt-minion.xml.in | 74 + interface-definitions/service_sla.xml.in | 37 + interface-definitions/service_snmp.xml.in | 599 +++++++ interface-definitions/service_ssh.xml.in | 283 +++ interface-definitions/service_stunnel.xml.in | 130 ++ interface-definitions/service_suricata.xml.in | 238 +++ interface-definitions/service_tftp-server.xml.in | 32 + interface-definitions/service_webproxy.xml.in | 654 +++++++ interface-definitions/system_acceleration.xml.in | 21 + .../system_config-management.xml.in | 74 + interface-definitions/system_conntrack.xml.in | 555 ++++++ interface-definitions/system_console.xml.in | 91 + interface-definitions/system_domain-name.xml.in | 16 + interface-definitions/system_domain-search.xml.in | 18 + .../system_flow-accounting.xml.in | 437 +++++ interface-definitions/system_frr.xml.in | 91 + interface-definitions/system_host-name.xml.in | 17 + interface-definitions/system_ip.xml.in | 109 ++ interface-definitions/system_ipv6.xml.in | 51 + interface-definitions/system_lcd.xml.in | 70 + interface-definitions/system_login.xml.in | 294 +++ interface-definitions/system_login_banner.xml.in | 33 + interface-definitions/system_logs.xml.in | 92 + interface-definitions/system_name-server.xml.in | 33 + interface-definitions/system_option.xml.in | 229 +++ interface-definitions/system_proxy.xml.in | 26 + interface-definitions/system_sflow.xml.in | 114 ++ .../system_static-host-mapping.xml.in | 53 + interface-definitions/system_sysctl.xml.in | 40 + interface-definitions/system_syslog.xml.in | 161 ++ interface-definitions/system_task-scheduler.xml.in | 72 + interface-definitions/system_time-zone.xml.in | 19 + interface-definitions/system_update-check.xml.in | 22 + interface-definitions/system_wireless.xml.in | 36 + interface-definitions/vpn_ipsec.xml.in | 1256 +++++++++++++ interface-definitions/vpn_l2tp.xml.in | 150 ++ interface-definitions/vpn_openconnect.xml.in | 396 +++++ interface-definitions/vpn_pptp.xml.in | 66 + interface-definitions/vpn_sstp.xml.in | 70 + interface-definitions/vrf.xml.in | 128 ++ interface-definitions/xml-component-version.xml.in | 52 + 687 files changed, 44634 insertions(+) create mode 100644 interface-definitions/container.xml.in create mode 100644 interface-definitions/firewall.xml.in create mode 100644 interface-definitions/high-availability.xml.in create mode 100644 interface-definitions/include/accel-ppp/auth-local-users.xml.i create mode 100644 interface-definitions/include/accel-ppp/auth-mode.xml.i create mode 100644 interface-definitions/include/accel-ppp/auth-protocols.xml.i create mode 100644 interface-definitions/include/accel-ppp/client-ip-pool.xml.i create mode 100644 interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i create mode 100644 interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i create mode 100644 interface-definitions/include/accel-ppp/default-pool.xml.i create mode 100644 interface-definitions/include/accel-ppp/extended-scripts.xml.i create mode 100644 interface-definitions/include/accel-ppp/gateway-address-multi.xml.i create mode 100644 interface-definitions/include/accel-ppp/gateway-address.xml.i create mode 100644 interface-definitions/include/accel-ppp/lcp-echo-interval-failure.xml.i create mode 100644 interface-definitions/include/accel-ppp/lcp-echo-timeout.xml.i create mode 100644 interface-definitions/include/accel-ppp/limits.xml.i create mode 100644 interface-definitions/include/accel-ppp/log.xml.i create mode 100644 interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i create mode 100644 interface-definitions/include/accel-ppp/mtu-128-16384.xml.i create mode 100644 interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i create mode 100644 interface-definitions/include/accel-ppp/ppp-mppe.xml.i create mode 100644 interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i create mode 100644 interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i create mode 100644 interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i create mode 100644 interface-definitions/include/accel-ppp/ppp-options.xml.i create mode 100644 interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i create mode 100644 interface-definitions/include/accel-ppp/radius-additions-disable-accounting.xml.i create mode 100644 interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i create mode 100644 interface-definitions/include/accel-ppp/radius-additions.xml.i create mode 100644 interface-definitions/include/accel-ppp/shaper.xml.i create mode 100644 interface-definitions/include/accel-ppp/snmp.xml.i create mode 100644 interface-definitions/include/accel-ppp/vlan-mon.xml.i create mode 100644 interface-definitions/include/accel-ppp/vlan.xml.i create mode 100644 interface-definitions/include/accel-ppp/wins-server.xml.i create mode 100644 interface-definitions/include/address-ipv4-ipv6-single.xml.i create mode 100644 interface-definitions/include/allow-client.xml.i create mode 100644 interface-definitions/include/arp-ndp-table-size.xml.i create mode 100644 interface-definitions/include/auth-local-users.xml.i create mode 100644 interface-definitions/include/babel/interface.xml.i create mode 100644 interface-definitions/include/bfd/bfd.xml.i create mode 100644 interface-definitions/include/bfd/common.xml.i create mode 100644 interface-definitions/include/bfd/profile.xml.i create mode 100644 interface-definitions/include/bgp/afi-aggregate-address.xml.i create mode 100644 interface-definitions/include/bgp/afi-allowas-in.xml.i create mode 100644 interface-definitions/include/bgp/afi-attribute-unchanged.xml.i create mode 100644 interface-definitions/include/bgp/afi-capability-orf.xml.i create mode 100644 interface-definitions/include/bgp/afi-common-flowspec.xml.i create mode 100644 interface-definitions/include/bgp/afi-default-originate.xml.i create mode 100644 interface-definitions/include/bgp/afi-export-import.xml.i create mode 100644 interface-definitions/include/bgp/afi-filter-list.xml.i create mode 100644 interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i create mode 100644 interface-definitions/include/bgp/afi-ipv6-nexthop-local.xml.i create mode 100644 interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i create mode 100644 interface-definitions/include/bgp/afi-l2vpn-advertise.xml.i create mode 100644 interface-definitions/include/bgp/afi-l2vpn-common.xml.i create mode 100644 interface-definitions/include/bgp/afi-label.xml.i create mode 100644 interface-definitions/include/bgp/afi-maximum-paths.xml.i create mode 100644 interface-definitions/include/bgp/afi-nexthop-self.xml.i create mode 100644 interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i create mode 100644 interface-definitions/include/bgp/afi-path-limit.xml.i create mode 100644 interface-definitions/include/bgp/afi-rd.xml.i create mode 100644 interface-definitions/include/bgp/afi-redistribute-metric-route-map.xml.i create mode 100644 interface-definitions/include/bgp/afi-route-map-export-import.xml.i create mode 100644 interface-definitions/include/bgp/afi-route-map-vpn.xml.i create mode 100644 interface-definitions/include/bgp/afi-route-map.xml.i create mode 100644 interface-definitions/include/bgp/afi-route-reflector-client.xml.i create mode 100644 interface-definitions/include/bgp/afi-route-server-client.xml.i create mode 100644 interface-definitions/include/bgp/afi-route-target-vpn.xml.i create mode 100644 interface-definitions/include/bgp/afi-sid.xml.i create mode 100644 interface-definitions/include/bgp/afi-soft-reconfiguration.xml.i create mode 100644 interface-definitions/include/bgp/afi-vpn-label.xml.i create mode 100644 interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv4-flowspec.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv6-flowspec.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-afi-l2vpn-evpn.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-bfd.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-capability.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-disable-capability-negotiation.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-disable-connected-check.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-ebgp-multihop.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-graceful-restart.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-local-as.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-local-role.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-override-capability.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-passive.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-password.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-path-attribute.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-shutdown.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-ttl-security.xml.i create mode 100644 interface-definitions/include/bgp/neighbor-update-source.xml.i create mode 100644 interface-definitions/include/bgp/peer-group.xml.i create mode 100644 interface-definitions/include/bgp/protocol-common-config.xml.i create mode 100644 interface-definitions/include/bgp/remote-as.xml.i create mode 100644 interface-definitions/include/bgp/route-distinguisher.xml.i create mode 100644 interface-definitions/include/bgp/timers-holdtime.xml.i create mode 100644 interface-definitions/include/bgp/timers-keepalive.xml.i create mode 100644 interface-definitions/include/certificate-ca.xml.i create mode 100644 interface-definitions/include/certificate-key.xml.i create mode 100644 interface-definitions/include/certificate.xml.i create mode 100644 interface-definitions/include/conntrack/log-protocols.xml.i create mode 100644 interface-definitions/include/conntrack/timeout-custom-protocols.xml.i create mode 100644 interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i create mode 100644 interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i create mode 100644 interface-definitions/include/constraint/container-network.xml.i create mode 100644 interface-definitions/include/constraint/dhcp-client-string-option.xml.i create mode 100644 interface-definitions/include/constraint/email.xml.i create mode 100644 interface-definitions/include/constraint/host-name.xml.i create mode 100644 interface-definitions/include/constraint/interface-name-with-wildcard.xml.i create mode 100644 interface-definitions/include/constraint/interface-name.xml.i create mode 100644 interface-definitions/include/constraint/login-username.xml.i create mode 100644 interface-definitions/include/constraint/vrf.xml.i create mode 100644 interface-definitions/include/dhcp-interface-multi.xml.i create mode 100644 interface-definitions/include/dhcp-interface.xml.i create mode 100644 interface-definitions/include/dhcp/captive-portal.xml.i create mode 100644 interface-definitions/include/dhcp/domain-name.xml.i create mode 100644 interface-definitions/include/dhcp/domain-search.xml.i create mode 100644 interface-definitions/include/dhcp/ntp-server.xml.i create mode 100644 interface-definitions/include/dhcp/option-v4.xml.i create mode 100644 interface-definitions/include/dhcp/option-v6.xml.i create mode 100644 interface-definitions/include/dns/time-to-live.xml.i create mode 100644 interface-definitions/include/eigrp/protocol-common-config.xml.i create mode 100644 interface-definitions/include/firewall/action-accept-drop-reject.xml.i create mode 100644 interface-definitions/include/firewall/action-and-notrack.xml.i create mode 100644 interface-definitions/include/firewall/action-forward.xml.i create mode 100644 interface-definitions/include/firewall/action-l2.xml.i create mode 100644 interface-definitions/include/firewall/action.xml.i create mode 100644 interface-definitions/include/firewall/add-addr-to-group-ipv4.xml.i create mode 100644 interface-definitions/include/firewall/add-addr-to-group-ipv6.xml.i create mode 100644 interface-definitions/include/firewall/add-dynamic-address-groups.xml.i create mode 100644 interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i create mode 100644 interface-definitions/include/firewall/address-inet.xml.i create mode 100644 interface-definitions/include/firewall/address-ipv6.xml.i create mode 100644 interface-definitions/include/firewall/address-mask-inet.xml.i create mode 100644 interface-definitions/include/firewall/address-mask-ipv6.xml.i create mode 100644 interface-definitions/include/firewall/address-mask.xml.i create mode 100644 interface-definitions/include/firewall/address.xml.i create mode 100644 interface-definitions/include/firewall/bridge-custom-name.xml.i create mode 100644 interface-definitions/include/firewall/bridge-hook-forward.xml.i create mode 100644 interface-definitions/include/firewall/bridge-hook-input.xml.i create mode 100644 interface-definitions/include/firewall/bridge-hook-output.xml.i create mode 100644 interface-definitions/include/firewall/bridge-hook-prerouting.xml.i create mode 100644 interface-definitions/include/firewall/common-rule-bridge.xml.i create mode 100644 interface-definitions/include/firewall/common-rule-inet.xml.i create mode 100644 interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i create mode 100644 interface-definitions/include/firewall/common-rule-ipv4.xml.i create mode 100644 interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i create mode 100644 interface-definitions/include/firewall/common-rule-ipv6.xml.i create mode 100644 interface-definitions/include/firewall/connection-mark.xml.i create mode 100644 interface-definitions/include/firewall/connection-status.xml.i create mode 100644 interface-definitions/include/firewall/conntrack-helper.xml.i create mode 100644 interface-definitions/include/firewall/default-action-base-chains.xml.i create mode 100644 interface-definitions/include/firewall/default-action-bridge.xml.i create mode 100644 interface-definitions/include/firewall/default-action.xml.i create mode 100644 interface-definitions/include/firewall/default-log.xml.i create mode 100644 interface-definitions/include/firewall/dscp.xml.i create mode 100644 interface-definitions/include/firewall/eq.xml.i create mode 100644 interface-definitions/include/firewall/firewall-hashing-parameters.xml.i create mode 100644 interface-definitions/include/firewall/firewall-mark.xml.i create mode 100644 interface-definitions/include/firewall/fqdn.xml.i create mode 100644 interface-definitions/include/firewall/fragment.xml.i create mode 100644 interface-definitions/include/firewall/fwmark.xml.i create mode 100644 interface-definitions/include/firewall/geoip.xml.i create mode 100644 interface-definitions/include/firewall/global-options.xml.i create mode 100644 interface-definitions/include/firewall/gre.xml.i create mode 100644 interface-definitions/include/firewall/gt.xml.i create mode 100644 interface-definitions/include/firewall/hop-limit.xml.i create mode 100644 interface-definitions/include/firewall/icmp-type-name.xml.i create mode 100644 interface-definitions/include/firewall/icmp.xml.i create mode 100644 interface-definitions/include/firewall/icmpv6-type-name.xml.i create mode 100644 interface-definitions/include/firewall/icmpv6.xml.i create mode 100644 interface-definitions/include/firewall/inbound-interface-no-group.xml.i create mode 100644 interface-definitions/include/firewall/inbound-interface.xml.i create mode 100644 interface-definitions/include/firewall/ipv4-custom-name.xml.i create mode 100644 interface-definitions/include/firewall/ipv4-hook-forward.xml.i create mode 100644 interface-definitions/include/firewall/ipv4-hook-input.xml.i create mode 100644 interface-definitions/include/firewall/ipv4-hook-output.xml.i create mode 100644 interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i create mode 100644 interface-definitions/include/firewall/ipv6-custom-name.xml.i create mode 100644 interface-definitions/include/firewall/ipv6-hook-forward.xml.i create mode 100644 interface-definitions/include/firewall/ipv6-hook-input.xml.i create mode 100644 interface-definitions/include/firewall/ipv6-hook-output.xml.i create mode 100644 interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i create mode 100644 interface-definitions/include/firewall/limit.xml.i create mode 100644 interface-definitions/include/firewall/log-options.xml.i create mode 100644 interface-definitions/include/firewall/log.xml.i create mode 100644 interface-definitions/include/firewall/lt.xml.i create mode 100644 interface-definitions/include/firewall/mac-address.xml.i create mode 100644 interface-definitions/include/firewall/mac-group.xml.i create mode 100644 interface-definitions/include/firewall/match-ether-type.xml.i create mode 100644 interface-definitions/include/firewall/match-interface.xml.i create mode 100644 interface-definitions/include/firewall/match-ipsec-in.xml.i create mode 100644 interface-definitions/include/firewall/match-ipsec-out.xml.i create mode 100644 interface-definitions/include/firewall/match-ipsec.xml.i create mode 100644 interface-definitions/include/firewall/match-vlan.xml.i create mode 100644 interface-definitions/include/firewall/name.xml.i create mode 100644 interface-definitions/include/firewall/nat-balance.xml.i create mode 100644 interface-definitions/include/firewall/nft-queue.xml.i create mode 100644 interface-definitions/include/firewall/offload-target.xml.i create mode 100644 interface-definitions/include/firewall/outbound-interface-no-group.xml.i create mode 100644 interface-definitions/include/firewall/outbound-interface.xml.i create mode 100644 interface-definitions/include/firewall/packet-options.xml.i create mode 100644 interface-definitions/include/firewall/port.xml.i create mode 100644 interface-definitions/include/firewall/protocol.xml.i create mode 100644 interface-definitions/include/firewall/recent.xml.i create mode 100644 interface-definitions/include/firewall/rule-log-level.xml.i create mode 100644 interface-definitions/include/firewall/set-packet-modifications.xml.i create mode 100644 interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i create mode 100644 interface-definitions/include/firewall/source-destination-dynamic-group.xml.i create mode 100644 interface-definitions/include/firewall/source-destination-group-inet.xml.i create mode 100644 interface-definitions/include/firewall/source-destination-group-ipv4.xml.i create mode 100644 interface-definitions/include/firewall/source-destination-group-ipv6.xml.i create mode 100644 interface-definitions/include/firewall/source-destination-group.xml.i create mode 100644 interface-definitions/include/firewall/state.xml.i create mode 100644 interface-definitions/include/firewall/synproxy.xml.i create mode 100644 interface-definitions/include/firewall/tcp-flags.xml.i create mode 100644 interface-definitions/include/firewall/tcp-mss.xml.i create mode 100644 interface-definitions/include/firewall/time.xml.i create mode 100644 interface-definitions/include/firewall/timeout-common-protocols.xml.i create mode 100644 interface-definitions/include/firewall/ttl.xml.i create mode 100644 interface-definitions/include/generic-description.xml.i create mode 100644 interface-definitions/include/generic-disable-node.xml.i create mode 100644 interface-definitions/include/generic-interface-broadcast.xml.i create mode 100644 interface-definitions/include/generic-interface-multi-broadcast.xml.i create mode 100644 interface-definitions/include/generic-interface-multi-wildcard.xml.i create mode 100644 interface-definitions/include/generic-interface-multi.xml.i create mode 100644 interface-definitions/include/generic-interface.xml.i create mode 100644 interface-definitions/include/generic-password.xml.i create mode 100644 interface-definitions/include/generic-username.xml.i create mode 100644 interface-definitions/include/haproxy/http-response-headers.xml.i create mode 100644 interface-definitions/include/haproxy/logging.xml.i create mode 100644 interface-definitions/include/haproxy/mode.xml.i create mode 100644 interface-definitions/include/haproxy/rule-backend.xml.i create mode 100644 interface-definitions/include/haproxy/rule-frontend.xml.i create mode 100644 interface-definitions/include/haproxy/tcp-request.xml.i create mode 100644 interface-definitions/include/haproxy/timeout.xml.i create mode 100644 interface-definitions/include/ids/threshold.xml.i create mode 100644 interface-definitions/include/inbound-interface.xml.i create mode 100644 interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i create mode 100644 interface-definitions/include/interface/address-ipv4-ipv6.xml.i create mode 100644 interface-definitions/include/interface/adjust-mss.xml.i create mode 100644 interface-definitions/include/interface/arp-cache-timeout.xml.i create mode 100644 interface-definitions/include/interface/authentication.xml.i create mode 100644 interface-definitions/include/interface/base-reachable-time.xml.i create mode 100644 interface-definitions/include/interface/default-route-distance.xml.i create mode 100644 interface-definitions/include/interface/dhcp-options.xml.i create mode 100644 interface-definitions/include/interface/dhcpv6-options.xml.i create mode 100644 interface-definitions/include/interface/dial-on-demand.xml.i create mode 100644 interface-definitions/include/interface/disable-arp-filter.xml.i create mode 100644 interface-definitions/include/interface/disable-forwarding.xml.i create mode 100644 interface-definitions/include/interface/disable-link-detect.xml.i create mode 100644 interface-definitions/include/interface/disable.xml.i create mode 100644 interface-definitions/include/interface/duid.xml.i create mode 100644 interface-definitions/include/interface/eapol.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-accept.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-announce.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-ignore.xml.i create mode 100644 interface-definitions/include/interface/enable-directed-broadcast.xml.i create mode 100644 interface-definitions/include/interface/enable-proxy-arp.xml.i create mode 100644 interface-definitions/include/interface/evpn-mh-uplink.xml.i create mode 100644 interface-definitions/include/interface/hw-id.xml.i create mode 100644 interface-definitions/include/interface/inbound-interface.xml.i create mode 100644 interface-definitions/include/interface/ipv4-options.xml.i create mode 100644 interface-definitions/include/interface/ipv6-accept-dad.xml.i create mode 100644 interface-definitions/include/interface/ipv6-address-autoconf.xml.i create mode 100644 interface-definitions/include/interface/ipv6-address-eui64.xml.i create mode 100644 interface-definitions/include/interface/ipv6-address-no-default-link-local.xml.i create mode 100644 interface-definitions/include/interface/ipv6-address.xml.i create mode 100644 interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i create mode 100644 interface-definitions/include/interface/ipv6-options.xml.i create mode 100644 interface-definitions/include/interface/mac-multi.xml.i create mode 100644 interface-definitions/include/interface/mac.xml.i create mode 100644 interface-definitions/include/interface/macsec-key.xml.i create mode 100644 interface-definitions/include/interface/mirror.xml.i create mode 100644 interface-definitions/include/interface/mtu-1200-16000.xml.i create mode 100644 interface-definitions/include/interface/mtu-1450-16000.xml.i create mode 100644 interface-definitions/include/interface/mtu-64-8024.xml.i create mode 100644 interface-definitions/include/interface/mtu-68-1500.xml.i create mode 100644 interface-definitions/include/interface/mtu-68-16000.xml.i create mode 100644 interface-definitions/include/interface/netns.xml.i create mode 100644 interface-definitions/include/interface/no-default-route.xml.i create mode 100644 interface-definitions/include/interface/no-peer-dns.xml.i create mode 100644 interface-definitions/include/interface/parameters-df.xml.i create mode 100644 interface-definitions/include/interface/parameters-flowlabel.xml.i create mode 100644 interface-definitions/include/interface/parameters-innerproto.xml.i create mode 100644 interface-definitions/include/interface/parameters-key.xml.i create mode 100644 interface-definitions/include/interface/parameters-tos.xml.i create mode 100644 interface-definitions/include/interface/parameters-ttl.xml.i create mode 100644 interface-definitions/include/interface/per-client-thread.xml.i create mode 100644 interface-definitions/include/interface/proxy-arp-pvlan.xml.i create mode 100644 interface-definitions/include/interface/redirect.xml.i create mode 100644 interface-definitions/include/interface/source-validation.xml.i create mode 100644 interface-definitions/include/interface/tunnel-remote-multi.xml.i create mode 100644 interface-definitions/include/interface/tunnel-remote.xml.i create mode 100644 interface-definitions/include/interface/vif-s.xml.i create mode 100644 interface-definitions/include/interface/vif.xml.i create mode 100644 interface-definitions/include/interface/vlan-protocol.xml.i create mode 100644 interface-definitions/include/interface/vrf.xml.i create mode 100644 interface-definitions/include/ip-protocol.xml.i create mode 100644 interface-definitions/include/ipsec/authentication-id.xml.i create mode 100644 interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i create mode 100644 interface-definitions/include/ipsec/authentication-rsa.xml.i create mode 100644 interface-definitions/include/ipsec/authentication-x509.xml.i create mode 100644 interface-definitions/include/ipsec/bind.xml.i create mode 100644 interface-definitions/include/ipsec/esp-group.xml.i create mode 100644 interface-definitions/include/ipsec/ike-group.xml.i create mode 100644 interface-definitions/include/ipsec/local-address.xml.i create mode 100644 interface-definitions/include/ipsec/local-traffic-selector.xml.i create mode 100644 interface-definitions/include/ipsec/remote-address.xml.i create mode 100644 interface-definitions/include/ipsec/replay-window.xml.i create mode 100644 interface-definitions/include/ipv4-address-prefix-range.xml.i create mode 100644 interface-definitions/include/ipv4-address-prefix.xml.i create mode 100644 interface-definitions/include/isis/default-information-level.xml.i create mode 100644 interface-definitions/include/isis/ldp-sync-holddown.xml.i create mode 100644 interface-definitions/include/isis/ldp-sync-interface.xml.i create mode 100644 interface-definitions/include/isis/ldp-sync-protocol.xml.i create mode 100644 interface-definitions/include/isis/level-1-2-leaf.xml.i create mode 100644 interface-definitions/include/isis/lfa-local.xml.i create mode 100644 interface-definitions/include/isis/lfa-protocol.xml.i create mode 100644 interface-definitions/include/isis/lfa-remote.xml.i create mode 100644 interface-definitions/include/isis/metric.xml.i create mode 100644 interface-definitions/include/isis/passive.xml.i create mode 100644 interface-definitions/include/isis/password.xml.i create mode 100644 interface-definitions/include/isis/protocol-common-config.xml.i create mode 100644 interface-definitions/include/isis/redistribute-level-1-2.xml.i create mode 100644 interface-definitions/include/listen-address-ipv4-single.xml.i create mode 100644 interface-definitions/include/listen-address-ipv4.xml.i create mode 100644 interface-definitions/include/listen-address-single.xml.i create mode 100644 interface-definitions/include/listen-address-vrf.xml.i create mode 100644 interface-definitions/include/listen-address.xml.i create mode 100644 interface-definitions/include/listen-interface-multi-broadcast.xml.i create mode 100644 interface-definitions/include/log-adjacency-changes.xml.i create mode 100644 interface-definitions/include/name-server-ipv4-ipv6-port.xml.i create mode 100644 interface-definitions/include/name-server-ipv4-ipv6.xml.i create mode 100644 interface-definitions/include/name-server-ipv4.xml.i create mode 100644 interface-definitions/include/name-server-ipv6.xml.i create mode 100644 interface-definitions/include/nat-address.xml.i create mode 100644 interface-definitions/include/nat-exclude.xml.i create mode 100644 interface-definitions/include/nat-interface.xml.i create mode 100644 interface-definitions/include/nat-port.xml.i create mode 100644 interface-definitions/include/nat-rule.xml.i create mode 100644 interface-definitions/include/nat-translation-options.xml.i create mode 100644 interface-definitions/include/nat-translation-port.xml.i create mode 100644 interface-definitions/include/nat/protocol.xml.i create mode 100644 interface-definitions/include/nat64/protocol.xml.i create mode 100644 interface-definitions/include/net.xml.i create mode 100644 interface-definitions/include/openfabric/password.xml.i create mode 100644 interface-definitions/include/ospf/authentication.xml.i create mode 100644 interface-definitions/include/ospf/auto-cost.xml.i create mode 100644 interface-definitions/include/ospf/default-information.xml.i create mode 100644 interface-definitions/include/ospf/distance-global.xml.i create mode 100644 interface-definitions/include/ospf/distance-per-protocol.xml.i create mode 100644 interface-definitions/include/ospf/graceful-restart.xml.i create mode 100644 interface-definitions/include/ospf/interface-common.xml.i create mode 100644 interface-definitions/include/ospf/intervals.xml.i create mode 100644 interface-definitions/include/ospf/log-adjacency-changes.xml.i create mode 100644 interface-definitions/include/ospf/metric-type.xml.i create mode 100644 interface-definitions/include/ospf/metric.xml.i create mode 100644 interface-definitions/include/ospf/protocol-common-config.xml.i create mode 100644 interface-definitions/include/ospfv3/no-summary.xml.i create mode 100644 interface-definitions/include/ospfv3/protocol-common-config.xml.i create mode 100644 interface-definitions/include/pim/bsm.xml.i create mode 100644 interface-definitions/include/pim/dr-priority.xml.i create mode 100644 interface-definitions/include/pim/hello.xml.i create mode 100644 interface-definitions/include/pim/join-prune-interval.xml.i create mode 100644 interface-definitions/include/pim/keep-alive-timer.xml.i create mode 100644 interface-definitions/include/pim/packets.xml.i create mode 100644 interface-definitions/include/pim/passive.xml.i create mode 100644 interface-definitions/include/pim/register-suppress-time.xml.i create mode 100644 interface-definitions/include/pki/ca-certificate-multi.xml.i create mode 100644 interface-definitions/include/pki/ca-certificate.xml.i create mode 100644 interface-definitions/include/pki/certificate-key.xml.i create mode 100644 interface-definitions/include/pki/certificate-multi.xml.i create mode 100644 interface-definitions/include/pki/certificate.xml.i create mode 100644 interface-definitions/include/pki/cli-certificate-base64.xml.i create mode 100644 interface-definitions/include/pki/cli-private-key-base64.xml.i create mode 100644 interface-definitions/include/pki/cli-public-key-base64.xml.i create mode 100644 interface-definitions/include/pki/cli-revoke.xml.i create mode 100644 interface-definitions/include/pki/dh-params.xml.i create mode 100644 interface-definitions/include/pki/openssh-key.xml.i create mode 100644 interface-definitions/include/pki/password-protected.xml.i create mode 100644 interface-definitions/include/pki/private-key.xml.i create mode 100644 interface-definitions/include/pki/public-key.xml.i create mode 100644 interface-definitions/include/policy/action.xml.i create mode 100644 interface-definitions/include/policy/community-clear.xml.i create mode 100644 interface-definitions/include/policy/community-value-list.xml.i create mode 100644 interface-definitions/include/policy/extended-community-value-list.xml.i create mode 100644 interface-definitions/include/policy/host.xml.i create mode 100644 interface-definitions/include/policy/inverse-mask.xml.i create mode 100644 interface-definitions/include/policy/large-community-value-list.xml.i create mode 100644 interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i create mode 100644 interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i create mode 100644 interface-definitions/include/policy/local-route_rule_protocol.xml.i create mode 100644 interface-definitions/include/policy/network.xml.i create mode 100644 interface-definitions/include/policy/prefix-list.xml.i create mode 100644 interface-definitions/include/policy/prefix-list6.xml.i create mode 100644 interface-definitions/include/policy/route-common.xml.i create mode 100644 interface-definitions/include/policy/route-ipv4.xml.i create mode 100644 interface-definitions/include/policy/route-ipv6.xml.i create mode 100644 interface-definitions/include/policy/route-rule-action.xml.i create mode 100644 interface-definitions/include/policy/tag.xml.i create mode 100644 interface-definitions/include/port-number-start-zero.xml.i create mode 100644 interface-definitions/include/port-number.xml.i create mode 100644 interface-definitions/include/port-port-range.xml.i create mode 100644 interface-definitions/include/pppoe-access-concentrator.xml.i create mode 100644 interface-definitions/include/protocol-tcp-udp.xml.i create mode 100644 interface-definitions/include/qos/bandwidth-auto.xml.i create mode 100644 interface-definitions/include/qos/bandwidth.xml.i create mode 100644 interface-definitions/include/qos/burst.xml.i create mode 100644 interface-definitions/include/qos/class-match-group.xml.i create mode 100644 interface-definitions/include/qos/class-match-ipv4-address.xml.i create mode 100644 interface-definitions/include/qos/class-match-ipv4.xml.i create mode 100644 interface-definitions/include/qos/class-match-ipv6-address.xml.i create mode 100644 interface-definitions/include/qos/class-match-ipv6.xml.i create mode 100644 interface-definitions/include/qos/class-match-mark.xml.i create mode 100644 interface-definitions/include/qos/class-match-vif.xml.i create mode 100644 interface-definitions/include/qos/class-match.xml.i create mode 100644 interface-definitions/include/qos/class-police-exceed.xml.i create mode 100644 interface-definitions/include/qos/class-priority.xml.i create mode 100644 interface-definitions/include/qos/codel-quantum.xml.i create mode 100644 interface-definitions/include/qos/flows.xml.i create mode 100644 interface-definitions/include/qos/hfsc-d.xml.i create mode 100644 interface-definitions/include/qos/hfsc-m1.xml.i create mode 100644 interface-definitions/include/qos/hfsc-m2.xml.i create mode 100644 interface-definitions/include/qos/interval.xml.i create mode 100644 interface-definitions/include/qos/match-dscp.xml.i create mode 100644 interface-definitions/include/qos/max-length.xml.i create mode 100644 interface-definitions/include/qos/mtu.xml.i create mode 100644 interface-definitions/include/qos/queue-average-packet.xml.i create mode 100644 interface-definitions/include/qos/queue-limit-1-4294967295.xml.i create mode 100644 interface-definitions/include/qos/queue-limit-2-10999.xml.i create mode 100644 interface-definitions/include/qos/queue-mark-probability.xml.i create mode 100644 interface-definitions/include/qos/queue-maximum-threshold.xml.i create mode 100644 interface-definitions/include/qos/queue-minimum-threshold.xml.i create mode 100644 interface-definitions/include/qos/queue-type.xml.i create mode 100644 interface-definitions/include/qos/set-dscp.xml.i create mode 100644 interface-definitions/include/qos/target.xml.i create mode 100644 interface-definitions/include/qos/tcp-flags.xml.i create mode 100644 interface-definitions/include/radius-acct-server-ipv4.xml.i create mode 100644 interface-definitions/include/radius-auth-server-ipv4.xml.i create mode 100644 interface-definitions/include/radius-nas-identifier.xml.i create mode 100644 interface-definitions/include/radius-nas-ip-address.xml.i create mode 100644 interface-definitions/include/radius-priority.xml.i create mode 100644 interface-definitions/include/radius-server-acct-port.xml.i create mode 100644 interface-definitions/include/radius-server-auth-port.xml.i create mode 100644 interface-definitions/include/radius-server-ipv4-ipv6.xml.i create mode 100644 interface-definitions/include/radius-server-key.xml.i create mode 100644 interface-definitions/include/radius-timeout.xml.i create mode 100644 interface-definitions/include/rip/access-list.xml.i create mode 100644 interface-definitions/include/rip/access-list6.xml.i create mode 100644 interface-definitions/include/rip/default-information.xml.i create mode 100644 interface-definitions/include/rip/default-metric.xml.i create mode 100644 interface-definitions/include/rip/interface.xml.i create mode 100644 interface-definitions/include/rip/prefix-list.xml.i create mode 100644 interface-definitions/include/rip/prefix-list6.xml.i create mode 100644 interface-definitions/include/rip/redistribute.xml.i create mode 100644 interface-definitions/include/rip/timers.xml.i create mode 100644 interface-definitions/include/rip/version.xml.i create mode 100644 interface-definitions/include/route-map.xml.i create mode 100644 interface-definitions/include/router-id.xml.i create mode 100644 interface-definitions/include/routing-passive-interface.xml.i create mode 100644 interface-definitions/include/segment-routing-label-value.xml.i create mode 100644 interface-definitions/include/server-ipv4-fqdn.xml.i create mode 100644 interface-definitions/include/snmp/access-mode.xml.i create mode 100644 interface-definitions/include/snmp/authentication-type.xml.i create mode 100644 interface-definitions/include/snmp/privacy-type.xml.i create mode 100644 interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i create mode 100644 interface-definitions/include/source-address-ipv4-ipv6.xml.i create mode 100644 interface-definitions/include/source-address-ipv4-multi.xml.i create mode 100644 interface-definitions/include/source-address-ipv4.xml.i create mode 100644 interface-definitions/include/source-interface-ethernet.xml.i create mode 100644 interface-definitions/include/source-interface.xml.i create mode 100644 interface-definitions/include/ssh-group.xml.i create mode 100644 interface-definitions/include/ssh-user.xml.i create mode 100644 interface-definitions/include/static/static-route-bfd.xml.i create mode 100644 interface-definitions/include/static/static-route-blackhole.xml.i create mode 100644 interface-definitions/include/static/static-route-distance.xml.i create mode 100644 interface-definitions/include/static/static-route-interface.xml.i create mode 100644 interface-definitions/include/static/static-route-reject.xml.i create mode 100644 interface-definitions/include/static/static-route-segments.xml.i create mode 100644 interface-definitions/include/static/static-route-tag.xml.i create mode 100644 interface-definitions/include/static/static-route-vrf.xml.i create mode 100644 interface-definitions/include/static/static-route.xml.i create mode 100644 interface-definitions/include/static/static-route6.xml.i create mode 100644 interface-definitions/include/stunnel/address.xml.i create mode 100644 interface-definitions/include/stunnel/connect.xml.i create mode 100644 interface-definitions/include/stunnel/listen.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-options.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-cifs.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-connect.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-imap.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-nntp.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-pgsql.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-pop3.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-proxy.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-smtp.xml.i create mode 100644 interface-definitions/include/stunnel/protocol-value-socks.xml.i create mode 100644 interface-definitions/include/stunnel/psk.xml.i create mode 100644 interface-definitions/include/stunnel/ssl.xml.i create mode 100644 interface-definitions/include/syslog-facility.xml.i create mode 100644 interface-definitions/include/system-ip-nht.xml.i create mode 100644 interface-definitions/include/system-ip-protocol.xml.i create mode 100644 interface-definitions/include/system-ipv6-protocol.xml.i create mode 100644 interface-definitions/include/tls-version-min.xml.i create mode 100644 interface-definitions/include/url-http-https.xml.i create mode 100644 interface-definitions/include/version/bgp-version.xml.i create mode 100644 interface-definitions/include/version/broadcast-relay-version.xml.i create mode 100644 interface-definitions/include/version/cluster-version.xml.i create mode 100644 interface-definitions/include/version/config-management-version.xml.i create mode 100644 interface-definitions/include/version/conntrack-sync-version.xml.i create mode 100644 interface-definitions/include/version/conntrack-version.xml.i create mode 100644 interface-definitions/include/version/container-version.xml.i create mode 100644 interface-definitions/include/version/dhcp-relay-version.xml.i create mode 100644 interface-definitions/include/version/dhcp-server-version.xml.i create mode 100644 interface-definitions/include/version/dhcpv6-server-version.xml.i create mode 100644 interface-definitions/include/version/dns-dynamic-version.xml.i create mode 100644 interface-definitions/include/version/dns-forwarding-version.xml.i create mode 100644 interface-definitions/include/version/firewall-version.xml.i create mode 100644 interface-definitions/include/version/flow-accounting-version.xml.i create mode 100644 interface-definitions/include/version/https-version.xml.i create mode 100644 interface-definitions/include/version/ids-version.xml.i create mode 100644 interface-definitions/include/version/interfaces-version.xml.i create mode 100644 interface-definitions/include/version/ipoe-server-version.xml.i create mode 100644 interface-definitions/include/version/ipsec-version.xml.i create mode 100644 interface-definitions/include/version/isis-version.xml.i create mode 100644 interface-definitions/include/version/l2tp-version.xml.i create mode 100644 interface-definitions/include/version/lldp-version.xml.i create mode 100644 interface-definitions/include/version/mdns-version.xml.i create mode 100644 interface-definitions/include/version/monitoring-version.xml.i create mode 100644 interface-definitions/include/version/nat-version.xml.i create mode 100644 interface-definitions/include/version/nat66-version.xml.i create mode 100644 interface-definitions/include/version/ntp-version.xml.i create mode 100644 interface-definitions/include/version/openconnect-version.xml.i create mode 100644 interface-definitions/include/version/openvpn-version.xml.i create mode 100644 interface-definitions/include/version/ospf-version.xml.i create mode 100644 interface-definitions/include/version/pim-version.xml.i create mode 100644 interface-definitions/include/version/policy-version.xml.i create mode 100644 interface-definitions/include/version/pppoe-server-version.xml.i create mode 100644 interface-definitions/include/version/pptp-version.xml.i create mode 100644 interface-definitions/include/version/qos-version.xml.i create mode 100644 interface-definitions/include/version/quagga-version.xml.i create mode 100644 interface-definitions/include/version/reverseproxy-version.xml.i create mode 100644 interface-definitions/include/version/rip-version.xml.i create mode 100644 interface-definitions/include/version/rpki-version.xml.i create mode 100644 interface-definitions/include/version/salt-version.xml.i create mode 100644 interface-definitions/include/version/snmp-version.xml.i create mode 100644 interface-definitions/include/version/ssh-version.xml.i create mode 100644 interface-definitions/include/version/sstp-version.xml.i create mode 100644 interface-definitions/include/version/system-version.xml.i create mode 100644 interface-definitions/include/version/vrf-version.xml.i create mode 100644 interface-definitions/include/version/vrrp-version.xml.i create mode 100644 interface-definitions/include/version/vyos-accel-ppp-version.xml.i create mode 100644 interface-definitions/include/version/wanloadbalance-version.xml.i create mode 100644 interface-definitions/include/version/webproxy-version.xml.i create mode 100644 interface-definitions/include/vni.xml.i create mode 100644 interface-definitions/include/vpn-ipsec-encryption.xml.i create mode 100644 interface-definitions/include/vpn-ipsec-hash.xml.i create mode 100644 interface-definitions/include/vrf-multi.xml.i create mode 100644 interface-definitions/include/vrrp-transition-script.xml.i create mode 100644 interface-definitions/include/vrrp/garp.xml.i create mode 100644 interface-definitions/include/webproxy-url-filtering.xml.i create mode 100644 interface-definitions/interfaces_bonding.xml.in create mode 100644 interface-definitions/interfaces_bridge.xml.in create mode 100644 interface-definitions/interfaces_dummy.xml.in create mode 100644 interface-definitions/interfaces_ethernet.xml.in create mode 100644 interface-definitions/interfaces_geneve.xml.in create mode 100644 interface-definitions/interfaces_input.xml.in create mode 100644 interface-definitions/interfaces_l2tpv3.xml.in create mode 100644 interface-definitions/interfaces_loopback.xml.in create mode 100644 interface-definitions/interfaces_macsec.xml.in create mode 100644 interface-definitions/interfaces_openvpn.xml.in create mode 100644 interface-definitions/interfaces_pppoe.xml.in create mode 100644 interface-definitions/interfaces_pseudo-ethernet.xml.in create mode 100644 interface-definitions/interfaces_sstpc.xml.in create mode 100644 interface-definitions/interfaces_tunnel.xml.in create mode 100644 interface-definitions/interfaces_virtual-ethernet.xml.in create mode 100644 interface-definitions/interfaces_vti.xml.in create mode 100644 interface-definitions/interfaces_vxlan.xml.in create mode 100644 interface-definitions/interfaces_wireguard.xml.in create mode 100644 interface-definitions/interfaces_wireless.xml.in create mode 100644 interface-definitions/interfaces_wwan.xml.in create mode 100644 interface-definitions/load-balancing_reverse-proxy.xml.in create mode 100644 interface-definitions/load-balancing_wan.xml.in create mode 100644 interface-definitions/nat.xml.in create mode 100644 interface-definitions/nat64.xml.in create mode 100644 interface-definitions/nat66.xml.in create mode 100644 interface-definitions/nat_cgnat.xml.in create mode 100644 interface-definitions/netns.xml.in create mode 100644 interface-definitions/pki.xml.in create mode 100644 interface-definitions/policy.xml.in create mode 100644 interface-definitions/policy_local-route.xml.in create mode 100644 interface-definitions/policy_route.xml.in create mode 100644 interface-definitions/protocols_babel.xml.in create mode 100644 interface-definitions/protocols_bfd.xml.in create mode 100644 interface-definitions/protocols_bgp.xml.in create mode 100644 interface-definitions/protocols_eigrp.xml.in create mode 100644 interface-definitions/protocols_failover.xml.in create mode 100644 interface-definitions/protocols_igmp-proxy.xml.in create mode 100644 interface-definitions/protocols_isis.xml.in create mode 100644 interface-definitions/protocols_mpls.xml.in create mode 100644 interface-definitions/protocols_nhrp.xml.in create mode 100644 interface-definitions/protocols_openfabric.xml.in create mode 100644 interface-definitions/protocols_ospf.xml.in create mode 100644 interface-definitions/protocols_ospfv3.xml.in create mode 100644 interface-definitions/protocols_pim.xml.in create mode 100644 interface-definitions/protocols_pim6.xml.in create mode 100644 interface-definitions/protocols_rip.xml.in create mode 100644 interface-definitions/protocols_ripng.xml.in create mode 100644 interface-definitions/protocols_rpki.xml.in create mode 100644 interface-definitions/protocols_segment-routing.xml.in create mode 100644 interface-definitions/protocols_static.xml.in create mode 100644 interface-definitions/protocols_static_arp.xml.in create mode 100644 interface-definitions/protocols_static_multicast.xml.in create mode 100644 interface-definitions/protocols_static_neighbor-proxy.xml.in create mode 100644 interface-definitions/qos.xml.in create mode 100644 interface-definitions/service_aws_glb.xml.in create mode 100644 interface-definitions/service_broadcast-relay.xml.in create mode 100644 interface-definitions/service_config-sync.xml.in create mode 100644 interface-definitions/service_conntrack-sync.xml.in create mode 100644 interface-definitions/service_console-server.xml.in create mode 100644 interface-definitions/service_dhcp-relay.xml.in create mode 100644 interface-definitions/service_dhcp-server.xml.in create mode 100644 interface-definitions/service_dhcpv6-relay.xml.in create mode 100644 interface-definitions/service_dhcpv6-server.xml.in create mode 100644 interface-definitions/service_dns_dynamic.xml.in create mode 100644 interface-definitions/service_dns_forwarding.xml.in create mode 100644 interface-definitions/service_event-handler.xml.in create mode 100644 interface-definitions/service_https.xml.in create mode 100644 interface-definitions/service_ids_ddos-protection.xml.in create mode 100644 interface-definitions/service_ipoe-server.xml.in create mode 100644 interface-definitions/service_lldp.xml.in create mode 100644 interface-definitions/service_mdns_repeater.xml.in create mode 100644 interface-definitions/service_monitoring_telegraf.xml.in create mode 100644 interface-definitions/service_monitoring_zabbix-agent.xml.in create mode 100644 interface-definitions/service_ndp-proxy.xml.in create mode 100644 interface-definitions/service_ntp.xml.in create mode 100644 interface-definitions/service_pppoe-server.xml.in create mode 100644 interface-definitions/service_router-advert.xml.in create mode 100644 interface-definitions/service_salt-minion.xml.in create mode 100644 interface-definitions/service_sla.xml.in create mode 100644 interface-definitions/service_snmp.xml.in create mode 100644 interface-definitions/service_ssh.xml.in create mode 100644 interface-definitions/service_stunnel.xml.in create mode 100644 interface-definitions/service_suricata.xml.in create mode 100644 interface-definitions/service_tftp-server.xml.in create mode 100644 interface-definitions/service_webproxy.xml.in create mode 100644 interface-definitions/system_acceleration.xml.in create mode 100644 interface-definitions/system_config-management.xml.in create mode 100644 interface-definitions/system_conntrack.xml.in create mode 100644 interface-definitions/system_console.xml.in create mode 100644 interface-definitions/system_domain-name.xml.in create mode 100644 interface-definitions/system_domain-search.xml.in create mode 100644 interface-definitions/system_flow-accounting.xml.in create mode 100644 interface-definitions/system_frr.xml.in create mode 100644 interface-definitions/system_host-name.xml.in create mode 100644 interface-definitions/system_ip.xml.in create mode 100644 interface-definitions/system_ipv6.xml.in create mode 100644 interface-definitions/system_lcd.xml.in create mode 100644 interface-definitions/system_login.xml.in create mode 100644 interface-definitions/system_login_banner.xml.in create mode 100644 interface-definitions/system_logs.xml.in create mode 100644 interface-definitions/system_name-server.xml.in create mode 100644 interface-definitions/system_option.xml.in create mode 100644 interface-definitions/system_proxy.xml.in create mode 100644 interface-definitions/system_sflow.xml.in create mode 100644 interface-definitions/system_static-host-mapping.xml.in create mode 100644 interface-definitions/system_sysctl.xml.in create mode 100644 interface-definitions/system_syslog.xml.in create mode 100644 interface-definitions/system_task-scheduler.xml.in create mode 100644 interface-definitions/system_time-zone.xml.in create mode 100644 interface-definitions/system_update-check.xml.in create mode 100644 interface-definitions/system_wireless.xml.in create mode 100644 interface-definitions/vpn_ipsec.xml.in create mode 100644 interface-definitions/vpn_l2tp.xml.in create mode 100644 interface-definitions/vpn_openconnect.xml.in create mode 100644 interface-definitions/vpn_pptp.xml.in create mode 100644 interface-definitions/vpn_sstp.xml.in create mode 100644 interface-definitions/vrf.xml.in create mode 100644 interface-definitions/xml-component-version.xml.in (limited to 'interface-definitions') diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in new file mode 100644 index 0000000..3dd1b32 --- /dev/null +++ b/interface-definitions/container.xml.in @@ -0,0 +1,543 @@ + + + + + Container applications + 450 + + + + + Container name + + [-a-zA-Z0-9]+ + + Container name must be alphanumeric and can contain hyphens + + + + + Allow sharing host process namespace with container + + + + + + Allow sharing host networking with container + + + + + + Grant individual Linux capability to container instance + + net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-nice sys-time + + + net-admin + Network operations (interface, firewall, routing tables) + + + net-bind-service + Bind a socket to privileged ports (port numbers less than 1024) + + + net-raw + Permission to create raw network sockets + + + setpcap + Capability sets (from bounded or inherited set) + + + sys-admin + Administation operations (quotactl, mount, sethostname, setdomainame) + + + sys-module + Load, unload and delete kernel modules + + + sys-nice + Permission to set process nice value + + + sys-time + Permission to set system clock + + + (net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-nice|sys-time) + + + + + + + Configure namespaced kernel parameters of the container + + + + + Sysctl key name + + + + + txt + Sysctl key name + + + + + + + + + Sysctl configuration value + + + + + + + #include + + + Add a host device to the container + + + + + Source device (Example: "/dev/x") + + txt + Source device + + + + + + Destination container device (Example: "/dev/x") + + txt + Destination container device + + + + + + #include + + + Add custom environment variables + + [-_a-zA-Z0-9]+ + + Environment variable name must be alphanumeric and can contain hyphen and underscores + + + + + Set environment option value + + txt + Set environment option value + + + + + + + + Override the default ENTRYPOINT from the image + + [ !#-%&(-~]+ + + Entrypoint must be ASCII characters, use &quot; and &apos for double and single quotes respectively + + + + + Container host name + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + Container image to use + + + + + txt + Image name in the hub-registry + + + [[:ascii:]]{1,255} + + + + + + Override the default CMD from the image + + [ !#-%&(-~]+ + + Command must be ASCII characters, use &quot; and &apos for double and single quotes respectively + + + + + The command's arguments for this container + + [ !#-%&(-~]+ + + The command's arguments must be ASCII characters, use &quot; and &apos for double and single quotes respectively + + + + + Add label variables + + [a-z0-9](?:[a-z0-9.-]*[a-z0-9])? + + Label variable name must be alphanumeric and can contain hyphen, dots and underscores + + + + + Set label option value + + txt + Set label option value + + + [[:ascii:]]{1,255} + + + + + + + + This limits the number of CPU resources the container can use + + u32:0 + Unlimited + + + txt + Amount of CPU time the container can use in amount of cores (up to three decimals) + + + (0|[1-9]\d*)(\.\d{1,3})? + + Container CPU limit must be a (decimal) number in range 0 to number of threads + + 0 + + + + Memory (RAM) available to this container + + u32:0 + Unlimited + + + u32:1-16384 + Container memory in megabytes (MB) + + + + + Container memory must be in range 0 to 16384 MB + + 512 + + + + Shared memory available to this container + + u32:0 + Unlimited + + + u32:1-8192 + Container memory in megabytes (MB) + + + + + Container memory must be in range 0 to 8192 MB + + 64 + + + + Attach user defined network to container + + container network + + #include + + + + + Assign static IP address to container + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + + + + Publish port to the container + + + #include + + + Source host port + + u32:1-65535 + Source host port + + + start-end + Source host port range (e.g. 10025-10030) + + + + + + + + + Destination container port + + u32:1-65535 + Destination container port + + + start-end + Destination container port range (e.g. 10025-10030) + + + + + + + + + Transport protocol used for port mapping + + tcp udp + + + tcp + Use Transmission Control Protocol for given port + + + udp + Use User Datagram Protocol for given port + + + (tcp|udp) + + + tcp + + + + + + Restart options for container + + no on-failure always + + + no + Do not restart containers on exit + + + on-failure + Restart containers when they exit with a non-zero exit code, retrying indefinitely + + + always + Restart containers when they exit, regardless of status, retrying indefinitely + + + (no|on-failure|always) + + + on-failure + + + + User ID this container will run as + + u32:0-65535 + User ID this container will run as + + + + + + + + + Group ID this container will run as + + u32:0-65535 + Group ID this container will run as + + + + + + + + + Mount a volume into the container + + + + + Source host directory + + txt + Source host directory + + + + + + Destination container directory + + txt + Destination container directory + + + + + + Volume access mode ro/rw + + ro rw + + + ro + Volume mounted into the container as read-only + + + rw + Volume mounted into the container as read-write + + + (ro|rw) + + + rw + + + + Volume bind propagation + + shared slave private rshared rslave rprivate + + + shared + Sub-mounts of the original mount are exposed to replica mounts + + + slave + Allow replica mount to see sub-mount from the original mount but not vice versa + + + private + Sub-mounts within a mount are not visible to replica mounts or the original mount + + + rshared + Allows sharing of mount points and their nested mount points between both the original and replica mounts + + + rslave + Allows mount point and their nested mount points between original an replica mounts + + + rprivate + No mount points within original or replica mounts in any direction + + + (shared|slave|private|rshared|rslave|rprivate) + + + rprivate + + + + + + + + Network name + #include + + + #include + + + Prefix which allocated to that network + + ipv4net + IPv4 network prefix + + + ipv6net + IPv6 network prefix + + + + + + + + + + + Disable Domain Name System (DNS) plugin for this network + + + + #include + + + + + Registry Name + + docker.io quay.io + + #include + #include + + + + + diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in new file mode 100644 index 0000000..07c88f7 --- /dev/null +++ b/interface-definitions/firewall.xml.in @@ -0,0 +1,544 @@ + + + + + 489 + Firewall + + + #include + + + Flowtable + + [a-zA-Z0-9][\w\-\.]* + + + + #include + + + Interfaces to use this flowtable + + + + + + + + + Offloading method + + hardware software + + + hardware + Hardware offload + + + software + Software offload + + + (hardware|software) + + + software + + + + + + Firewall group + + + + + Firewall address-group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + + + Address-group member + + ipv4 + IPv4 address to match + + + ipv4range + IPv4 range to match (e.g. 10.0.0.1-10.0.0.200) + + + + + + + + + + + Include another address-group + + firewall group address-group + + + + + #include + + + + + Firewall domain-group + + [a-zA-Z_][a-zA-Z0-9]?[\w\-\.]* + + Name of domain-group can only contain alphanumeric letters, hyphen, underscores and not start with numeric + + + + + Domain-group member + + txt + Domain address to match + + + + + + + + #include + + + + + Firewall dynamic group + + + + + Firewall dynamic address group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + #include + + + + + Firewall dynamic IPv6 address group + + [a-zA-Z0-9][\w\-\.]* + + + + #include + + + + + + + Firewall interface-group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + + + Interface-group member + + + + + + + + + Include another interface-group + + firewall group interface-group + + + + + #include + + + + + Firewall ipv6-address-group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + + + Address-group member + + ipv6 + IPv6 address to match + + + ipv6range + IPv6 range to match (e.g. 2002::1-2002::ff) + + + + + + + + + + + Include another ipv6-address-group + + firewall group ipv6-address-group + + + + + #include + + + + + Firewall ipv6-network-group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + #include + + + Network-group member + + ipv6net + IPv6 address to match + + + + + + + + + + Include another ipv6-network-group + + firewall group ipv6-network-group + + + + + + + + + Firewall mac-group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + #include + + + Mac-group member + + macaddr + MAC address to match + + + + + + + + + + Include another mac-group + + firewall group mac-group + + + + + + + + + Firewall network-group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + #include + + + Network-group member + + ipv4net + IPv4 Subnet to match + + + + + + + + + + Include another network-group + + firewall group network-group + + + + + + + + + Firewall port-group + + #include + + Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot + + + #include + + + Port-group member + + txt + Named port (any name in /etc/services, e.g., http) + + + u32:1-65535 + Numbered port + + + start-end + Numbered port range (e.g. 1001-1050) + + + + + + + + + + Include another port-group + + firewall group port-group + + + + + + + + + + + Bridge firewall + + + #include + #include + #include + #include + #include + + + + + IPv4 firewall + + + #include + #include + #include + #include + #include + + + + + IPv6 firewall + + + #include + #include + #include + #include + #include + + + + + Zone-policy + + txt + Zone name + + + [a-zA-Z0-9][\w\-\.]* + + + + #include + #include + + + Default-action for traffic coming into this zone + + drop reject + + + drop + Drop silently + + + reject + Drop and notify source + + + (drop|reject) + + + drop + + + + Zone from which to filter traffic + + firewall zone + + + + + + Firewall options + + + + + IPv6 firewall ruleset + + firewall ipv6 name + + + + + + IPv4 firewall ruleset + + firewall ipv4 name + + + + + + + + + + Interface associated with zone + + txt + Interface associated with zone + + + vrf + VRF associated with zone + + + + vrf name + + + + + + + Intra-zone filtering + + + + + Action for intra-zone traffic + + accept drop + + + accept + Accept traffic + + + drop + Drop silently + + + (accept|drop) + + + + + + Use the specified firewall chain + + + + + IPv6 firewall ruleset + + firewall ipv6 name + + + + + + IPv4 firewall ruleset + + firewall ipv4 name + + + + + + + + + + Zone to be local-zone + + + + + + + + diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in new file mode 100644 index 0000000..7108aa0 --- /dev/null +++ b/interface-definitions/high-availability.xml.in @@ -0,0 +1,568 @@ + + + + + 800 + High availability settings + + + #include + + + Virtual Router Redundancy Protocol settings + + + + + + Enable SNMP + + + + + VRRP global parameters + + + #include + + + Time VRRP startup process (in seconds) + + u32:1-600 + Interval in seconds + + + + + + + + + Default VRRP version to use, IPv6 always uses VRRP version 3 + + 2 + VRRP version 2 + + + 3 + VRRP version 3 + + + + + + + + + + + VRRP group + + + #include + #include + + + Advertise interval + + u32:1-255 + Advertise interval in seconds + + + + + + 1 + + + + VRRP authentication + + + + + VRRP password + + txt + Password string (up to 8 characters) + + + .{1,8} + + Password must not be longer than 8 characters + + + + + Authentication type + + plaintext-password ah + + + plaintext-password + Simple password string + + + ah + AH - IPSEC (not recommended) + + + (plaintext-password|ah) + + Authentication type must be plaintext-password or ah + + + + + #include + #include + + + Health check + + + + + Health check failure count required for transition to fault + + + + + 3 + + + + Health check execution interval in seconds + + + + + 60 + + + + ICMP ping health check + + ipv4 + IPv4 ping target address + + + ipv6 + IPv6 ping target address + + + + + + + + + Health check script file + + + + + + + + + + VRRP hello source address + + ipv4 + IPv4 hello source address + + + ipv6 + IPv6 hello source address + + + + + + + + + Unicast VRRP peer address + + ipv4 + IPv4 unicast peer address + + + ipv6 + IPv6 unicast peer address + + + + + + + + + + + Disable master preemption + + + + + Preempt delay (in seconds) + + u32:0-1000 + preempt delay + + + + + + 0 + + + + Router priority + + u32:1-255 + Router priority + + + + + + 100 + + + + Use VRRP virtual MAC address as per RFC3768 + + + + + + Track settings + + + + + + Disable track state of main interface + + + + + Interface name state check + + + + + txt + Interface name + + + #include + + + + + + + #include + + + Virtual IP address + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + #include + + + + + Virtual address (If you need additional IPv4 and IPv6 in same group) + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + #include + + + + + Virtual router identifier + + u32:1-255 + Virtual router identifier + + + + + + + + + + + VRRP sync group + + + + + + Sync group member + + txt + VRRP group name + + + high-availability vrrp group + + + + + + Health check + + + + + Health check failure count required for transition to fault + + + + + 3 + + + + Health check execution interval in seconds + + + + + 60 + + + + ICMP ping health check + + ipv4 + IPv4 ping target address + + + ipv6 + IPv6 ping target address + + + + + + + + + Health check script file + + + + + + + + #include + + + + + + + Load-balancing virtual server alias + + + #include + + + Schedule algorithm (default - least-connection) + + round-robin weighted-round-robin least-connection weighted-least-connection source-hashing destination-hashing locality-based-least-connection + + + round-robin + Round robin + + + weighted-round-robin + Weighted round robin + + + least-connection + Least connection + + + weighted-least-connection + Weighted least connection + + + source-hashing + Source hashing + + + destination-hashing + Destination hashing + + + locality-based-least-connection + Locality-Based least connection + + + (round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection) + + + least-connection + + + + Interval between health-checks (in seconds) + + u32:1-600 + Interval in seconds + + + + + + 10 + + + + Forwarding method + + direct nat tunnel + + + direct + Direct routing + + + nat + NAT + + + tunnel + Tunneling + + + (direct|nat|tunnel) + + + nat + + #include + #include + + + Timeout for persistent connections + + u32:1-86400 + Timeout for persistent connections + + + + + + 300 + + + + Protocol for port checks + + tcp udp + + + tcp + TCP + + + udp + UDP + + + (tcp|udp) + + + tcp + + + + Real server address + + + #include + + + Server connection timeout + + u32:1-86400 + Connection timeout to remote server + + + + + + + + + Health check script + + + + + Health check script file + + + + + + + + + + + + + + diff --git a/interface-definitions/include/accel-ppp/auth-local-users.xml.i b/interface-definitions/include/accel-ppp/auth-local-users.xml.i new file mode 100644 index 0000000..1b40a9e --- /dev/null +++ b/interface-definitions/include/accel-ppp/auth-local-users.xml.i @@ -0,0 +1,54 @@ + + + + Local user authentication for PPPoE server + + + + + User name for authentication + + + #include + + + Password for authentication + + + + + Static client IP address + + + + + * + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + + + diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i new file mode 100644 index 0000000..ccaed6f --- /dev/null +++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i @@ -0,0 +1,26 @@ + + + + Authentication mode used by this server + + local + Use local username/password configuration + + + radius + Use RADIUS server for user autentication + + + noauth + Authentication disabled + + + (local|radius|noauth) + + + local radius noauth + + + local + + diff --git a/interface-definitions/include/accel-ppp/auth-protocols.xml.i b/interface-definitions/include/accel-ppp/auth-protocols.xml.i new file mode 100644 index 0000000..4ab4753 --- /dev/null +++ b/interface-definitions/include/accel-ppp/auth-protocols.xml.i @@ -0,0 +1,31 @@ + + + + Authentication protocol for remote access peer + + pap chap mschap mschap-v2 + + + pap + Authentication via PAP (Password Authentication Protocol) + + + chap + Authentication via CHAP (Challenge Handshake Authentication Protocol) + + + mschap + Authentication via MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) + + + mschap-v2 + Authentication via MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2) + + + (pap|chap|mschap|mschap-v2) + + + + pap chap mschap mschap-v2 + + diff --git a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i new file mode 100644 index 0000000..b30a5ee --- /dev/null +++ b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i @@ -0,0 +1,50 @@ + + + + Client IP pool + + txt + Name of IP pool + + + #include + + + + + + Range of IP addresses + + ipv4net + IPv4 prefix + + + ipv4range + IPv4 address range inside /24 network + + + + + + + + + + + + Next pool name + + ${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-4} + + + txt + Name of IP pool + + + #include + + + + + + diff --git a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i new file mode 100644 index 0000000..0c8c2e3 --- /dev/null +++ b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i @@ -0,0 +1,69 @@ + + + + Pool of client IPv6 addresses + + txt + Name of IPv6 pool + + + #include + + + + + + Pool of addresses used to assign to clients + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length used for individual client + + u32:48-128 + Client prefix length + + + + + + 64 + + + + + + Subnet used to delegate prefix through DHCPv6-PD (RFC3633) + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length delegated to client + + u32:32-64 + Delegated prefix length + + + + + + + + + + + diff --git a/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i new file mode 100644 index 0000000..1093f67 --- /dev/null +++ b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i @@ -0,0 +1,17 @@ + + + + Default client IPv6 pool name + + ${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ipv6-pool + + + txt + Default IPv6 pool + + + #include + + + + diff --git a/interface-definitions/include/accel-ppp/default-pool.xml.i b/interface-definitions/include/accel-ppp/default-pool.xml.i new file mode 100644 index 0000000..e06642c --- /dev/null +++ b/interface-definitions/include/accel-ppp/default-pool.xml.i @@ -0,0 +1,17 @@ + + + + Default client IP pool name + + ${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ip-pool + + + txt + Default IP pool + + + #include + + + + diff --git a/interface-definitions/include/accel-ppp/extended-scripts.xml.i b/interface-definitions/include/accel-ppp/extended-scripts.xml.i new file mode 100644 index 0000000..53ff6d5 --- /dev/null +++ b/interface-definitions/include/accel-ppp/extended-scripts.xml.i @@ -0,0 +1,41 @@ + + + + Extended script execution + + + + + Script to run before session interface comes up + + + + + + + + Script to run when session interface is completely configured and started + + + + + + + + Script to run when session interface going to terminate + + + + + + + + Script to run when session interface changed by RADIUS CoA handling + + + + + + + + diff --git a/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i new file mode 100644 index 0000000..dcc58b9 --- /dev/null +++ b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i @@ -0,0 +1,17 @@ + + + + Gateway IP address + invalid IPv4 address + + ipv4net + Default Gateway, mask send to the client + + + + + + + + + diff --git a/interface-definitions/include/accel-ppp/gateway-address.xml.i b/interface-definitions/include/accel-ppp/gateway-address.xml.i new file mode 100644 index 0000000..59f8b50 --- /dev/null +++ b/interface-definitions/include/accel-ppp/gateway-address.xml.i @@ -0,0 +1,15 @@ + + + + Gateway IP address + + + + invalid IPv4 address + + ipv4 + Default Gateway send to the client + + + + diff --git a/interface-definitions/include/accel-ppp/lcp-echo-interval-failure.xml.i b/interface-definitions/include/accel-ppp/lcp-echo-interval-failure.xml.i new file mode 100644 index 0000000..dd7ae12 --- /dev/null +++ b/interface-definitions/include/accel-ppp/lcp-echo-interval-failure.xml.i @@ -0,0 +1,20 @@ + + + + LCP echo-requests/sec + + + + + 30 + + + + Maximum number of Echo-Requests may be sent without valid reply + + + + + 3 + + diff --git a/interface-definitions/include/accel-ppp/lcp-echo-timeout.xml.i b/interface-definitions/include/accel-ppp/lcp-echo-timeout.xml.i new file mode 100644 index 0000000..a630bec --- /dev/null +++ b/interface-definitions/include/accel-ppp/lcp-echo-timeout.xml.i @@ -0,0 +1,11 @@ + + + + Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used. + + + + + 0 + + diff --git a/interface-definitions/include/accel-ppp/limits.xml.i b/interface-definitions/include/accel-ppp/limits.xml.i new file mode 100644 index 0000000..df72b79 --- /dev/null +++ b/interface-definitions/include/accel-ppp/limits.xml.i @@ -0,0 +1,28 @@ + + + + Limits the connection rate from a single source + + + + + Acceptable rate of connections (e.g. 1/min, 60/sec) + + [0-9]+\/(min|sec) + + illegal value + + + + + Burst count + + + + + Timeout in seconds + + + + + diff --git a/interface-definitions/include/accel-ppp/log.xml.i b/interface-definitions/include/accel-ppp/log.xml.i new file mode 100644 index 0000000..96ce93f --- /dev/null +++ b/interface-definitions/include/accel-ppp/log.xml.i @@ -0,0 +1,42 @@ + + + + Server logging + + + + + Specifies log level + + 0 + Turn off logging + + + 1 + Log only error messages + + + 2 + Log error and warning messages + + + 3 + Log error, warning and minimum information messages + + + 4 + Log error, warning and full information messages + + + 5 + Log all messages including debug messages + + + + + + 3 + + + + diff --git a/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i new file mode 100644 index 0000000..f6ef410 --- /dev/null +++ b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i @@ -0,0 +1,15 @@ + + + + Maximum number of concurrent session start attempts + + u32:0-65535 + Maximum number of concurrent session start attempts + + + + + Maximum concurent sessions must be in range 0-65535 + + + diff --git a/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i new file mode 100644 index 0000000..5661bdc --- /dev/null +++ b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i @@ -0,0 +1,11 @@ + + + + Maximum Transmission Unit (MTU) + + + + + 1492 + + diff --git a/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i new file mode 100644 index 0000000..019601c --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i @@ -0,0 +1,14 @@ + + + + PPP interface cache + + u32:1-256000 + Count of interfaces to keep in cache + + + + + + + diff --git a/interface-definitions/include/accel-ppp/ppp-mppe.xml.i b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i new file mode 100644 index 0000000..4c2e84c --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-mppe.xml.i @@ -0,0 +1,26 @@ + + + + Specifies mppe negotiation preferences + + require prefer deny + + + require + send mppe request, if client rejects, drop the connection + + + prefer + send mppe request, if client rejects continue + + + deny + drop all mppe + + + (require|prefer|deny) + + + prefer + + diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i new file mode 100644 index 0000000..a45390f --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i @@ -0,0 +1,23 @@ + + + + IPv4 negotiation algorithm + + (deny|allow) + + invalid value + + deny + Do not negotiate IPv4 + + + allow + Negotiate IPv4 only if client requests + + + deny allow + + + allow + + diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i new file mode 100644 index 0000000..c4cf0a4 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i @@ -0,0 +1,54 @@ + + + + Fixed or random interface identifier for IPv6 + + random + + + random + Random interface identifier for IPv6 + + + x:x:x:x + specify interface identifier for IPv6 + + + (random|((\d+){1,4}:){3}(\d+){1,4}) + + + + + + Peer interface identifier for IPv6 + + random calling-sid ipv4-addr + + + x:x:x:x + Interface identifier for IPv6 + + + random + Use a random interface identifier for IPv6 + + + ipv4-addr + Calculate interface identifier from IPv4 address, for example 192:168:0:1 + + + calling-sid + Calculate interface identifier from calling-station-id + + + (random|calling-sid|ipv4-addr|((\d+){1,4}:){3}(\d+){1,4}) + + + + + + Accept peer interface identifier + + + + diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i new file mode 100644 index 0000000..98abc11 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i @@ -0,0 +1,31 @@ + + + + IPv6 (IPCP6) negotiation algorithm + + (deny|allow|prefer|require) + + invalid value + + deny + Do not negotiate IPv6 + + + allow + Negotiate IPv6 only if client requests + + + prefer + Ask client for IPv6 negotiation, do not fail if it rejects + + + require + Require IPv6 negotiation + + + deny allow prefer require + + + deny + + diff --git a/interface-definitions/include/accel-ppp/ppp-options.xml.i b/interface-definitions/include/accel-ppp/ppp-options.xml.i new file mode 100644 index 0000000..9b4f1d0 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options.xml.i @@ -0,0 +1,65 @@ + + + + Advanced protocol options + + + + + Minimum acceptable MTU (68-65535) + + + + + + + + Preferred MRU (68-65535) + + + + + + + + Disable Compression Control Protocol (CCP) + + + + #include + #include + #include + #include + + + IPv4 (IPCP) negotiation algorithm + + (deny|allow|prefer|require) + + invalid value + + deny + Do not negotiate IPv4 + + + allow + Negotiate IPv4 only if client requests + + + prefer + Ask client for IPv4 negotiation, do not fail if it rejects + + + require + Require IPv4 negotiation + + + deny allow prefer require + + + + #include + #include + + + diff --git a/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i b/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i new file mode 100644 index 0000000..311ef96 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i @@ -0,0 +1,15 @@ + + + + Interval in seconds to send accounting information + + u32:1-3600 + Interval in seconds to send accounting information + + + + + Interval value must be between 1 and 3600 seconds + + + diff --git a/interface-definitions/include/accel-ppp/radius-additions-disable-accounting.xml.i b/interface-definitions/include/accel-ppp/radius-additions-disable-accounting.xml.i new file mode 100644 index 0000000..c723c31 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-additions-disable-accounting.xml.i @@ -0,0 +1,8 @@ + + + + Disable accounting + + + + diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i new file mode 100644 index 0000000..c0367b8 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i @@ -0,0 +1,40 @@ + + + + Upload/Download speed limits + + + + + RADIUS attribute that contains rate information + + Filter-Id + + + + Vendor dictionary + + + + + Enable bandwidth shaping via RADIUS + + + + + + Shaper multiplier + + <0.001-1000> + Shaper multiplier + + + + + Multiplier needs to be between 0.001 and 1000 + + 1 + + + + diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i new file mode 100644 index 0000000..5222ba8 --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -0,0 +1,158 @@ + + + + + + Interval in seconds to send accounting information + + u32:1-3600 + Interval in seconds to send accounting information + + + + + Interval value must be between 1 and 3600 seconds + + + + + Maximum jitter value in seconds to be applied to accounting information interval + + u32:1-60 + Maximum jitter value in seconds + + + + + Jitter value must be between 1 and 60 seconds + + + + + + + Accounting port + + u32:1-65535 + Numeric IP port + + + + + + 1813 + + #include + + + Mark server unavailable for <n> seconds on failure + + u32:0-600 + Fail time penalty + + + + + Fail time must be between 0 and 600 seconds + + 0 + + #include + + + Use backup server if other servers are not available + + + + + + + + Timeout in seconds to wait response from RADIUS server + + u32:1-60 + Timeout in seconds + + + + + Timeout must be between 1 and 60 seconds + + 3 + + + + Timeout for Interim-Update packets, terminate session afterwards + + u32:0-60 + Timeout in seconds, 0 to keep active + + + + + Timeout must be between 0 and 60 seconds + + 3 + + + + Number of tries to send Access-Request/Accounting-Request queries + + u32:1-20 + Maximum tries + + + + + Maximum tries must be between 1 and 20 + + 3 + + #include + #include + + + Enable attribute NAS-Port-Id in Access-Request + + + + + + Dynamic Authorization Extension/Change of Authorization server + + + + + IP address for Dynamic Authorization Extension server (DM/CoA) + + + + + ipv4 + IPv4 address for dynamic authorization server + + + + + + Port for Dynamic Authorization Extension server (DM/CoA) + + u32:1-65535 + TCP port + + + + + + 1700 + + + + Shared secret for Dynamic Authorization Extension server + + + + + + + diff --git a/interface-definitions/include/accel-ppp/shaper.xml.i b/interface-definitions/include/accel-ppp/shaper.xml.i new file mode 100644 index 0000000..b4f9536 --- /dev/null +++ b/interface-definitions/include/accel-ppp/shaper.xml.i @@ -0,0 +1,21 @@ + + + + Traffic shaper bandwidth parameters + + + + + Firewall mark value for traffic that excludes from shaping + + u32:1-2147483647 + Match firewall mark value + + + + + + + + + diff --git a/interface-definitions/include/accel-ppp/snmp.xml.i b/interface-definitions/include/accel-ppp/snmp.xml.i new file mode 100644 index 0000000..373ced1 --- /dev/null +++ b/interface-definitions/include/accel-ppp/snmp.xml.i @@ -0,0 +1,15 @@ + + + + Enable SNMP + + + + + Enable SNMP master agent mode + + + + + + diff --git a/interface-definitions/include/accel-ppp/vlan-mon.xml.i b/interface-definitions/include/accel-ppp/vlan-mon.xml.i new file mode 100644 index 0000000..d5bacb0 --- /dev/null +++ b/interface-definitions/include/accel-ppp/vlan-mon.xml.i @@ -0,0 +1,8 @@ + + + + Automatically create VLAN interfaces + + + + diff --git a/interface-definitions/include/accel-ppp/vlan.xml.i b/interface-definitions/include/accel-ppp/vlan.xml.i new file mode 100644 index 0000000..5ef4de6 --- /dev/null +++ b/interface-definitions/include/accel-ppp/vlan.xml.i @@ -0,0 +1,20 @@ + + + + VLAN monitor for automatic creation of VLAN interfaces + + u32:1-4094 + VLAN for automatic creation + + + start-end + VLAN range for automatic creation (e.g. 1-4094) + + + + + VLAN IDs need to be in range 1-4094 + + + + diff --git a/interface-definitions/include/accel-ppp/wins-server.xml.i b/interface-definitions/include/accel-ppp/wins-server.xml.i new file mode 100644 index 0000000..f7f483f --- /dev/null +++ b/interface-definitions/include/accel-ppp/wins-server.xml.i @@ -0,0 +1,15 @@ + + + + Windows Internet Name Service (WINS) servers propagated to client + + ipv4 + Domain Name Server (DNS) IPv4 address + + + + + + + + diff --git a/interface-definitions/include/address-ipv4-ipv6-single.xml.i b/interface-definitions/include/address-ipv4-ipv6-single.xml.i new file mode 100644 index 0000000..dc3d6fc --- /dev/null +++ b/interface-definitions/include/address-ipv4-ipv6-single.xml.i @@ -0,0 +1,18 @@ + + + + IP address + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + diff --git a/interface-definitions/include/allow-client.xml.i b/interface-definitions/include/allow-client.xml.i new file mode 100644 index 0000000..1b06e2c --- /dev/null +++ b/interface-definitions/include/allow-client.xml.i @@ -0,0 +1,35 @@ + + + + Restrict to allowed IP client addresses + + + + + Allowed IP client addresses + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + + diff --git a/interface-definitions/include/arp-ndp-table-size.xml.i b/interface-definitions/include/arp-ndp-table-size.xml.i new file mode 100644 index 0000000..dec86e9 --- /dev/null +++ b/interface-definitions/include/arp-ndp-table-size.xml.i @@ -0,0 +1,14 @@ + + + + Maximum number of entries to keep in the cache + + 1024 2048 4096 8192 16384 32768 + + + (1024|2048|4096|8192|16384|32768) + + + 8192 + + diff --git a/interface-definitions/include/auth-local-users.xml.i b/interface-definitions/include/auth-local-users.xml.i new file mode 100644 index 0000000..9fb5074 --- /dev/null +++ b/interface-definitions/include/auth-local-users.xml.i @@ -0,0 +1,26 @@ + + + + Local user authentication + + + + + Username used for authentication + + txt + Username used for authentication + + + + #include + + + Password used for authentication + + + + + + + diff --git a/interface-definitions/include/babel/interface.xml.i b/interface-definitions/include/babel/interface.xml.i new file mode 100644 index 0000000..a122ef0 --- /dev/null +++ b/interface-definitions/include/babel/interface.xml.i @@ -0,0 +1,187 @@ + + + + Interface name + + + + + txt + Interface name + + + #include + + + + + + Interface type + + auto wired wireless + + + auto + Automatically detect interface type + + + wired + Wired interface + + + wireless + Wireless interface + + + (auto|wired|wireless) + + + auto + + + + Split horizon parameters + + default enable disable + + + default + Enable on wired interfaces, and disable on wireless interfaces + + + enable + Enable split horizon processing + + + disable + Disable split horizon processing + + + (default|enable|disable) + + + default + + + + Time between scheduled hellos + + u32:20-655340 + Milliseconds + + + + + + 4000 + + + + Time between scheduled updates + + u32:20-655340 + Milliseconds + + + + + + 20000 + + + + Base receive cost for this interface + + u32:1-65534 + Base receive cost + + + + + + + + + Decay factor for exponential moving average of RTT samples + + u32:1-256 + Decay factor, in units of 1/256 + + + + + + 42 + + + + Minimum RTT + + u32:1-65535 + Milliseconds + + + + + + 10 + + + + Maximum RTT + + u32:1-65535 + Milliseconds + + + + + + 120 + + + + Maximum additional cost due to RTT + + u32:0-65535 + Milliseconds (0 to disable the use of RTT-based cost) + + + + + + 150 + + + + Enable timestamps with each Hello and IHU message in order to compute RTT values + + + + + + Channel number for diversity routing + + interfering non-interfering + + + u32:1-254 + Interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number + + + interfering + Interfering interfaces are assumed to interfere with all other channels except non-interfering channels + + + non-interfering + Non-interfering interfaces only interfere with themselves + + + + (interfering|non-interfering) + + + + + + diff --git a/interface-definitions/include/bfd/bfd.xml.i b/interface-definitions/include/bfd/bfd.xml.i new file mode 100644 index 0000000..022956d --- /dev/null +++ b/interface-definitions/include/bfd/bfd.xml.i @@ -0,0 +1,10 @@ + + + + Enable Bidirectional Forwarding Detection (BFD) + + + #include + + + diff --git a/interface-definitions/include/bfd/common.xml.i b/interface-definitions/include/bfd/common.xml.i new file mode 100644 index 0000000..8e6999d --- /dev/null +++ b/interface-definitions/include/bfd/common.xml.i @@ -0,0 +1,90 @@ + + + + Enables the echo transmission mode + + + + + + Configure timer intervals + + + + + Minimum interval of receiving control packets + + u32:10-60000 + Interval in milliseconds + + + + + + 300 + + + + Minimum interval of transmitting control packets + + u32:10-60000 + Interval in milliseconds + + + + + + 300 + + + + Multiplier to determine packet loss + + u32:2-255 + Remote transmission interval will be multiplied by this value + + + + + + 3 + + + + Echo receive transmission interval + + u32:10-60000 + The minimal echo receive transmission interval that this system is capable of handling + + + + + + + + + + + Expect packets with at least this TTL + + u32:1-254 + Minimum TTL expected + + + + + + + + + Do not attempt to start sessions + + + + + + Disable this peer + + + + diff --git a/interface-definitions/include/bfd/profile.xml.i b/interface-definitions/include/bfd/profile.xml.i new file mode 100644 index 0000000..5ff0572 --- /dev/null +++ b/interface-definitions/include/bfd/profile.xml.i @@ -0,0 +1,14 @@ + + + + Use settings from BFD profile + + protocols bfd profile + + + txt + BFD profile name + + + + diff --git a/interface-definitions/include/bgp/afi-aggregate-address.xml.i b/interface-definitions/include/bgp/afi-aggregate-address.xml.i new file mode 100644 index 0000000..c1b7958 --- /dev/null +++ b/interface-definitions/include/bgp/afi-aggregate-address.xml.i @@ -0,0 +1,15 @@ + + + + Generate AS-set path information for this aggregate address + + + +#include + + + Announce the aggregate summary network only + + + + diff --git a/interface-definitions/include/bgp/afi-allowas-in.xml.i b/interface-definitions/include/bgp/afi-allowas-in.xml.i new file mode 100644 index 0000000..2df4b85 --- /dev/null +++ b/interface-definitions/include/bgp/afi-allowas-in.xml.i @@ -0,0 +1,21 @@ + + + + Accept route that contains the local-as in the as-path + + + + + Number of occurrences of AS number + + u32:1-10 + Number of times AS is allowed in path + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-attribute-unchanged.xml.i b/interface-definitions/include/bgp/afi-attribute-unchanged.xml.i new file mode 100644 index 0000000..6d39e45 --- /dev/null +++ b/interface-definitions/include/bgp/afi-attribute-unchanged.xml.i @@ -0,0 +1,27 @@ + + + + BGP attributes are sent unchanged + + + + + Send AS path unchanged + + + + + + Send multi-exit discriminator unchanged + + + + + + Send nexthop unchanged + + + + + + diff --git a/interface-definitions/include/bgp/afi-capability-orf.xml.i b/interface-definitions/include/bgp/afi-capability-orf.xml.i new file mode 100644 index 0000000..05c3368 --- /dev/null +++ b/interface-definitions/include/bgp/afi-capability-orf.xml.i @@ -0,0 +1,28 @@ + + + + Advertise ORF capability to this peer + + + + + Advertise prefix-list ORF capability to this peer + + + + + Capability to receive the ORF + + + + + + Capability to send the ORF + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-common-flowspec.xml.i b/interface-definitions/include/bgp/afi-common-flowspec.xml.i new file mode 100644 index 0000000..fb3308e --- /dev/null +++ b/interface-definitions/include/bgp/afi-common-flowspec.xml.i @@ -0,0 +1,7 @@ + +#include +#include +#include +#include +#include + diff --git a/interface-definitions/include/bgp/afi-default-originate.xml.i b/interface-definitions/include/bgp/afi-default-originate.xml.i new file mode 100644 index 0000000..ba1ec57 --- /dev/null +++ b/interface-definitions/include/bgp/afi-default-originate.xml.i @@ -0,0 +1,10 @@ + + + + Originate default route to this peer + + + #include + + + diff --git a/interface-definitions/include/bgp/afi-export-import.xml.i b/interface-definitions/include/bgp/afi-export-import.xml.i new file mode 100644 index 0000000..5223af0 --- /dev/null +++ b/interface-definitions/include/bgp/afi-export-import.xml.i @@ -0,0 +1,42 @@ + + + + Export routes from this address-family + + + + + to/from default instance VPN RIB + + + + + + + + Import routes to this address-family + + + + + to/from default instance VPN RIB + + + + + + VRF to import from + + txt + VRF instance name + + + vrf name + default + + + + + + + diff --git a/interface-definitions/include/bgp/afi-filter-list.xml.i b/interface-definitions/include/bgp/afi-filter-list.xml.i new file mode 100644 index 0000000..df7619a --- /dev/null +++ b/interface-definitions/include/bgp/afi-filter-list.xml.i @@ -0,0 +1,25 @@ + + + + as-path-list to filter route updates to/from this peer + + + + + As-path-list to filter outgoing route updates to this peer + + policy as-path-list + + + + + + As-path-list to filter incoming route updates from this peer + + policy as-path-list + + + + + + diff --git a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i new file mode 100644 index 0000000..0f760da --- /dev/null +++ b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i @@ -0,0 +1,41 @@ + + + + IPv4-Prefix-list to filter route updates to/from this peer + + + + + IPv4-Prefix-list to filter outgoing route updates to this peer + + policy prefix-list + + + txt + Name of IPv4 prefix-list + + + #include + + Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores + + + + + IPv4-Prefix-list to filter incoming route updates from this peer + + policy prefix-list + + + txt + Name of IPv4 prefix-list + + + #include + + Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores + + + + + diff --git a/interface-definitions/include/bgp/afi-ipv6-nexthop-local.xml.i b/interface-definitions/include/bgp/afi-ipv6-nexthop-local.xml.i new file mode 100644 index 0000000..c232545 --- /dev/null +++ b/interface-definitions/include/bgp/afi-ipv6-nexthop-local.xml.i @@ -0,0 +1,15 @@ + + + + Nexthop attributes + + + + + Leave link-local nexthop unchanged for this peer + + + + + + diff --git a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i new file mode 100644 index 0000000..268d9cb --- /dev/null +++ b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i @@ -0,0 +1,41 @@ + + + + Prefix-list to filter route updates to/from this peer + + + + + Prefix-list to filter outgoing route updates to this peer + + policy prefix-list6 + + + txt + Name of IPv6 prefix-list + + + #include + + Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores + + + + + Prefix-list to filter incoming route updates from this peer + + policy prefix-list6 + + + txt + Name of IPv6 prefix-list + + + #include + + Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores + + + + + diff --git a/interface-definitions/include/bgp/afi-l2vpn-advertise.xml.i b/interface-definitions/include/bgp/afi-l2vpn-advertise.xml.i new file mode 100644 index 0000000..caf0b6b --- /dev/null +++ b/interface-definitions/include/bgp/afi-l2vpn-advertise.xml.i @@ -0,0 +1,10 @@ + + + + IPv4 address family + + + #include + + + diff --git a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i new file mode 100644 index 0000000..fef3daf --- /dev/null +++ b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i @@ -0,0 +1,61 @@ + + + + Advertise All default g/w mac-ip routes in EVPN + + + + + + Advertise svi mac-ip routes in EVPN + + + +#include + + + Route Target + + + + + Route Target both import and export + + txt + Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + + Route Target import + + txt + Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + + Route Target export + + txt + Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-label.xml.i b/interface-definitions/include/bgp/afi-label.xml.i new file mode 100644 index 0000000..2c5eed1 --- /dev/null +++ b/interface-definitions/include/bgp/afi-label.xml.i @@ -0,0 +1,49 @@ + + + + Label value for VRF + + + + + Between current address-family and VPN + + + + + For routes leaked from current address-family to VPN + + auto + + + auto + Automatically assign a label + + + u32:0-1048575 + Label Value + + + + (auto) + + + + + + Label allocation mode + + + + + Allocate a label per connected next-hop in the VRF + + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-maximum-paths.xml.i b/interface-definitions/include/bgp/afi-maximum-paths.xml.i new file mode 100644 index 0000000..5358bb7 --- /dev/null +++ b/interface-definitions/include/bgp/afi-maximum-paths.xml.i @@ -0,0 +1,33 @@ + + + + Forward packets over multiple paths + + + + + eBGP maximum paths + + u32:1-256 + Number of paths to consider + + + + + + + + + iBGP maximum paths + + u32:1-256 + Number of paths to consider + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-nexthop-self.xml.i b/interface-definitions/include/bgp/afi-nexthop-self.xml.i new file mode 100644 index 0000000..36a7512 --- /dev/null +++ b/interface-definitions/include/bgp/afi-nexthop-self.xml.i @@ -0,0 +1,15 @@ + + + + Disable the next hop calculation for this peer + + + + + Set the next hop to self for reflected routes + + + + + + diff --git a/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i new file mode 100644 index 0000000..d90597f --- /dev/null +++ b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i @@ -0,0 +1,32 @@ + + + + Specify next hop to use for VRF advertised prefixes + + + + + Between current address-family and vpn + + + + + For routes leaked from current address-family to vpn + + ipv4 + BGP neighbor IP address + + + ipv6 + BGP neighbor IPv6 address + + + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-path-limit.xml.i b/interface-definitions/include/bgp/afi-path-limit.xml.i new file mode 100644 index 0000000..e3d630a --- /dev/null +++ b/interface-definitions/include/bgp/afi-path-limit.xml.i @@ -0,0 +1,14 @@ + + + + AS-path hopcount limit + + u32:0-255 + AS path hop count limit + + + + + + + diff --git a/interface-definitions/include/bgp/afi-rd.xml.i b/interface-definitions/include/bgp/afi-rd.xml.i new file mode 100644 index 0000000..beb1447 --- /dev/null +++ b/interface-definitions/include/bgp/afi-rd.xml.i @@ -0,0 +1,28 @@ + + + + Specify route distinguisher + + + + + Between current address-family and VPN + + + + + For routes leaked from current address-family to VPN + + ASN:NN_OR_IP-ADDRESS:NN + Route Distinguisher, (x.x.x.x:yyy|xxxx:yyyy) + + + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-redistribute-metric-route-map.xml.i b/interface-definitions/include/bgp/afi-redistribute-metric-route-map.xml.i new file mode 100644 index 0000000..d4c7ac4 --- /dev/null +++ b/interface-definitions/include/bgp/afi-redistribute-metric-route-map.xml.i @@ -0,0 +1,12 @@ + + + + Metric for redistributed routes + + u32:1-4294967295 + Metric for redistributed routes + + + +#include + diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i new file mode 100644 index 0000000..3889912 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i @@ -0,0 +1,34 @@ + + + + Route-map to filter outgoing route updates + + policy route-map + + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + + + Route-map to filter incoming route updates + + policy route-map + + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + diff --git a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i new file mode 100644 index 0000000..e6be113 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i @@ -0,0 +1,17 @@ + + + + Route-map to filter route updates to/from this peer + + + + + Between current address-family and VPN + + + #include + + + + + diff --git a/interface-definitions/include/bgp/afi-route-map.xml.i b/interface-definitions/include/bgp/afi-route-map.xml.i new file mode 100644 index 0000000..0b61781 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map.xml.i @@ -0,0 +1,10 @@ + + + + Route-map to filter route updates to/from this peer + + + #include + + + diff --git a/interface-definitions/include/bgp/afi-route-reflector-client.xml.i b/interface-definitions/include/bgp/afi-route-reflector-client.xml.i new file mode 100644 index 0000000..dcb2d18 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-reflector-client.xml.i @@ -0,0 +1,8 @@ + + + + Peer is a route reflector client + + + + diff --git a/interface-definitions/include/bgp/afi-route-server-client.xml.i b/interface-definitions/include/bgp/afi-route-server-client.xml.i new file mode 100644 index 0000000..9bb628e --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-server-client.xml.i @@ -0,0 +1,8 @@ + + + + Peer is a route server client + + + + \ No newline at end of file diff --git a/interface-definitions/include/bgp/afi-route-target-vpn.xml.i b/interface-definitions/include/bgp/afi-route-target-vpn.xml.i new file mode 100644 index 0000000..5784f9e --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-target-vpn.xml.i @@ -0,0 +1,52 @@ + + + + Specify route target list + + + + + Between current address-family and VPN + + + + + Route Target both import and export + + txt + Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + Route Target import + + txt + Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + Route Target export + + txt + Space separated route target list (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-sid.xml.i b/interface-definitions/include/bgp/afi-sid.xml.i new file mode 100644 index 0000000..38a3dcf --- /dev/null +++ b/interface-definitions/include/bgp/afi-sid.xml.i @@ -0,0 +1,36 @@ + + + + SID value for VRF + + + + + Between current VRF and VPN + + + + + For routes leaked from current VRF to VPN + + auto + + + u32:1-1048575 + SID allocation index + + + auto + Automatically assign a label + + + auto + + + + + + + + + diff --git a/interface-definitions/include/bgp/afi-soft-reconfiguration.xml.i b/interface-definitions/include/bgp/afi-soft-reconfiguration.xml.i new file mode 100644 index 0000000..4933671 --- /dev/null +++ b/interface-definitions/include/bgp/afi-soft-reconfiguration.xml.i @@ -0,0 +1,15 @@ + + + + Soft reconfiguration for peer + + + + + Enable inbound soft reconfiguration + + + + + + diff --git a/interface-definitions/include/bgp/afi-vpn-label.xml.i b/interface-definitions/include/bgp/afi-vpn-label.xml.i new file mode 100644 index 0000000..6c7e73d --- /dev/null +++ b/interface-definitions/include/bgp/afi-vpn-label.xml.i @@ -0,0 +1,14 @@ + + + + MPLS label value assigned to route + + u32:0-1048575 + MPLS label value + + + + + + + diff --git a/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i new file mode 100644 index 0000000..261d602 --- /dev/null +++ b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i @@ -0,0 +1,14 @@ + + + + Send state before policy and filter processing + + + + + + Send state with policy and filters applied + + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-flowspec.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-flowspec.xml.i new file mode 100644 index 0000000..2f0ed72 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-flowspec.xml.i @@ -0,0 +1,11 @@ + + + + IPv4 Flow Specification BGP neighbor parameters + + + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i new file mode 100644 index 0000000..a433f7c --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i @@ -0,0 +1,204 @@ + + + + Use addpath to advertise all paths to a neighbor + + + + + + Use addpath to advertise the bestpath per each neighboring AS + + + + + + Use route-map to conditionally advertise routes + + + + + Route-map to conditionally advertise routes + + policy route-map + + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + + + Advertise routes only if prefixes in exist-map are installed in BGP table + + policy route-map + + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + + + Advertise routes only if prefixes in non-exist-map are not installed in BGP table + + policy route-map + + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + + +#include + + + Override ASN in outbound updates to configured neighbor local-as + + + +#include + + + Disable sending community attributes to this peer + + + + + Disable sending extended community attributes to this peer + + + + + + Disable sending standard community attributes to this peer + + + + + + + + Access-list to filter route updates to/from this peer-group + + + + + Access-list to filter outgoing route updates to this peer-group + + policy access-list + + + u32:1-65535 + Access-list to filter outgoing route updates to this peer-group + + + + + + + + + Access-list to filter incoming route updates from this peer-group + + policy access-list + + + u32:1-65535 + Access-list to filter incoming route updates from this peer-group + + + + + + + + +#include + + + Maximum number of prefixes to accept from this peer + + u32:1-4294967295 + Prefix limit + + + + + + + + + Maximum number of prefixes to be sent to this peer + + u32:1-4294967295 + Prefix limit + + + + + + +#include + + + Remove private AS numbers from AS path in outbound route updates + + + + + Remove private AS numbers to all AS numbers in outbound route updates + + + + + +#include +#include +#include +#include + + + Route-map to selectively unsuppress suppressed routes + + policy route-map + + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + + + Default weight for routes from this peer + + u32:1-65535 + Default weight + + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i new file mode 100644 index 0000000..0eae29f --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i @@ -0,0 +1,20 @@ + + + + IPv4 Labeled Unicast BGP neighbor parameters + + + + + Advertise capabilities to this neighbor (IPv4) + + + #include + + + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i new file mode 100644 index 0000000..4bb6df7 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i @@ -0,0 +1,20 @@ + + + + IPv4 Multicast BGP neighbor parameters + + + + + Advertise capabilities to this neighbor (IPv4) + + + #include + + + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i new file mode 100644 index 0000000..0094ce8 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i @@ -0,0 +1,20 @@ + + + + IPv4 BGP neighbor parameters + + + + + Advertise capabilities to this neighbor (IPv4) + + + #include + + + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i new file mode 100644 index 0000000..220f22f --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i @@ -0,0 +1,11 @@ + + + + IPv4 VPN BGP neighbor parameters + + + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-flowspec.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-flowspec.xml.i new file mode 100644 index 0000000..bc61076 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-flowspec.xml.i @@ -0,0 +1,11 @@ + + + + IPv6 Flow Specification BGP neighbor parameters + + + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i new file mode 100644 index 0000000..9951835 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i @@ -0,0 +1,21 @@ + + + + IPv6 Labeled Unicast BGP neighbor parameters + + + + + Advertise capabilities to this neighbor (IPv6) + + + #include + + + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i new file mode 100644 index 0000000..bb713c3 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i @@ -0,0 +1,13 @@ + + + + IPv6 Multicast BGP neighbor parameters + + + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i new file mode 100644 index 0000000..26a5e70 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i @@ -0,0 +1,21 @@ + + + + IPv6 BGP neighbor parameters + + + + + Advertise capabilities to this neighbor (IPv6) + + + #include + + + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i new file mode 100644 index 0000000..5c68119 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i @@ -0,0 +1,12 @@ + + + + IPv6 VPN BGP neighbor parameters + + + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-afi-l2vpn-evpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-l2vpn-evpn.xml.i new file mode 100644 index 0000000..c9f6600 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-afi-l2vpn-evpn.xml.i @@ -0,0 +1,16 @@ + + + + L2VPN EVPN BGP settings + + + #include + #include + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/bgp/neighbor-bfd.xml.i b/interface-definitions/include/bgp/neighbor-bfd.xml.i new file mode 100644 index 0000000..fac2a11 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-bfd.xml.i @@ -0,0 +1,16 @@ + + + + Enable Bidirectional Forwarding Detection (BFD) support + + + #include + + + Allow to write CBIT independence in BFD outgoing packets and read both C-BIT value of BFD and lookup BGP peer status + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-capability.xml.i b/interface-definitions/include/bgp/neighbor-capability.xml.i new file mode 100644 index 0000000..c5ed3c8 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-capability.xml.i @@ -0,0 +1,27 @@ + + + + Advertise capabilities to this peer-group + + + + + Advertise dynamic capability to this neighbor + + + + + + Advertise extended-nexthop capability to this neighbor + + + + + + Advertise Software Version capability to the peer + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-disable-capability-negotiation.xml.i b/interface-definitions/include/bgp/neighbor-disable-capability-negotiation.xml.i new file mode 100644 index 0000000..0c44e47 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-disable-capability-negotiation.xml.i @@ -0,0 +1,8 @@ + + + + Disable capability negotiation with this neighbor + + + + diff --git a/interface-definitions/include/bgp/neighbor-disable-connected-check.xml.i b/interface-definitions/include/bgp/neighbor-disable-connected-check.xml.i new file mode 100644 index 0000000..aef5a55 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-disable-connected-check.xml.i @@ -0,0 +1,8 @@ + + + + Allow peerings between eBGP peer using loopback/dummy address + + + + diff --git a/interface-definitions/include/bgp/neighbor-ebgp-multihop.xml.i b/interface-definitions/include/bgp/neighbor-ebgp-multihop.xml.i new file mode 100644 index 0000000..c053de7 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-ebgp-multihop.xml.i @@ -0,0 +1,14 @@ + + + + Allow this EBGP neighbor to not be on a directly connected network + + u32:1-255 + Number of hops + + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i new file mode 100644 index 0000000..4399d79 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-graceful-restart.xml.i @@ -0,0 +1,25 @@ + + + + BGP graceful restart functionality + + enable disable restart-helper + + + enable + Enable BGP graceful restart at peer level + + + disable + Disable BGP graceful restart at peer level + + + restart-helper + Enable BGP graceful restart helper only functionality + + + (enable|disable|restart-helper) + + + + diff --git a/interface-definitions/include/bgp/neighbor-local-as.xml.i b/interface-definitions/include/bgp/neighbor-local-as.xml.i new file mode 100644 index 0000000..8868e30 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-local-as.xml.i @@ -0,0 +1,29 @@ + + + + Specify alternate ASN for this BGP process + + u32:1-4294967294 + Autonomous System Number (ASN) + + + + + + + + + Disable prepending local-as from/to updates for eBGP peers + + + + + Prepend only local-as from/to updates for eBGP peers + + + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-local-role.xml.i b/interface-definitions/include/bgp/neighbor-local-role.xml.i new file mode 100644 index 0000000..6ddb490 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-local-role.xml.i @@ -0,0 +1,42 @@ + + + + Local role for BGP neighbor (RFC9234) + + customer peer provider rs-client rs-server + + + customer + Using Transit + + + peer + Public/Private Peering + + + provider + Providing Transit + + + rs-client + RS Client + + + rs-server + Route Server + + + (provider|rs-server|rs-client|customer|peer) + + BGP local-role must be one of the following: customer, peer, provider, rs-client or rs-server + + + + + Neighbor must send this exact capability, otherwise a role missmatch notification will be sent + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-override-capability.xml.i b/interface-definitions/include/bgp/neighbor-override-capability.xml.i new file mode 100644 index 0000000..1ef28b2 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-override-capability.xml.i @@ -0,0 +1,8 @@ + + + + Ignore capability negotiation with specified neighbor + + + + diff --git a/interface-definitions/include/bgp/neighbor-passive.xml.i b/interface-definitions/include/bgp/neighbor-passive.xml.i new file mode 100644 index 0000000..c7d867a --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-passive.xml.i @@ -0,0 +1,8 @@ + + + + Do not initiate a session with this neighbor + + + + diff --git a/interface-definitions/include/bgp/neighbor-password.xml.i b/interface-definitions/include/bgp/neighbor-password.xml.i new file mode 100644 index 0000000..3a7eaaa --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-password.xml.i @@ -0,0 +1,7 @@ + + + + BGP MD5 password + + + diff --git a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i new file mode 100644 index 0000000..399a6bc --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i @@ -0,0 +1,34 @@ + + + + Manipulate path attributes from incoming UPDATE messages + + + + + Drop specified attributes from incoming UPDATE messages + + u32:1-255 + Attribute number + + + + + + + + + + Treat-as-withdraw any incoming BGP UPDATE messages that contain the specified attribute + + u32:1-255 + Attribute number + + + + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-shutdown.xml.i b/interface-definitions/include/bgp/neighbor-shutdown.xml.i new file mode 100644 index 0000000..acc7bc5 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-shutdown.xml.i @@ -0,0 +1,8 @@ + + + + Administratively shutdown this neighbor + + + + diff --git a/interface-definitions/include/bgp/neighbor-ttl-security.xml.i b/interface-definitions/include/bgp/neighbor-ttl-security.xml.i new file mode 100644 index 0000000..6def1fe --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-ttl-security.xml.i @@ -0,0 +1,21 @@ + + + + Ttl security mechanism + + + + + Number of the maximum number of hops to the BGP peer + + u32:1-254 + Number of hops + + + + + + + + + diff --git a/interface-definitions/include/bgp/neighbor-update-source.xml.i b/interface-definitions/include/bgp/neighbor-update-source.xml.i new file mode 100644 index 0000000..92e8171 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-update-source.xml.i @@ -0,0 +1,28 @@ + + + + + Source IP of routing updates + + + + + + ipv4 + IPv4 address of route source + + + ipv6 + IPv6 address of route source + + + txt + Interface as route source + + + + #include + + + + diff --git a/interface-definitions/include/bgp/peer-group.xml.i b/interface-definitions/include/bgp/peer-group.xml.i new file mode 100644 index 0000000..c80d4a3 --- /dev/null +++ b/interface-definitions/include/bgp/peer-group.xml.i @@ -0,0 +1,14 @@ + + + + Peer group for this peer + + ${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-5} peer-group + + + txt + Peer-group name + + + + diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i new file mode 100644 index 0000000..0f05625 --- /dev/null +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -0,0 +1,1868 @@ + + + + BGP address-family parameters + + + + + IPv4 BGP settings + + + + + BGP aggregate network + + ipv4net + BGP aggregate network + + + + + + + #include + + + + + Administrative distances for BGP routes + + + + + eBGP routes administrative distance + + u32:1-255 + eBGP routes administrative distance + + + + + + + + + iBGP routes administrative distance + + u32:1-255 + iBGP routes administrative distance + + + + + + + + + Locally originated BGP routes administrative distance + + u32:1-255 + Locally originated BGP routes administrative distance + + + + + + + + + Administrative distance for a specific BGP prefix + + ipv4net + Administrative distance for a specific BGP prefix + + + + + + + + + Administrative distance for prefix + + u32:1-255 + Administrative distance for external BGP routes + + + + + + + + + + + #include + #include + #include + + + BGP network + + ipv4net + BGP network + + + + + + + + + Network as a backdoor route + + + + #include + + + #include + #include + #include + #include + + + Redistribute routes from other protocols into BGP + + + + + Redistribute connected routes into BGP + + + #include + + + + + Redistribute IS-IS routes into BGP + + + #include + + + + + Redistribute kernel routes into BGP + + + #include + + + + + Redistribute OSPF routes into BGP + + + #include + + + + + Redistribute RIP routes into BGP + + + #include + + + + + Redistribute Babel routes into BGP + + + #include + + + + + Redistribute static routes into BGP + + + #include + + + + + Redistribute non-main Kernel Routing Table + + + + + #include + + + + + Multicast IPv4 BGP settings + + + + + BGP aggregate network/prefix + + ipv4net + BGP aggregate network/prefix + + + + + + + #include + + + + + Administrative distances for BGP routes + + + + + eBGP routes administrative distance + + u32:1-255 + eBGP routes administrative distance + + + + + + + + + iBGP routes administrative distance + + u32:1-255 + iBGP routes administrative distance + + + + + + + + + Locally originated BGP routes administrative distance + + u32:1-255 + Locally originated BGP routes administrative distance + + + + + + + + + Administrative distance for a specific BGP prefix + + ipv4net + Administrative distance for a specific BGP prefix + + + + + + + + + Administrative distance for prefix + + u32:1-255 + Administrative distance for external BGP routes + + + + + + + + + + + + + Import BGP network/prefix into multicast IPv4 RIB + + ipv4net + Multicast IPv4 BGP network/prefix + + + + + + + + + Use BGP network/prefix as a backdoor route + + + + #include + + + + + + + Labeled Unicast IPv4 BGP settings + + + + + BGP aggregate network/prefix + + ipv4net + BGP aggregate network/prefix + + + + + + + #include + + + + + Import BGP network/prefix into labeled unicast IPv4 RIB + + ipv4net + Labeled Unicast IPv4 BGP network/prefix + + + + + + + + + Use BGP network/prefix as a backdoor route + + + + #include + + + #include + + + + + Flowspec IPv4 BGP settings + + + + + Apply local policy routing to interface + + + #include + + + + + + + Unicast VPN IPv4 BGP settings + + + + + Import BGP network/prefix into unicast VPN IPv4 RIB + + ipv4net + Unicast VPN IPv4 BGP network/prefix + + + + + + + #include + #include + + + + + + + IPv6 BGP settings + + + + + BGP aggregate network + + ipv6net + Aggregate network + + + + + + + #include + + + + + Administrative distances for BGP routes + + + + + eBGP routes administrative distance + + u32:1-255 + eBGP routes administrative distance + + + + + + + + + iBGP routes administrative distance + + u32:1-255 + iBGP routes administrative distance + + + + + + + + + Locally originated BGP routes administrative distance + + u32:1-255 + Locally originated BGP routes administrative distance + + + + + + + + + Administrative distance for a specific BGP prefix + + ipv6net + Administrative distance for a specific BGP prefix + + + + + + + + + Administrative distance for prefix + + u32:1-255 + Administrative distance for external BGP routes + + + + + + + + + + + #include + #include + #include + + + BGP network + + ipv6net + Aggregate network + + + + + + + #include + #include + + + #include + #include + #include + #include + + + Redistribute routes from other protocols into BGP + + + + + Redistribute connected routes into BGP + + + #include + + + + + Redistribute kernel routes into BGP + + + #include + + + + + Redistribute OSPFv3 routes into BGP + + + #include + + + + + Redistribute RIPng routes into BGP + + + #include + + + + + Redistribute Babel routes into BGP + + + #include + + + + + Redistribute static routes into BGP + + + #include + + + + + Redistribute non-main Kernel Routing Table + + + + + #include + + + + + Multicast IPv6 BGP settings + + + + + BGP aggregate network/prefix + + ipv6net + BGP aggregate network/prefix + + + + + + + #include + + + + + Administrative distances for BGP routes + + + + + eBGP routes administrative distance + + u32:1-255 + eBGP routes administrative distance + + + + + + + + + iBGP routes administrative distance + + u32:1-255 + iBGP routes administrative distance + + + + + + + + + Locally originated BGP routes administrative distance + + u32:1-255 + Locally originated BGP routes administrative distance + + + + + + + + + Administrative distance for a specific BGP prefix + + ipv6net + Administrative distance for a specific BGP prefix + + + + + + + + + Administrative distance for prefix + + u32:1-255 + Administrative distance for external BGP routes + + + + + + + + + + + + + Import BGP network/prefix into multicast IPv6 RIB + + ipv6net + Multicast IPv6 BGP network/prefix + + + + + + + #include + #include + + + + + + + Labeled Unicast IPv6 BGP settings + + + + + BGP aggregate network/prefix + + ipv6net + BGP aggregate network/prefix + + + + + + + #include + + + + + Import BGP network/prefix into labeled unicast IPv6 RIB + + ipv6net + Labeled Unicast IPv6 BGP network/prefix + + + + + + + + + Use BGP network/prefix as a backdoor route + + + + #include + + + + + + + Flowspec IPv6 BGP settings + + + + + Apply local policy routing to interface + + + + + Interface + + + + + + + + + + + + + Unicast VPN IPv6 BGP settings + + + + + Import BGP network/prefix into unicast VPN IPv6 RIB + + ipv6net + Unicast VPN IPv6 BGP network/prefix + + + + + + + #include + #include + + + + + + + L2VPN EVPN BGP settings + + + + + Advertise prefix routes + + + + + IPv4 address family + + + #include + + + + + IPv6 address family + + + #include + + + + + + + Advertise All local VNIs + + + + #include + + + EVPN system primary IP + + ipv4 + IP address + + + + + + + + + Auto derivation of Route Target (RFC8365) + + + + + + Originate a default route + + + + + IPv4 address family + + + + + + IPv6 address family + + + + + + + + Activate PE on EAD-ES even if EAD-EVI is not received + + + + + + Do not advertise EAD-EVI for local ESs + + + + + + EAD ES fragment config + + + + + EVIs per-fragment + + u32:1-1000 + limit + + + + + + + + + + + EAD ES Route Target + + + + + Route Target export + + txt + Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN) + + + + + + + + + + + + Specify handling for BUM packets + + + #include + + + Flood BUM packets using head-end replication + + + + + + + + EVPN MAC-VRF + + + + + Site-of-Origin extended community + + ASN:NN + based on autonomous system number in format <0-65535:0-4294967295> + + + IP:NN + Based on a router-id IP address in format <IP:0-65535> + + + + + Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number + + + + + + + VXLAN Network Identifier + + u32:1-16777215 + VNI number + + + + + + + #include + + + + + + + + + BGP Monitoring Protocol (BMP) + + + + + Maximum memory used for buffered mirroring messages (in bytes) + + u32:0-4294967294 + Limit in bytes + + + + + + + + + BMP target + + + #include + #include + + 5000 + + + + Minimum connection retry interval (in milliseconds) + + u32:100-86400000 + Minimum connection retry interval + + + + + + 1000 + + + + Maximum connection retry interval + + u32:100-4294967295 + Maximum connection retry interval + + + + + + 2000 + + + + Send BMP route mirroring messages + + + + + + Send BMP route monitoring messages + + + + + Address family IPv4 unicast + + + #include + + + + + Address family IPv6 unicast + + + #include + + + + + + + + + + + Configure interface related parameters, e.g. MPLS + + + + + txt + Interface name + + + #include + + + + + + MPLS options + + + + + Enable MPLS forwarding for eBGP directly connected peers + + + + + + + + + + Listen for and accept BGP dynamic neighbors from range + + + + + Maximum number of dynamic neighbors that can be created + + u32:1-5000 + BGP neighbor limit + + + + + + + + + BGP dynamic neighbors listen range + + ipv4net + IPv4 dynamic neighbors listen range + + + ipv6net + IPv6 dynamic neighbors listen range + + + + + + + + #include + + + + + + + Autonomous System Number (ASN) + + u32:1-4294967294 + Autonomous System Number + + + + + + + + + BGP neighbor + + ipv4 + BGP neighbor IP address + + + ipv6 + BGP neighbor IPv6 address + + + txt + Interface name + + + + #include + + + + + + Address-family parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + + + Minimum interval for sending routing updates + + u32:0-600 + Advertisement interval in seconds + + + + + + + #include + #include + #include + #include + #include + #include + #include + + + Interface parameters + + + #include + #include + #include + + + Enable BGP with v6 link-local only + + + #include + #include + + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + Do not send back prefixes learned from the neighbor + + + + + + Ensure the first AS in the AS path matches the peer AS + + + + + + Enable strict capability negotiation + + + + + + Neighbor timers + + + + + BGP connect timer for this neighbor + + u32:1-65535 + Connect timer in seconds + + + 0 + Disable connect timer + + + + + + + #include + #include + + + #include + #include + #include + + + + + BGP parameters + + + + + Allow Martian nexthops to be received in the NLRI from a peer + + + + + + Disable checking if nexthop is connected on eBGP session + + + + + + Always compare MEDs from different neighbors + + + + + + Default bestpath selection mechanism + + + + + AS-path attribute comparison parameters + + + + + Compare AS-path lengths including confederation sets and sequences + + + + + + Ignore AS-path length in selecting a route + + + + + + Allow load sharing across routes that have different AS paths (but same length) + + + + + + + + Link Bandwidth attribute + + default-weight-for-missing ignore skip-missing + + + default-weight-for-missing + Assign low default weight (1) to paths not having link bandwidth + + + ignore + Ignore link bandwidth (do regular ECMP, not weighted) + + + skip-missing + Ignore paths without link bandwidth for ECMP (if other paths have it) + + + (default-weight-for-missing|ignore|skip-missing) + + + + + + Compare the router-id for identical EBGP paths + + + + + + MED attribute comparison parameters + + confed missing-as-worst + + + confed + Compare MEDs among confederation paths + + + missing-as-worst + Treat missing route as a MED as the least preferred one + + + (confed|missing-as-worst) + + + + + + + Peer type + + + + + Allow load sharing across routes learned from different peer types + + + + + + + + + + Route-reflector cluster-id + + ipv4 + Route-reflector cluster-id + + + + + + + + + AS confederation parameters + + + + + Confederation AS identifier + + u32:1-4294967294 + Confederation AS id + + + + + + + + + Peer ASs in the BGP confederation + + u32:1-4294967294 + Peer AS number + + + + + + + + + + + + Conditional advertisement settings + + + + + Set period to rescan BGP table to check if condition is met + + u32:5-240 + Period to rerun the conditional advertisement scanner process + + + + + + 60 + + + + + + Enable route-flap dampening + + + + + Half-life time for dampening + + u32:1-45 + Half-life penalty in minutes + + + + + + + + + Maximum duration to suppress a stable route + + u32:1-255 + Maximum suppress duration in minutes + + + + + + + + + Threshold to start reusing a route + + u32:1-20000 + Re-use penalty points + + + + + + + + + When to start suppressing a route + + u32:1-20000 + Start-suppress penalty points + + + + + + + + + + + BGP defaults + + + + + Default local preference + + u32 + Local preference + + + + + + + + + + + Compare MEDs between different peers in the same AS + + + + + + Administratives distances for BGP routes + + + + + Global administratives distances for BGP routes + + + + + Administrative distance for external BGP routes + + u32:1-255 + Administrative distance for external BGP routes + + + + + + + + + Administrative distance for internal BGP routes + + u32:1-255 + Administrative distance for internal BGP routes + + + + + + + + + Administrative distance for local BGP routes + + u32:1-255 + Administrative distance for internal BGP routes + + + + + + + + + + + Administrative distance for a specific BGP prefix + + ipv4net + Administrative distance for a specific BGP prefix + + + + + + + + + Administrative distance for prefix + + u32:1-255 + Administrative distance for external BGP routes + + + + + + + + + + + + + Require in and out policy for eBGP peers (RFC8212) + + + + + + Teardown sessions immediately whenever peer becomes unreachable + + + + + + Graceful restart capability parameters + + + + + Maximum time to hold onto restarting neighbors stale paths + + u32:1-3600 + Hold time in seconds + + + + + + + + + + + Graceful shutdown + + + + + + Do not send hard reset CEASE Notification for 'Administrative Reset' + + + + + + BGP Labeled-unicast options + + explicit-null ipv4-explicit-null ipv6-explicit-null + + + explicit-null + Use explicit-null label values for all local prefixes + + + ipv4-explicit-null + Use IPv4 explicit-null label value for IPv4 local prefixes + + + ipv6-explicit-null + Use IPv6 explicit-null label value for IPv4 local prefixes + + + (explicit-null|ipv4-explicit-null|ipv6-explicit-null) + + + + + + Log neighbor up/down changes and reset reason + + + + + + BGP minimum holdtime + + u32:1-65535 + Minimum holdtime in seconds + + + + + + + + + Enable IGP route check for network statements + + + + + + Route reflector client allow policy outbound + + + + + + Disable client to client route reflection + + + + + + Disable immediate session reset on peer link down event + + + + + + Disable suppress duplicate updates if the route actually not changed + + + + + + Reject routes with AS_SET or AS_CONFED_SET flag + + + + + + Administrative shutdown of the BGP instance + + + + + + Advertise only routes that are programmed in kernel to peers + + + + #include + + + TCP keepalive parameters + + + + + TCP keepalive idle time + + u32:1-65535 + Idle time in seconds + + + + + + + + + TCP keepalive interval + + u32:1-65535 + Interval in seconds + + + + + + + + + TCP keepalive maximum probes + + u32:1-30 + Maximum probes + + + + + + + + + + + + + Name of peer-group + + #include + + + + + + Address-family parameters + + + #include + #include + #include + #include + #include + #include + #include + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + + + Segment-Routing SRv6 configuration + + + + + Specify SRv6 locator + + txt + SRv6 locator name + + + #include + + + + + + + + SID value for VRF + + + + + Between current VRF and VPN + + + + + SID per-VRF (both IPv4 and IPv6 address families) + + + + + For routes leaked from current VRF to VPN + + auto + + + u32:1-1048575 + SID allocation index + + + auto + Automatically assign a label + + + auto + + + + + + + + + + + + + BGP protocol timers + + + #include + #include + + + diff --git a/interface-definitions/include/bgp/remote-as.xml.i b/interface-definitions/include/bgp/remote-as.xml.i new file mode 100644 index 0000000..79d3b95 --- /dev/null +++ b/interface-definitions/include/bgp/remote-as.xml.i @@ -0,0 +1,27 @@ + + + + Neighbor BGP AS number + + external internal + + + u32:1-4294967294 + Neighbor AS number + + + external + Any AS different from the local AS + + + internal + Neighbor AS number + + + + (external|internal) + + Invalid AS number + + + diff --git a/interface-definitions/include/bgp/route-distinguisher.xml.i b/interface-definitions/include/bgp/route-distinguisher.xml.i new file mode 100644 index 0000000..8bc5b45 --- /dev/null +++ b/interface-definitions/include/bgp/route-distinguisher.xml.i @@ -0,0 +1,14 @@ + + + + Route Distinguisher + + ASN:NN_OR_IP-ADDRESS:NN + Route Distinguisher, (x.x.x.x:yyy|xxxx:yyyy) + + + + + + + diff --git a/interface-definitions/include/bgp/timers-holdtime.xml.i b/interface-definitions/include/bgp/timers-holdtime.xml.i new file mode 100644 index 0000000..31e97f6 --- /dev/null +++ b/interface-definitions/include/bgp/timers-holdtime.xml.i @@ -0,0 +1,18 @@ + + + + Hold timer + + u32:1-65535 + Hold timer in seconds + + + 0 + Disable hold timer + + + + + + + diff --git a/interface-definitions/include/bgp/timers-keepalive.xml.i b/interface-definitions/include/bgp/timers-keepalive.xml.i new file mode 100644 index 0000000..b23f96e --- /dev/null +++ b/interface-definitions/include/bgp/timers-keepalive.xml.i @@ -0,0 +1,14 @@ + + + + BGP keepalive interval for this neighbor + + u32:1-65535 + Keepalive interval in seconds + + + + + + + diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i new file mode 100644 index 0000000..3cde2a4 --- /dev/null +++ b/interface-definitions/include/certificate-ca.xml.i @@ -0,0 +1,14 @@ + + + + Certificate Authority in x509 PEM format + + filename + File in /config/auth directory + + + + + + + diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i new file mode 100644 index 0000000..2c4d81f --- /dev/null +++ b/interface-definitions/include/certificate-key.xml.i @@ -0,0 +1,14 @@ + + + + Certificate private key in x509 PEM format + + filename + File in /config/auth directory + + + + + + + diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i new file mode 100644 index 0000000..6a5b293 --- /dev/null +++ b/interface-definitions/include/certificate.xml.i @@ -0,0 +1,14 @@ + + + + Certificate public key in x509 PEM format + + filename + File in /config/auth directory + + + + + + + diff --git a/interface-definitions/include/conntrack/log-protocols.xml.i b/interface-definitions/include/conntrack/log-protocols.xml.i new file mode 100644 index 0000000..0192507 --- /dev/null +++ b/interface-definitions/include/conntrack/log-protocols.xml.i @@ -0,0 +1,26 @@ + + + + Log connection tracking events for ICMP + + + + + + Log connection tracking events for all protocols other than TCP, UDP and ICMP + + + + + + Log connection tracking events for TCP + + + + + + Log connection tracking events for UDP + + + + diff --git a/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i new file mode 100644 index 0000000..e6bff7e --- /dev/null +++ b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i @@ -0,0 +1,136 @@ + + + + TCP connection timeout options + + + + + TCP CLOSE-WAIT timeout in seconds + + u32:1-21474836 + TCP CLOSE-WAIT timeout in seconds + + + + + + + + + TCP CLOSE timeout in seconds + + u32:1-21474836 + TCP CLOSE timeout in seconds + + + + + + + + + TCP ESTABLISHED timeout in seconds + + u32:1-21474836 + TCP ESTABLISHED timeout in seconds + + + + + + + + + TCP FIN-WAIT timeout in seconds + + u32:1-21474836 + TCP FIN-WAIT timeout in seconds + + + + + + + + + TCP LAST-ACK timeout in seconds + + u32:1-21474836 + TCP LAST-ACK timeout in seconds + + + + + + + + + TCP SYN-RECEIVED timeout in seconds + + u32:1-21474836 + TCP SYN-RECEIVED timeout in seconds + + + + + + + + + TCP SYN-SENT timeout in seconds + + u32:1-21474836 + TCP SYN-SENT timeout in seconds + + + + + + + + + TCP TIME-WAIT timeout in seconds + + u32:1-21474836 + TCP TIME-WAIT timeout in seconds + + + + + + + + + + + UDP timeout options + + + + + Timeout for UDP connection seen in both directions + + u32:1-21474836 + Timeout for UDP connection seen in both directions + + + + + + + + + Timeout for unreplied UDP + + u32:1-21474836 + Timeout for unreplied UDP + + + + + + + + + diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i new file mode 100644 index 0000000..34c94e5 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i @@ -0,0 +1,3 @@ + +[-_a-zA-Z0-9][\w\-\.\+]* + diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i new file mode 100644 index 0000000..399f2e1 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i @@ -0,0 +1,3 @@ + +[-_a-zA-Z0-9]+ + diff --git a/interface-definitions/include/constraint/container-network.xml.i b/interface-definitions/include/constraint/container-network.xml.i new file mode 100644 index 0000000..6f0f06d --- /dev/null +++ b/interface-definitions/include/constraint/container-network.xml.i @@ -0,0 +1,6 @@ + + + [-_a-zA-Z0-9]{1,11} + +Network name cannot be longer than 11 characters + diff --git a/interface-definitions/include/constraint/dhcp-client-string-option.xml.i b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i new file mode 100644 index 0000000..0e3fb8a --- /dev/null +++ b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i @@ -0,0 +1,4 @@ + +[-_a-zA-Z0-9.\s]+ +([a-fA-F0-9][a-fA-F0-9]:){2,}[a-fA-F0-9][a-fA-F0-9] + diff --git a/interface-definitions/include/constraint/email.xml.i b/interface-definitions/include/constraint/email.xml.i new file mode 100644 index 0000000..b19a88d --- /dev/null +++ b/interface-definitions/include/constraint/email.xml.i @@ -0,0 +1,3 @@ + +[^\s@]+@([^\s@.,]+\.)+[^\s@.,]{2,} + diff --git a/interface-definitions/include/constraint/host-name.xml.i b/interface-definitions/include/constraint/host-name.xml.i new file mode 100644 index 0000000..5943772 --- /dev/null +++ b/interface-definitions/include/constraint/host-name.xml.i @@ -0,0 +1,3 @@ + +[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9] + diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i new file mode 100644 index 0000000..adff530 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i @@ -0,0 +1,4 @@ + +(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|lo + + diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i new file mode 100644 index 0000000..3e7c4e6 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name.xml.i @@ -0,0 +1,4 @@ + +(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo + + diff --git a/interface-definitions/include/constraint/login-username.xml.i b/interface-definitions/include/constraint/login-username.xml.i new file mode 100644 index 0000000..09a68b7 --- /dev/null +++ b/interface-definitions/include/constraint/login-username.xml.i @@ -0,0 +1,3 @@ + +[-_a-zA-Z0-9.]{1,100} + diff --git a/interface-definitions/include/constraint/vrf.xml.i b/interface-definitions/include/constraint/vrf.xml.i new file mode 100644 index 0000000..a1922bb --- /dev/null +++ b/interface-definitions/include/constraint/vrf.xml.i @@ -0,0 +1,6 @@ + + + + +VRF instance name must be 15 characters or less and can not\nbe named as regular network interfaces.\nA name must starts from a letter.\n + diff --git a/interface-definitions/include/dhcp-interface-multi.xml.i b/interface-definitions/include/dhcp-interface-multi.xml.i new file mode 100644 index 0000000..0db11cf --- /dev/null +++ b/interface-definitions/include/dhcp-interface-multi.xml.i @@ -0,0 +1,18 @@ + + + + DHCP interface supplying next-hop IP address + + + + + txt + DHCP interface name + + + #include + + + + + \ No newline at end of file diff --git a/interface-definitions/include/dhcp-interface.xml.i b/interface-definitions/include/dhcp-interface.xml.i new file mode 100644 index 0000000..b5c94cb --- /dev/null +++ b/interface-definitions/include/dhcp-interface.xml.i @@ -0,0 +1,15 @@ + + + DHCP interface supplying next-hop IP address + + + + + txt + DHCP interface name + + + #include + + + diff --git a/interface-definitions/include/dhcp/captive-portal.xml.i b/interface-definitions/include/dhcp/captive-portal.xml.i new file mode 100644 index 0000000..643f055 --- /dev/null +++ b/interface-definitions/include/dhcp/captive-portal.xml.i @@ -0,0 +1,11 @@ + + + + Captive portal API endpoint + + txt + Captive portal API endpoint + + + + diff --git a/interface-definitions/include/dhcp/domain-name.xml.i b/interface-definitions/include/dhcp/domain-name.xml.i new file mode 100644 index 0000000..410e27d --- /dev/null +++ b/interface-definitions/include/dhcp/domain-name.xml.i @@ -0,0 +1,11 @@ + + + + Client Domain Name + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_ + + + diff --git a/interface-definitions/include/dhcp/domain-search.xml.i b/interface-definitions/include/dhcp/domain-search.xml.i new file mode 100644 index 0000000..bcc8fcd --- /dev/null +++ b/interface-definitions/include/dhcp/domain-search.xml.i @@ -0,0 +1,12 @@ + + + + Client Domain Name search list + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers, period, and underscore. + + + + diff --git a/interface-definitions/include/dhcp/ntp-server.xml.i b/interface-definitions/include/dhcp/ntp-server.xml.i new file mode 100644 index 0000000..4d7235a --- /dev/null +++ b/interface-definitions/include/dhcp/ntp-server.xml.i @@ -0,0 +1,15 @@ + + + + IP address of NTP server + + ipv4 + NTP server IPv4 address + + + + + + + + diff --git a/interface-definitions/include/dhcp/option-v4.xml.i b/interface-definitions/include/dhcp/option-v4.xml.i new file mode 100644 index 0000000..bd6fc60 --- /dev/null +++ b/interface-definitions/include/dhcp/option-v4.xml.i @@ -0,0 +1,257 @@ + + + + DHCP option + + + #include + #include + #include + #include + #include + + + Bootstrap file name + + [[:ascii:]]{1,253} + + + + + + Server from which the initial boot file is to be loaded + + ipv4 + Bootfile server IPv4 address + + + hostname + Bootfile server FQDN + + + + + + + + + + Bootstrap file size + + u32:1-16 + Bootstrap file size in 512 byte blocks + + + + + + + + + Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used. + + u32:0-32 + DHCP client prefix length must be 0 to 32 + + + + + DHCP client prefix length must be 0 to 32 + + + + + IP address of default router + + ipv4 + Default router IPv4 address + + + + + + + + + Enable IP forwarding on client + + + + + + Disable IPv4 on IPv6 only hosts (RFC 8925) + + u32 + Seconds + + + + + Seconds must be between 0 and 4294967295 (49 days) + + + + + IP address of POP3 server + + ipv4 + POP3 server IPv4 address + + + + + + + + + + Address for DHCP server identifier + + ipv4 + DHCP server identifier IPv4 address + + + + + + + + + IP address of SMTP server + + ipv4 + SMTP server IPv4 address + + + + + + + + + + Classless static route destination subnet + + ipv4net + IPv4 address and prefix length + + + + + + + + + IP address of router to be used to reach the destination subnet + + ipv4 + IPv4 address of router + + + + + + + + + + + TFTP server name + + ipv4 + TFTP server IPv4 address + + + hostname + TFTP server FQDN + + + + + + + + + + Client subnet offset in seconds from Coordinated Universal Time (UTC) + + [-]N + Time offset (number, may be negative) + + + -?[0-9]+ + + Invalid time offset value + + + + + IP address of time server + + ipv4 + Time server IPv4 address + + + + + + + + + + Time zone to send to clients. Uses RFC4833 options 100 and 101 + + + + + + + + + + + Vendor Specific Options + + + + + Ubiquiti specific parameters + + + + + Address of UniFi controller + + ipv4 + IP address of UniFi controller + + + + + + + + + + + + + IP address for Windows Internet Name Service (WINS) server + + ipv4 + WINS server IPv4 address + + + + + + + + + + Web Proxy Autodiscovery (WPAD) URL + + + + + diff --git a/interface-definitions/include/dhcp/option-v6.xml.i b/interface-definitions/include/dhcp/option-v6.xml.i new file mode 100644 index 0000000..e1897f5 --- /dev/null +++ b/interface-definitions/include/dhcp/option-v6.xml.i @@ -0,0 +1,122 @@ + + + + DHCPv6 option + + + #include + #include + #include + + + NIS domain name for client to use + + #include + + Invalid NIS domain name + + + + + IPv6 address of a NIS Server + + ipv6 + IPv6 address of NIS server + + + + + + + + + + NIS+ domain name for client to use + + #include + + Invalid NIS+ domain name. May only contain letters, numbers and .-_ + + + + + IPv6 address of a NIS+ Server + + ipv6 + IPv6 address of NIS+ server + + + + + + + + + + IPv6 address of SIP server + + ipv6 + IPv6 address of SIP server + + + hostname + FQDN of SIP server + + + + + + + + + + + IPv6 address of an SNTP server for client to use + + + + + + + + + Time (in seconds) that stateless clients should wait between refreshing the information they were given + + u32:1-4294967295 + DHCPv6 information refresh time + + + + + + + + + Vendor Specific Options + + + + + Cisco specific parameters + + + + + TFTP server name + + ipv6 + TFTP server IPv6 address + + + + + + + + + + + + + + diff --git a/interface-definitions/include/dns/time-to-live.xml.i b/interface-definitions/include/dns/time-to-live.xml.i new file mode 100644 index 0000000..000eea1 --- /dev/null +++ b/interface-definitions/include/dns/time-to-live.xml.i @@ -0,0 +1,14 @@ + + + + Time-to-live (TTL) + + u32:0-2147483647 + TTL in seconds + + + + + + + diff --git a/interface-definitions/include/eigrp/protocol-common-config.xml.i b/interface-definitions/include/eigrp/protocol-common-config.xml.i new file mode 100644 index 0000000..a8290f7 --- /dev/null +++ b/interface-definitions/include/eigrp/protocol-common-config.xml.i @@ -0,0 +1,125 @@ + + + + Autonomous System Number (ASN) + + u32:1-65535 + Autonomous System Number + + + + + + + + + Forward packets over multiple paths + + u32:1-32 + Number of paths + + + + + + + + + Modify metrics and parameters for advertisement + + + + + Modify metric coefficients + + u32:0-255 + K1 + + + + + + + + + + + Enable routing on an IP network + + ipv4net + EIGRP network prefix + + + + + + + + + + Suppress routing updates on an interface + + + + + + + + + Redistribute information from another routing protocol + + bgp + Border Gateway Protocol (BGP) + + + connected + Connected routes + + + nhrp + Next Hop Resolution Protocol (NHRP) + + + ospf + Open Shortest Path First (OSPFv2) + + + rip + Routing Information Protocol (RIP) + + + babel + Babel routing protocol (Babel) + + + static + Statically configured routes + + + vnc + Virtual Network Control (VNC) + + + bgp connected nhrp ospf rip static vnc + + + (bgp|connected|nhrp|ospf|rip|babel|static|vnc) + + + + +#include + + + + Control load balancing variance + + u32:1-128 + Metric variance multiplier + + + + + + + diff --git a/interface-definitions/include/firewall/action-accept-drop-reject.xml.i b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i new file mode 100644 index 0000000..7fd5231 --- /dev/null +++ b/interface-definitions/include/firewall/action-accept-drop-reject.xml.i @@ -0,0 +1,25 @@ + + + + Action for packets + + accept drop reject + + + accept + Action to accept + + + drop + Action to drop + + + reject + Action to reject + + + (accept|drop|reject) + + + + diff --git a/interface-definitions/include/firewall/action-and-notrack.xml.i b/interface-definitions/include/firewall/action-and-notrack.xml.i new file mode 100644 index 0000000..de11f7d --- /dev/null +++ b/interface-definitions/include/firewall/action-and-notrack.xml.i @@ -0,0 +1,45 @@ + + + + Rule action + + accept continue jump notrack reject return drop queue + + + accept + Accept matching entries + + + continue + Continue parsing next rule + + + jump + Jump to another chain + + + reject + Reject matching entries + + + return + Return from the current chain and continue at the next rule of the last chain + + + drop + Drop matching entries + + + queue + Enqueue packet to userspace + + + notrack + Ignore connection tracking + + + (accept|continue|jump|notrack|reject|return|drop|queue) + + + + diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i new file mode 100644 index 0000000..4e59f3c --- /dev/null +++ b/interface-definitions/include/firewall/action-forward.xml.i @@ -0,0 +1,49 @@ + + + + Rule action + + accept continue jump reject return drop queue offload synproxy + + + accept + Accept matching entries + + + continue + Continue parsing next rule + + + jump + Jump to another chain + + + reject + Reject matching entries + + + return + Return from the current chain and continue at the next rule of the last chain + + + drop + Drop matching entries + + + queue + Enqueue packet to userspace + + + offload + Offload packet via flowtable + + + synproxy + Synproxy connections + + + (accept|continue|jump|reject|return|drop|queue|offload|synproxy) + + + + diff --git a/interface-definitions/include/firewall/action-l2.xml.i b/interface-definitions/include/firewall/action-l2.xml.i new file mode 100644 index 0000000..84af576 --- /dev/null +++ b/interface-definitions/include/firewall/action-l2.xml.i @@ -0,0 +1,37 @@ + + + + Rule action + + accept continue jump return drop queue + + + accept + Accept matching entries + + + continue + Continue parsing next rule + + + jump + Jump to another chain + + + return + Return from the current chain and continue at the next rule of the last chain + + + drop + Drop matching entries + + + queue + Enqueue packet to userspace + + + (accept|continue|jump|return|drop|queue) + + + + diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i new file mode 100644 index 0000000..e1f0c6c --- /dev/null +++ b/interface-definitions/include/firewall/action.xml.i @@ -0,0 +1,49 @@ + + + + Rule action + + accept continue jump reject return drop queue offload synproxy + + + accept + Accept matching entries + + + continue + Continue parsing next rule + + + jump + Jump to another chain + + + reject + Reject matching entries + + + return + Return from the current chain and continue at the next rule of the last chain + + + drop + Drop matching entries + + + queue + Enqueue packet to userspace + + + offload + Offload packet via flowtable + + + synproxy + Synproxy connections + + + (accept|continue|jump|reject|return|drop|queue|offload|synproxy) + + + + diff --git a/interface-definitions/include/firewall/add-addr-to-group-ipv4.xml.i b/interface-definitions/include/firewall/add-addr-to-group-ipv4.xml.i new file mode 100644 index 0000000..a47cadd --- /dev/null +++ b/interface-definitions/include/firewall/add-addr-to-group-ipv4.xml.i @@ -0,0 +1,25 @@ + + + + Add ip address to dynamic address-group + + + + + Add source ip addresses to dynamic address-group + + + #include + + + + + Add destination ip addresses to dynamic address-group + + + #include + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/add-addr-to-group-ipv6.xml.i b/interface-definitions/include/firewall/add-addr-to-group-ipv6.xml.i new file mode 100644 index 0000000..2cb0774 --- /dev/null +++ b/interface-definitions/include/firewall/add-addr-to-group-ipv6.xml.i @@ -0,0 +1,25 @@ + + + + Add ipv6 address to dynamic ipv6-address-group + + + + + Add source ipv6 addresses to dynamic ipv6-address-group + + + #include + + + + + Add destination ipv6 addresses to dynamic ipv6-address-group + + + #include + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i new file mode 100644 index 0000000..769761c --- /dev/null +++ b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i @@ -0,0 +1,34 @@ + + + + Dynamic address-group + + firewall group dynamic-group address-group + + + + + + Set timeout + + <number>s + Timeout value in seconds + + + <number>m + Timeout value in minutes + + + <number>h + Timeout value in hours + + + <number>d + Timeout value in days + + + \d+(s|m|h|d) + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i new file mode 100644 index 0000000..7bd91c5 --- /dev/null +++ b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i @@ -0,0 +1,34 @@ + + + + Dynamic ipv6-address-group + + firewall group dynamic-group ipv6-address-group + + + + + + Set timeout + + <number>s + Timeout value in seconds + + + <number>m + Timeout value in minutes + + + <number>h + Timeout value in hours + + + <number>d + Timeout value in days + + + \d+(s|m|h|d) + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/address-inet.xml.i b/interface-definitions/include/firewall/address-inet.xml.i new file mode 100644 index 0000000..02ed8f6 --- /dev/null +++ b/interface-definitions/include/firewall/address-inet.xml.i @@ -0,0 +1,63 @@ + + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + !ipv4 + Match everything except the specified address + + + !ipv4net + Match everything except the specified prefix + + + !ipv4range + Match everything except the specified range + + + ipv6net + Subnet to match + + + ipv6range + IP range to match + + + !ipv6 + Match everything except the specified address + + + !ipv6net + Match everything except the specified prefix + + + !ipv6range + Match everything except the specified range + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/address-ipv6.xml.i b/interface-definitions/include/firewall/address-ipv6.xml.i new file mode 100644 index 0000000..fa60c0c --- /dev/null +++ b/interface-definitions/include/firewall/address-ipv6.xml.i @@ -0,0 +1,37 @@ + + + + IP address, subnet, or range + + ipv6 + IP address to match + + + ipv6net + Subnet to match + + + ipv6range + IP range to match + + + !ipv6 + Match everything except the specified address + + + !ipv6net + Match everything except the specified prefix + + + !ipv6range + Match everything except the specified range + + + + + + + + + + diff --git a/interface-definitions/include/firewall/address-mask-inet.xml.i b/interface-definitions/include/firewall/address-mask-inet.xml.i new file mode 100644 index 0000000..e2a5927 --- /dev/null +++ b/interface-definitions/include/firewall/address-mask-inet.xml.i @@ -0,0 +1,19 @@ + + + + IP mask + + ipv4 + IPv4 mask to apply + + + ipv6 + IP mask to apply + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/address-mask-ipv6.xml.i b/interface-definitions/include/firewall/address-mask-ipv6.xml.i new file mode 100644 index 0000000..8c04832 --- /dev/null +++ b/interface-definitions/include/firewall/address-mask-ipv6.xml.i @@ -0,0 +1,14 @@ + + + + IP mask + + ipv6 + IP mask to apply + + + + + + + diff --git a/interface-definitions/include/firewall/address-mask.xml.i b/interface-definitions/include/firewall/address-mask.xml.i new file mode 100644 index 0000000..7f6f17d --- /dev/null +++ b/interface-definitions/include/firewall/address-mask.xml.i @@ -0,0 +1,14 @@ + + + + IP mask + + ipv4 + IPv4 mask to apply + + + + + + + diff --git a/interface-definitions/include/firewall/address.xml.i b/interface-definitions/include/firewall/address.xml.i new file mode 100644 index 0000000..2e1bde5 --- /dev/null +++ b/interface-definitions/include/firewall/address.xml.i @@ -0,0 +1,39 @@ + + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + !ipv4 + Match everything except the specified address + + + !ipv4net + Match everything except the specified prefix + + + !ipv4range + Match everything except the specified range + + + + + + + + + + + + diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i new file mode 100644 index 0000000..9a2a829 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i @@ -0,0 +1,45 @@ + + + + Bridge custom firewall + + [a-zA-Z0-9][\w\-\.]* + + + + #include + #include + #include + + + Set jump target. Action jump must be defined in default-action to use this setting + + firewall bridge name + + + + + + Bridge Firewall forward filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i new file mode 100644 index 0000000..fcc9819 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i @@ -0,0 +1,41 @@ + + + + Bridge forward firewall + + + + + Bridge firewall forward filter + + + #include + #include + #include + + + Bridge Firewall forward filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/bridge-hook-input.xml.i b/interface-definitions/include/firewall/bridge-hook-input.xml.i new file mode 100644 index 0000000..f6a11f8 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-input.xml.i @@ -0,0 +1,40 @@ + + + + Bridge input firewall + + + + + Bridge firewall input filter + + + #include + #include + #include + + + Bridge Firewall input filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/bridge-hook-output.xml.i b/interface-definitions/include/firewall/bridge-hook-output.xml.i new file mode 100644 index 0000000..38b8b08 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-output.xml.i @@ -0,0 +1,40 @@ + + + + Bridge output firewall + + + + + Bridge firewall output filter + + + #include + #include + #include + + + Bridge Firewall output filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i new file mode 100644 index 0000000..ea56764 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i @@ -0,0 +1,37 @@ + + + + Bridge prerouting firewall + + + + + Bridge firewall prerouting filter + + + #include + #include + #include + + + Bridge firewall prerouting filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i new file mode 100644 index 0000000..80088bb --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -0,0 +1,55 @@ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + + Destination parameters + + + #include + #include + #include + #include + #include + + + + + Set jump target. Action jump must be defined to use this setting + + firewall bridge name + + + + + + Source parameters + + + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i new file mode 100644 index 0000000..e44938b --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -0,0 +1,24 @@ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i new file mode 100644 index 0000000..e8da1a0 --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -0,0 +1,47 @@ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + + Destination parameters + + + #include + #include + #include + #include + #include + #include + #include + + + + + Source parameters + + + #include + #include + #include + #include + #include + #include + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i new file mode 100644 index 0000000..803b94b --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i @@ -0,0 +1,44 @@ + +#include +#include +#include +#include + + + Destination parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + + + + + Set jump target. Action jump must be defined to use this setting + + firewall ipv4 name + + + + + + Source parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i new file mode 100644 index 0000000..3f7c5a0 --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i @@ -0,0 +1,49 @@ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + + Destination parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + + + + + Source parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv6.xml.i b/interface-definitions/include/firewall/common-rule-ipv6.xml.i new file mode 100644 index 0000000..bb176fe --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv6.xml.i @@ -0,0 +1,44 @@ + +#include +#include +#include +#include + + + Destination parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + + + + + Set jump target. Action jump must be defined to use this setting + + firewall ipv6 name + + + + + + Source parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/connection-mark.xml.i b/interface-definitions/include/firewall/connection-mark.xml.i new file mode 100644 index 0000000..69f7fe6 --- /dev/null +++ b/interface-definitions/include/firewall/connection-mark.xml.i @@ -0,0 +1,15 @@ + + + + Connection mark + + u32:0-2147483647 + Connection-mark to match + + + + + + + + diff --git a/interface-definitions/include/firewall/connection-status.xml.i b/interface-definitions/include/firewall/connection-status.xml.i new file mode 100644 index 0000000..5236c2f --- /dev/null +++ b/interface-definitions/include/firewall/connection-status.xml.i @@ -0,0 +1,28 @@ + + + + Connection status + + + + + NAT connection status + + destination source + + + destination + Match connections that are subject to destination NAT + + + source + Match connections that are subject to source NAT + + + (destination|source) + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/conntrack-helper.xml.i b/interface-definitions/include/firewall/conntrack-helper.xml.i new file mode 100644 index 0000000..3ca1a03 --- /dev/null +++ b/interface-definitions/include/firewall/conntrack-helper.xml.i @@ -0,0 +1,46 @@ + + + + Match related traffic from conntrack helpers + + ftp h323 pptp nfs sip tftp sqlnet + + + ftp + Related traffic from FTP helper + + + h323 + Related traffic from H.323 helper + + + pptp + Related traffic from PPTP helper + + + nfs + Related traffic from NFS helper + + + rtsp + Related traffic from RTSP helper + + + sip + Related traffic from SIP helper + + + tftp + Related traffic from TFTP helper + + + sqlnet + Related traffic from SQLNet helper + + + (ftp|h323|pptp|nfs|rtsp|sip|tftp|sqlnet) + + + + + diff --git a/interface-definitions/include/firewall/default-action-base-chains.xml.i b/interface-definitions/include/firewall/default-action-base-chains.xml.i new file mode 100644 index 0000000..aa62abf --- /dev/null +++ b/interface-definitions/include/firewall/default-action-base-chains.xml.i @@ -0,0 +1,22 @@ + + + + Default-action for rule-set + + drop accept + + + drop + Drop if no prior rules are hit + + + accept + Accept if no prior rules are hit + + + (drop|accept) + + + accept + + diff --git a/interface-definitions/include/firewall/default-action-bridge.xml.i b/interface-definitions/include/firewall/default-action-bridge.xml.i new file mode 100644 index 0000000..858c7ae --- /dev/null +++ b/interface-definitions/include/firewall/default-action-bridge.xml.i @@ -0,0 +1,34 @@ + + + + Default-action for rule-set + + drop jump return accept continue + + + drop + Drop if no prior rules are hit + + + jump + Jump to another chain if no prior rules are hit + + + return + Return from the current chain and continue at the next rule of the last chain + + + accept + Accept if no prior rules are hit + + + continue + Continue parsing next rule + + + (drop|jump|return|accept|continue) + + + drop + + diff --git a/interface-definitions/include/firewall/default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i new file mode 100644 index 0000000..53a1614 --- /dev/null +++ b/interface-definitions/include/firewall/default-action.xml.i @@ -0,0 +1,38 @@ + + + + Default-action for rule-set + + drop jump reject return accept continue + + + drop + Drop if no prior rules are hit + + + jump + Jump to another chain if no prior rules are hit + + + reject + Drop and notify source if no prior rules are hit + + + return + Return from the current chain and continue at the next rule of the last chain + + + accept + Accept if no prior rules are hit + + + continue + Continue parsing next rule + + + (drop|jump|reject|return|accept|continue) + + + drop + + diff --git a/interface-definitions/include/firewall/default-log.xml.i b/interface-definitions/include/firewall/default-log.xml.i new file mode 100644 index 0000000..dceacdb --- /dev/null +++ b/interface-definitions/include/firewall/default-log.xml.i @@ -0,0 +1,8 @@ + + + + Log packets hitting default-action + + + + diff --git a/interface-definitions/include/firewall/dscp.xml.i b/interface-definitions/include/firewall/dscp.xml.i new file mode 100644 index 0000000..dd4da48 --- /dev/null +++ b/interface-definitions/include/firewall/dscp.xml.i @@ -0,0 +1,36 @@ + + + + DSCP value + + u32:0-63 + DSCP value to match + + + <start-end> + DSCP range to match + + + + + + + + + + DSCP value not to match + + u32:0-63 + DSCP value not to match + + + <start-end> + DSCP range not to match + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/eq.xml.i b/interface-definitions/include/firewall/eq.xml.i new file mode 100644 index 0000000..e1b4f37 --- /dev/null +++ b/interface-definitions/include/firewall/eq.xml.i @@ -0,0 +1,14 @@ + + + + Match on equal value + + u32:0-255 + Equal to value + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i b/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i new file mode 100644 index 0000000..7f34de3 --- /dev/null +++ b/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i @@ -0,0 +1,35 @@ + + + + Define the parameters of the packet header to apply the hashing + + source-address destination-address source-port destination-port random + + + source-address + Use source IP address for hashing + + + destination-address + Use destination IP address for hashing + + + source-port + Use source port for hashing + + + destination-port + Use destination port for hashing + + + random + Do not use information from ip header. Use random value. + + + (source-address|destination-address|source-port|destination-port|random) + + + + random + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/firewall-mark.xml.i b/interface-definitions/include/firewall/firewall-mark.xml.i new file mode 100644 index 0000000..36a939b --- /dev/null +++ b/interface-definitions/include/firewall/firewall-mark.xml.i @@ -0,0 +1,26 @@ + + + + Firewall mark + + u32:0-2147483647 + Firewall mark to match + + + !u32:0-2147483647 + Inverted Firewall mark to match + + + <start-end> + Firewall mark range to match + + + !<start-end> + Firewall mark inverted range to match + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/fqdn.xml.i b/interface-definitions/include/firewall/fqdn.xml.i new file mode 100644 index 0000000..9eb3925 --- /dev/null +++ b/interface-definitions/include/firewall/fqdn.xml.i @@ -0,0 +1,14 @@ + + + + Fully qualified domain name + + <fqdn> + Fully qualified domain name + + + + + + + diff --git a/interface-definitions/include/firewall/fragment.xml.i b/interface-definitions/include/firewall/fragment.xml.i new file mode 100644 index 0000000..1f4c110 --- /dev/null +++ b/interface-definitions/include/firewall/fragment.xml.i @@ -0,0 +1,21 @@ + + + + IP fragment match + + + + + Second and further fragments of fragmented packets + + + + + + Head fragments or unfragmented packets + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/fwmark.xml.i b/interface-definitions/include/firewall/fwmark.xml.i new file mode 100644 index 0000000..4607ef5 --- /dev/null +++ b/interface-definitions/include/firewall/fwmark.xml.i @@ -0,0 +1,14 @@ + + + + Match fwmark value + + u32:1-2147483647 + Match firewall mark value + + + + + + + diff --git a/interface-definitions/include/firewall/geoip.xml.i b/interface-definitions/include/firewall/geoip.xml.i new file mode 100644 index 0000000..9fb37a5 --- /dev/null +++ b/interface-definitions/include/firewall/geoip.xml.i @@ -0,0 +1,28 @@ + + + + GeoIP options - Data provided by DB-IP.com + + + + + GeoIP country code + + <country> + Country code (2 characters) + + + ^(ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw)$ + + + + + + + Inverse match of country-codes + + + + + + diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i new file mode 100644 index 0000000..05fdd75 --- /dev/null +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -0,0 +1,366 @@ + + + + Global Options + + + + + Policy for handling of all IPv4 ICMP echo requests + + enable disable + + + enable + Enable processing of all IPv4 ICMP echo requests + + + disable + Disable processing of all IPv4 ICMP echo requests + + + (enable|disable) + + + enable + + + + Policy for handling broadcast IPv4 ICMP echo and timestamp requests + + enable disable + + + enable + Enable processing of broadcast IPv4 ICMP echo/timestamp requests + + + disable + Disable processing of broadcast IPv4 ICMP echo/timestamp requests + + + (enable|disable) + + + disable + + + + Apply configured firewall rules to traffic switched by bridges + + + + + Accept ARP and DHCP despite they are marked as invalid connection + + + + + + Apply configured IPv4 firewall rules + + + + + + Apply configured IPv6 firewall rules + + + + + + + + Policy for handling IPv4 directed broadcast forwarding on all interfaces + + enable disable + + + enable + Enable IPv4 directed broadcast forwarding on all interfaces + + + disable + Disable IPv4 directed broadcast forwarding on all interfaces + + + (enable|disable) + + + enable + + + + Policy for handling IPv4 packets with source route option + + enable disable + + + enable + Enable processing of IPv4 packets with source route option + + + disable + Disable processing of IPv4 packets with source route option + + + (enable|disable) + + + disable + + + + Policy for logging IPv4 packets with invalid addresses + + enable disable + + + enable + Enable logging of IPv4 packets with invalid addresses + + + disable + Disable logging of Ipv4 packets with invalid addresses + + + (enable|disable) + + + enable + + + + Policy for handling received IPv4 ICMP redirect messages + + enable disable + + + enable + Enable processing of received IPv4 ICMP redirect messages + + + disable + Disable processing of received IPv4 ICMP redirect messages + + + (enable|disable) + + + disable + + + + Retains last successful value if domain resolution fails + + + + + + Domain resolver update interval + + u32:10-3600 + Interval (seconds) + + + + + + 300 + + + + Policy for sending IPv4 ICMP redirect messages + + enable disable + + + enable + Enable sending IPv4 ICMP redirect messages + + + disable + Disable sending IPv4 ICMP redirect messages + + + (enable|disable) + + + enable + + + + Policy for IPv4 source validation by reversed path, as specified in RFC3704 + + strict loose disable + + + strict + Enable IPv4 Strict Reverse Path Forwarding as defined in RFC3704 + + + loose + Enable IPv4 Loose Reverse Path Forwarding as defined in RFC3704 + + + disable + No IPv4 source validation + + + (strict|loose|disable) + + + disable + + + + Global firewall state-policy + + + + + Global firewall policy for packets part of an established connection + + + #include + #include + #include + + + + + Global firewall policy for packets part of an invalid connection + + + #include + #include + #include + + + + + Global firewall policy for packets part of a related connection + + + #include + #include + #include + + + + + + + Policy for using TCP SYN cookies with IPv4 + + enable disable + + + enable + Enable use of TCP SYN cookies with IPv4 + + + disable + Disable use of TCP SYN cookies with IPv4 + + + (enable|disable) + + + enable + + + + Connection timeout options + + + #include + + + + + RFC1337 TCP TIME-WAIT assasination hazards protection + + enable disable + + + enable + Enable RFC1337 TIME-WAIT hazards protection + + + disable + Disable RFC1337 TIME-WAIT hazards protection + + + (enable|disable) + + + disable + + + + Policy for handling received ICMPv6 redirect messages + + enable disable + + + enable + Enable processing of received ICMPv6 redirect messages + + + disable + Disable processing of received ICMPv6 redirect messages + + + (enable|disable) + + + disable + + + + Policy for IPv6 source validation by reversed path, as specified in RFC3704 + + strict loose disable + + + strict + Enable IPv6 Strict Reverse Path Forwarding as defined in RFC3704 + + + loose + Enable IPv6 Loose Reverse Path Forwarding as defined in RFC3704 + + + disable + No IPv6 source validation + + + (strict|loose|disable) + + + disable + + + + Policy for handling IPv6 packets with routing extension header + + enable disable + + + enable + Enable processing of IPv6 packets with routing header type 2 + + + disable + Disable processing of IPv6 packets with routing header + + + (enable|disable) + + + disable + + + + diff --git a/interface-definitions/include/firewall/gre.xml.i b/interface-definitions/include/firewall/gre.xml.i new file mode 100644 index 0000000..e7b9fd5 --- /dev/null +++ b/interface-definitions/include/firewall/gre.xml.i @@ -0,0 +1,116 @@ + + + + GRE fields to match + + + + + GRE flag bits to match + + + + + Header includes optional key field + + + + + Header does not include optional key field + + + + + + + + Header includes optional checksum + + + + + Header does not include optional checksum + + + + + + + + Header includes a sequence number field + + + + + Header does not include a sequence number field + + + + + + + + + + EtherType of encapsulated packet + + ip ip6 arp 802.1q 802.1ad + + + u32:0-65535 + Ethernet protocol number + + + u32:0x0-0xffff + Ethernet protocol number (hex) + + + ip + IPv4 + + + ip6 + IPv6 + + + arp + Address Resolution Protocol + + + 802.1q + VLAN-tagged frames (IEEE 802.1q) + + + 802.1ad + Provider Bridging (IEEE 802.1ad, Q-in-Q) + + + gretap + Transparent Ethernet Bridging (L2 Ethernet over GRE, gretap) + + + (ip|ip6|arp|802.1q|802.1ad|gretap|0x[0-9a-fA-F]{1,4}) + + + + + #include + + + GRE Version + + gre + Standard GRE + + + pptp + Point to Point Tunnelling Protocol + + + (gre|pptp) + + + + + + diff --git a/interface-definitions/include/firewall/gt.xml.i b/interface-definitions/include/firewall/gt.xml.i new file mode 100644 index 0000000..c879171 --- /dev/null +++ b/interface-definitions/include/firewall/gt.xml.i @@ -0,0 +1,14 @@ + + + + Match on greater then value + + u32:0-255 + Greater then value + + + + + + + diff --git a/interface-definitions/include/firewall/hop-limit.xml.i b/interface-definitions/include/firewall/hop-limit.xml.i new file mode 100644 index 0000000..d375dc9 --- /dev/null +++ b/interface-definitions/include/firewall/hop-limit.xml.i @@ -0,0 +1,12 @@ + + + + Hop limit + + + #include + #include + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/icmp-type-name.xml.i b/interface-definitions/include/firewall/icmp-type-name.xml.i new file mode 100644 index 0000000..d4197cf --- /dev/null +++ b/interface-definitions/include/firewall/icmp-type-name.xml.i @@ -0,0 +1,73 @@ + + + + ICMP type-name + + echo-reply destination-unreachable source-quench redirect echo-request router-advertisement router-solicitation time-exceeded parameter-problem timestamp-request timestamp-reply info-request info-reply address-mask-request address-mask-reply + + + echo-reply + ICMP type 0: echo-reply + + + destination-unreachable + ICMP type 3: destination-unreachable + + + source-quench + ICMP type 4: source-quench + + + redirect + ICMP type 5: redirect + + + echo-request + ICMP type 8: echo-request + + + router-advertisement + ICMP type 9: router-advertisement + + + router-solicitation + ICMP type 10: router-solicitation + + + time-exceeded + ICMP type 11: time-exceeded + + + parameter-problem + ICMP type 12: parameter-problem + + + timestamp-request + ICMP type 13: timestamp-request + + + timestamp-reply + ICMP type 14: timestamp-reply + + + info-request + ICMP type 15: info-request + + + info-reply + ICMP type 16: info-reply + + + address-mask-request + ICMP type 17: address-mask-request + + + address-mask-reply + ICMP type 18: address-mask-reply + + + (echo-reply|destination-unreachable|source-quench|redirect|echo-request|router-advertisement|router-solicitation|time-exceeded|parameter-problem|timestamp-request|timestamp-reply|info-request|info-reply|address-mask-request|address-mask-reply) + + + + diff --git a/interface-definitions/include/firewall/icmp.xml.i b/interface-definitions/include/firewall/icmp.xml.i new file mode 100644 index 0000000..deb50a4 --- /dev/null +++ b/interface-definitions/include/firewall/icmp.xml.i @@ -0,0 +1,34 @@ + + + + ICMP type and code information + + + + + ICMP code + + u32:0-255 + ICMP code (0-255) + + + + + + + + + ICMP type + + u32:0-255 + ICMP type (0-255) + + + + + + + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/icmpv6-type-name.xml.i b/interface-definitions/include/firewall/icmpv6-type-name.xml.i new file mode 100644 index 0000000..e17a20e --- /dev/null +++ b/interface-definitions/include/firewall/icmpv6-type-name.xml.i @@ -0,0 +1,85 @@ + + + + ICMPv6 type-name + + destination-unreachable packet-too-big time-exceeded echo-request echo-reply mld-listener-query mld-listener-report mld-listener-reduction nd-router-solicit nd-router-advert nd-neighbor-solicit nd-neighbor-advert nd-redirect parameter-problem router-renumbering ind-neighbor-solicit ind-neighbor-advert mld2-listener-report + + + destination-unreachable + ICMPv6 type 1: destination-unreachable + + + packet-too-big + ICMPv6 type 2: packet-too-big + + + time-exceeded + ICMPv6 type 3: time-exceeded + + + echo-request + ICMPv6 type 128: echo-request + + + echo-reply + ICMPv6 type 129: echo-reply + + + mld-listener-query + ICMPv6 type 130: mld-listener-query + + + mld-listener-report + ICMPv6 type 131: mld-listener-report + + + mld-listener-reduction + ICMPv6 type 132: mld-listener-reduction + + + nd-router-solicit + ICMPv6 type 133: nd-router-solicit + + + nd-router-advert + ICMPv6 type 134: nd-router-advert + + + nd-neighbor-solicit + ICMPv6 type 135: nd-neighbor-solicit + + + nd-neighbor-advert + ICMPv6 type 136: nd-neighbor-advert + + + nd-redirect + ICMPv6 type 137: nd-redirect + + + parameter-problem + ICMPv6 type 4: parameter-problem + + + router-renumbering + ICMPv6 type 138: router-renumbering + + + ind-neighbor-solicit + ICMPv6 type 141: ind-neighbor-solicit + + + ind-neighbor-advert + ICMPv6 type 142: ind-neighbor-advert + + + mld2-listener-report + ICMPv6 type 143: mld2-listener-report + + + (destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering|ind-neighbor-solicit|ind-neighbor-advert|mld2-listener-report) + + + + diff --git a/interface-definitions/include/firewall/icmpv6.xml.i b/interface-definitions/include/firewall/icmpv6.xml.i new file mode 100644 index 0000000..c011862 --- /dev/null +++ b/interface-definitions/include/firewall/icmpv6.xml.i @@ -0,0 +1,34 @@ + + + + ICMPv6 type and code information + + + + + ICMPv6 code + + u32:0-255 + ICMPv6 code (0-255) + + + + + + + + + ICMPv6 type + + u32:0-255 + ICMPv6 type (0-255) + + + + + + + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i new file mode 100644 index 0000000..bcd4c95 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ + + + + Match inbound-interface + + + + + Match interface + + + vrf name + + + txt + Interface name + + + txt* + Interface name with wildcard + + + !txt + Inverted interface name to match + + + (\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/inbound-interface.xml.i b/interface-definitions/include/firewall/inbound-interface.xml.i new file mode 100644 index 0000000..13df71d --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface.xml.i @@ -0,0 +1,10 @@ + + + + Match inbound-interface + + + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i new file mode 100644 index 0000000..8046b2d --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i @@ -0,0 +1,43 @@ + + + + IPv4 custom firewall + + [a-zA-Z0-9][\w\-\.]* + + + + #include + #include + #include + + + Set jump target. Action jump must be defined in default-action to use this setting + + firewall ipv4 name + + + + + + IPv4 Firewall custom rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i new file mode 100644 index 0000000..b0e240a --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -0,0 +1,40 @@ + + + + IPv4 forward firewall + + + + + IPv4 firewall forward filter + + + #include + #include + #include + + + IPv4 Firewall forward filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i new file mode 100644 index 0000000..491d1a9 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -0,0 +1,37 @@ + + + + IPv4 input firewall + + + + + IPv4 firewall input filter + + + #include + #include + #include + + + IPv4 Firewall input filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i new file mode 100644 index 0000000..ee91575 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -0,0 +1,65 @@ + + + + IPv4 output firewall + + + + + IPv4 firewall output filter + + + #include + #include + #include + + + IPv4 Firewall output filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + + + + + IPv4 firewall output raw + + + #include + #include + #include + + + IPv4 Firewall output raw rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i new file mode 100644 index 0000000..b431303 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i @@ -0,0 +1,52 @@ + + + + IPv4 prerouting firewall + + + + + IPv4 firewall prerouting raw + + + #include + #include + + + Set jump target. Action jump must be defined in default-action to use this setting + + firewall ipv4 name + + + + + + IPv4 Firewall prerouting raw rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + Set jump target. Action jump must be defined to use this setting + + firewall ipv4 name + + + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i new file mode 100644 index 0000000..fb8740c --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i @@ -0,0 +1,43 @@ + + + + IPv6 custom firewall + + [a-zA-Z0-9][\w\-\.]* + + + + #include + #include + #include + + + Set jump target. Action jump must be defined in default-action to use this setting + + firewall ipv6 name + + + + + + IPv6 Firewall custom rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i new file mode 100644 index 0000000..7efc261 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -0,0 +1,40 @@ + + + + IPv6 forward firewall + + + + + IPv6 firewall forward filter + + + #include + #include + #include + + + IPv6 Firewall forward filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i new file mode 100644 index 0000000..154b102 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -0,0 +1,37 @@ + + + + IPv6 input firewall + + + + + IPv6 firewall input filter + + + #include + #include + #include + + + IPv6 Firewall input filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i new file mode 100644 index 0000000..d3c4c1e --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -0,0 +1,65 @@ + + + + IPv6 output firewall + + + + + IPv6 firewall output filter + + + #include + #include + #include + + + IPv6 Firewall output filter rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + + + + + IPv6 firewall output raw + + + #include + #include + #include + + + IPv6 Firewall output raw rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i new file mode 100644 index 0000000..21f8de6 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i @@ -0,0 +1,52 @@ + + + + IPv6 prerouting firewall + + + + + IPv6 firewall prerouting raw + + + #include + #include + + + Set jump target. Action jump must be defined in default-action to use this setting + + firewall ipv6 name + + + + + + IPv6 Firewall prerouting raw rule number + + u32:1-999999 + Number for this firewall rule + + + + + Firewall rule number must be between 1 and 999999 + + + #include + #include + #include + + + Set jump target. Action jump must be defined to use this setting + + firewall ipv6 name + + + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/limit.xml.i b/interface-definitions/include/firewall/limit.xml.i new file mode 100644 index 0000000..21068de --- /dev/null +++ b/interface-definitions/include/firewall/limit.xml.i @@ -0,0 +1,33 @@ + + + + Rate limit using a token bucket filter + + + + + Maximum number of packets to allow in excess of rate + + u32:0-4294967295 + Maximum number of packets to allow in excess of rate + + + + + + + + + Maximum average matching rate + + txt + integer/unit (Example: 5/minute) + + + \d+/(second|minute|hour|day) + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/log-options.xml.i b/interface-definitions/include/firewall/log-options.xml.i new file mode 100644 index 0000000..e8b0cde --- /dev/null +++ b/interface-definitions/include/firewall/log-options.xml.i @@ -0,0 +1,89 @@ + + + + Log options + + + + + Set log group + + u32:0-65535 + Log group to send messages to + + + + + + + + + Length of packet payload to include in netlink message + + u32:0-9000 + Length of packet payload to include in netlink message + + + + + + + + + Number of packets to queue inside the kernel before sending them to userspace + + u32:0-65535 + Number of packets to queue inside the kernel before sending them to userspace + + + + + + + + + Set log-level + + emerg alert crit err warn notice info debug + + + emerg + Emerg log level + + + alert + Alert log level + + + crit + Critical log level + + + err + Error log level + + + warn + Warning log level + + + notice + Notice log level + + + info + Info log level + + + debug + Debug log level + + + (emerg|alert|crit|err|warn|notice|info|debug) + + level must be alert, crit, debug, emerg, err, info, notice or warn + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i new file mode 100644 index 0000000..21548f3 --- /dev/null +++ b/interface-definitions/include/firewall/log.xml.i @@ -0,0 +1,8 @@ + + + + Log packets hitting this rule + + + + diff --git a/interface-definitions/include/firewall/lt.xml.i b/interface-definitions/include/firewall/lt.xml.i new file mode 100644 index 0000000..77894d3 --- /dev/null +++ b/interface-definitions/include/firewall/lt.xml.i @@ -0,0 +1,14 @@ + + + + Match on less then value + + u32:0-255 + Less then value + + + + + + + diff --git a/interface-definitions/include/firewall/mac-address.xml.i b/interface-definitions/include/firewall/mac-address.xml.i new file mode 100644 index 0000000..db3e1e3 --- /dev/null +++ b/interface-definitions/include/firewall/mac-address.xml.i @@ -0,0 +1,19 @@ + + + + MAC address + + macaddr + MAC address to match + + + !macaddr + Match everything except the specified MAC address + + + + + + + + diff --git a/interface-definitions/include/firewall/mac-group.xml.i b/interface-definitions/include/firewall/mac-group.xml.i new file mode 100644 index 0000000..dbce3fc --- /dev/null +++ b/interface-definitions/include/firewall/mac-group.xml.i @@ -0,0 +1,10 @@ + + + + Group of MAC addresses + + firewall group mac-group + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ether-type.xml.i b/interface-definitions/include/firewall/match-ether-type.xml.i new file mode 100644 index 0000000..abfa903 --- /dev/null +++ b/interface-definitions/include/firewall/match-ether-type.xml.i @@ -0,0 +1,30 @@ + + + + Ethernet type + + 802.1q 802.1ad arp ipv4 ipv6 + + + 802.1q + Customer VLAN tag type + + + 802.1ad + Service VLAN tag type + + + arp + Adress Resolution Protocol + + + _ipv4 + Internet Protocol version 4 + + + _ipv6 + Internet Protocol version 6 + + + + diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i new file mode 100644 index 0000000..f25686e --- /dev/null +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -0,0 +1,43 @@ + + + + Match interface + + + vrf name + + + txt + Interface name + + + txt* + Interface name with wildcard + + + !txt + Inverted interface name to match + + + (\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo + + + + + + + Match interface-group + + firewall group interface-group + + + txt + Interface-group name to match + + + !txt + Inverted interface-group name to match + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec-in.xml.i b/interface-definitions/include/firewall/match-ipsec-in.xml.i new file mode 100644 index 0000000..62ed646 --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec-in.xml.i @@ -0,0 +1,21 @@ + + + + Inbound IPsec packets + + + + + Inbound traffic that was IPsec encapsulated + + + + + + Inbound traffic that was not IPsec encapsulated + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec-out.xml.i b/interface-definitions/include/firewall/match-ipsec-out.xml.i new file mode 100644 index 0000000..880fdd4 --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec-out.xml.i @@ -0,0 +1,21 @@ + + + + Outbound IPsec packets + + + + + Outbound traffic to be IPsec encapsulated + + + + + + Outbound traffic that will not be IPsec encapsulated + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec.xml.i b/interface-definitions/include/firewall/match-ipsec.xml.i new file mode 100644 index 0000000..d8d31ef --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec.xml.i @@ -0,0 +1,33 @@ + + + + IPsec encapsulated packets + + + + + Inbound traffic that was IPsec encapsulated + + + + + + Inbound traffic that was not IPsec encapsulated + + + + + + Outbound traffic to be IPsec encapsulated + + + + + + Outbound traffic that will not be IPsec encapsulated + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/match-vlan.xml.i b/interface-definitions/include/firewall/match-vlan.xml.i new file mode 100644 index 0000000..d58e843 --- /dev/null +++ b/interface-definitions/include/firewall/match-vlan.xml.i @@ -0,0 +1,42 @@ + + + + VLAN parameters + + + + + Vlan id + + u32:0-4096 + Vlan id + + + <start-end> + Vlan id range to match + + + + + + + + + Vlan priority(pcp) + + u32:0-7 + Vlan priority + + + <start-end> + Vlan priority range to match + + + + + + + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/name.xml.i b/interface-definitions/include/firewall/name.xml.i new file mode 100644 index 0000000..231b9b1 --- /dev/null +++ b/interface-definitions/include/firewall/name.xml.i @@ -0,0 +1,18 @@ + + + + Local IPv4 firewall ruleset name for interface + + firewall name + + + + + + Local IPv6 firewall ruleset name for interface + + firewall ipv6-name + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/nat-balance.xml.i b/interface-definitions/include/firewall/nat-balance.xml.i new file mode 100644 index 0000000..01793f0 --- /dev/null +++ b/interface-definitions/include/firewall/nat-balance.xml.i @@ -0,0 +1,28 @@ + + + + Translated IP address + + ipv4 + IPv4 address to match + + + + + + + + + Set probability for this output value + + u32:1-100 + Set probability for this output value + + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/nft-queue.xml.i b/interface-definitions/include/firewall/nft-queue.xml.i new file mode 100644 index 0000000..8799eac --- /dev/null +++ b/interface-definitions/include/firewall/nft-queue.xml.i @@ -0,0 +1,34 @@ + + + + Queue target to use. Action queue must be defined to use this setting + + u32:0-65535 + Queue target + + + + + + + + + Options used for queue target. Action queue must be defined to use this setting + + bypass fanout + + + bypass + Let packets go through if userspace application cannot back off + + + fanout + Distribute packets between several queues + + + (bypass|fanout) + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/offload-target.xml.i b/interface-definitions/include/firewall/offload-target.xml.i new file mode 100644 index 0000000..940ed80 --- /dev/null +++ b/interface-definitions/include/firewall/offload-target.xml.i @@ -0,0 +1,10 @@ + + + + Set flowtable offload target. Action offload must be defined to use this setting + + firewall flowtable + + + + diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i new file mode 100644 index 0000000..e3bace4 --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ + + + + Match outbound-interface + + + + + Match interface + + + vrf name + + + txt + Interface name + + + txt* + Interface name with wildcard + + + !txt + Inverted interface name to match + + + (\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/outbound-interface.xml.i b/interface-definitions/include/firewall/outbound-interface.xml.i new file mode 100644 index 0000000..8654dfd --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface.xml.i @@ -0,0 +1,10 @@ + + + + Match outbound-interface + + + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/packet-options.xml.i b/interface-definitions/include/firewall/packet-options.xml.i new file mode 100644 index 0000000..cd94e69 --- /dev/null +++ b/interface-definitions/include/firewall/packet-options.xml.i @@ -0,0 +1,63 @@ + + + + Payload size in bytes, including header and data to match + + u32:1-65535 + Packet length to match + + + <start-end> + Packet length range to match + + + + + + + + + + Payload size in bytes, including header and data not to match + + u32:1-65535 + Packet length not to match + + + <start-end> + Packet length range not to match + + + + + + + + + + Packet type + + broadcast host multicast other + + + broadcast + Match broadcast packet type + + + host + Match host packet type, addressed to local host + + + multicast + Match multicast packet type + + + other + Match packet addressed to another host + + + (broadcast|host|multicast|other) + + + + diff --git a/interface-definitions/include/firewall/port.xml.i b/interface-definitions/include/firewall/port.xml.i new file mode 100644 index 0000000..3bacaff --- /dev/null +++ b/interface-definitions/include/firewall/port.xml.i @@ -0,0 +1,26 @@ + + + + Port + + txt + Named port (any name in /etc/services, e.g., http) + + + u32:1-65535 + Numbered port + + + <start-end> + Numbered port range (e.g. 1001-1005) + + + + \n\n Multiple destination ports can be specified as a comma-separated list.\n For example: 'telnet,http,123,1001-1005' + + + + + + + diff --git a/interface-definitions/include/firewall/protocol.xml.i b/interface-definitions/include/firewall/protocol.xml.i new file mode 100644 index 0000000..e391cae --- /dev/null +++ b/interface-definitions/include/firewall/protocol.xml.i @@ -0,0 +1,34 @@ + + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/recent.xml.i b/interface-definitions/include/firewall/recent.xml.i new file mode 100644 index 0000000..38f40b9 --- /dev/null +++ b/interface-definitions/include/firewall/recent.xml.i @@ -0,0 +1,44 @@ + + + + Parameters for matching recently seen sources + + + + + Source addresses seen more than N times + + u32:1-255 + Source addresses seen more than N times + + + + + + + + + Source addresses seen in the last second/minute/hour + + second minute hour + + + second + Source addresses seen COUNT times in the last second + + + minute + Source addresses seen COUNT times in the last minute + + + hour + Source addresses seen COUNT times in the last hour + + + (second|minute|hour) + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/rule-log-level.xml.i b/interface-definitions/include/firewall/rule-log-level.xml.i new file mode 100644 index 0000000..3ac4738 --- /dev/null +++ b/interface-definitions/include/firewall/rule-log-level.xml.i @@ -0,0 +1,45 @@ + + + + Set log-level. Log must be enable. + + emerg alert crit err warn notice info debug + + + emerg + Emerg log level + + + alert + Alert log level + + + crit + Critical log level + + + err + Error log level + + + warn + Warning log level + + + notice + Notice log level + + + info + Info log level + + + debug + Debug log level + + + (emerg|alert|crit|err|warn|notice|info|debug) + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/set-packet-modifications.xml.i b/interface-definitions/include/firewall/set-packet-modifications.xml.i new file mode 100644 index 0000000..ee019b6 --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications.xml.i @@ -0,0 +1,96 @@ + + + + Packet modifications + + + + + Set connection mark + + u32:0-2147483647 + Connection mark + + + + + + + + + Set DSCP (Packet Differentiated Services Codepoint) bits + + u32:0-63 + DSCP number + + + + + + + + + Set packet mark + + u32:1-2147483647 + Packet mark + + + + + + + + + Set the routing table for matched packets + + u32:1-200 + Table number + + + main + Main table + + + + (main) + + + main + protocols static table + + + + + + VRF to forward packet with + + txt + VRF instance name + + + default + Forward into default global VRF + + + default + vrf name + + #include + + + + + Set TCP Maximum Segment Size + + u32:500-1460 + Explicitly set TCP MSS value + + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i new file mode 100644 index 0000000..845f8fe --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i @@ -0,0 +1,17 @@ + + + + Group + + + + + Group of dynamic ipv6 addresses + + firewall group dynamic-group ipv6-address-group + + + + + + diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i new file mode 100644 index 0000000..29ab98c --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i @@ -0,0 +1,17 @@ + + + + Group + + + + + Group of dynamic addresses + + firewall group dynamic-group address-group + + + + + + diff --git a/interface-definitions/include/firewall/source-destination-group-inet.xml.i b/interface-definitions/include/firewall/source-destination-group-inet.xml.i new file mode 100644 index 0000000..1740516 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-inet.xml.i @@ -0,0 +1,50 @@ + + + + Group + + + + + Group of IPv4 addresses + + firewall group address-group + + + + + + Group of IPv6 addresses + + firewall group ipv6-address-group + + + + #include + + + Group of IPv4 networks + + firewall group network-group + + + + + + Group of IPv6 networks + + firewall group ipv6-network-group + + + + + + Group of ports + + firewall group port-group + + + + + + diff --git a/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i new file mode 100644 index 0000000..8c34fb9 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i @@ -0,0 +1,41 @@ + + + + Group + + + + + Group of addresses + + firewall group address-group + + + + + + Group of domains + + firewall group domain-group + + + + + + Group of networks + + firewall group network-group + + + + + + Group of ports + + firewall group port-group + + + + + + diff --git a/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i new file mode 100644 index 0000000..2a42d23 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i @@ -0,0 +1,42 @@ + + + + Group + + + + + Group of addresses + + firewall group ipv6-address-group + + + + + + Group of domains + + firewall group domain-group + + + + #include + + + Group of networks + + firewall group ipv6-network-group + + + + + + Group of ports + + firewall group port-group + + + + + + diff --git a/interface-definitions/include/firewall/source-destination-group.xml.i b/interface-definitions/include/firewall/source-destination-group.xml.i new file mode 100644 index 0000000..6ebee35 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group.xml.i @@ -0,0 +1,42 @@ + + + + Group + + + + + Group of addresses + + firewall group address-group + + + + + + Group of domains + + firewall group domain-group + + + + #include + + + Group of networks + + firewall group network-group + + + + + + Group of ports + + firewall group port-group + + + + + + diff --git a/interface-definitions/include/firewall/state.xml.i b/interface-definitions/include/firewall/state.xml.i new file mode 100644 index 0000000..dee9722 --- /dev/null +++ b/interface-definitions/include/firewall/state.xml.i @@ -0,0 +1,30 @@ + + + + Session state + + established invalid new related + + + established + Established state + + + invalid + Invalid state + + + new + New state + + + related + Related state + + + (established|invalid|new|related) + + + + + diff --git a/interface-definitions/include/firewall/synproxy.xml.i b/interface-definitions/include/firewall/synproxy.xml.i new file mode 100644 index 0000000..a65126e --- /dev/null +++ b/interface-definitions/include/firewall/synproxy.xml.i @@ -0,0 +1,40 @@ + + + + Synproxy options + + + + + TCP synproxy options + + + + + TCP Maximum segment size + + u32:501-65535 + Maximum segment size for synproxy connections + + + + + + + + + TCP window scale for synproxy connections + + u32:1-14 + TCP window scale + + + + + + + + + + + diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i new file mode 100644 index 0000000..36546c2 --- /dev/null +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -0,0 +1,119 @@ + + + + TCP options to match + + + + + TCP flags to match + + + + + Synchronise flag + + + + + + Acknowledge flag + + + + + + Finish flag + + + + + + Reset flag + + + + + + Urgent flag + + + + + + Push flag + + + + + + Explicit Congestion Notification flag + + + + + + Congestion Window Reduced flag + + + + + + Match flags not set + + + + + Synchronise flag + + + + + + Acknowledge flag + + + + + + Finish flag + + + + + + Reset flag + + + + + + Urgent flag + + + + + + Push flag + + + + + + Explicit Congestion Notification flag + + + + + + Congestion Window Reduced flag + + + + + + + + + + diff --git a/interface-definitions/include/firewall/tcp-mss.xml.i b/interface-definitions/include/firewall/tcp-mss.xml.i new file mode 100644 index 0000000..dc49b42 --- /dev/null +++ b/interface-definitions/include/firewall/tcp-mss.xml.i @@ -0,0 +1,25 @@ + + + + TCP options to match + + + + + Maximum segment size (MSS) + + u32:1-16384 + Maximum segment size + + + <min>-<max> + TCP MSS range (use '-' as delimiter) + + + + + + + + + diff --git a/interface-definitions/include/firewall/time.xml.i b/interface-definitions/include/firewall/time.xml.i new file mode 100644 index 0000000..7bd7374 --- /dev/null +++ b/interface-definitions/include/firewall/time.xml.i @@ -0,0 +1,70 @@ + + + + Time to match rule + + + + + Date to start matching rule + + txt + Enter date using following notation - YYYY-MM-DD + + + (\d{4}\-\d{2}\-\d{2}) + + + + + + Time of day to start matching rule + + txt + Enter time using using 24 hour notation - hh:mm:ss + + + ([0-2][0-9](\:[0-5][0-9]){1,2}) + + + + + + Date to stop matching rule + + txt + Enter date using following notation - YYYY-MM-DD + + + (\d{4}\-\d{2}\-\d{2}) + + + + + + Time of day to stop matching rule + + txt + Enter time using using 24 hour notation - hh:mm:ss + + + ([0-2][0-9](\:[0-5][0-9]){1,2}) + + + + + + Comma separated weekdays to match rule on + + txt + Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday) + + + u32:0-6 + Day number (0 = Sunday ... 6 = Saturday) + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/firewall/timeout-common-protocols.xml.i b/interface-definitions/include/firewall/timeout-common-protocols.xml.i new file mode 100644 index 0000000..037d7d2 --- /dev/null +++ b/interface-definitions/include/firewall/timeout-common-protocols.xml.i @@ -0,0 +1,171 @@ + + + + ICMP timeout in seconds + + u32:1-21474836 + ICMP timeout in seconds + + + + + + 30 + + + + Generic connection timeout in seconds + + u32:1-21474836 + Generic connection timeout in seconds + + + + + + 600 + + + + TCP connection timeout options + + + + + TCP CLOSE-WAIT timeout in seconds + + u32:1-21474836 + TCP CLOSE-WAIT timeout in seconds + + + + + + 60 + + + + TCP CLOSE timeout in seconds + + u32:1-21474836 + TCP CLOSE timeout in seconds + + + + + + 10 + + + + TCP ESTABLISHED timeout in seconds + + u32:1-21474836 + TCP ESTABLISHED timeout in seconds + + + + + + 432000 + + + + TCP FIN-WAIT timeout in seconds + + u32:1-21474836 + TCP FIN-WAIT timeout in seconds + + + + + + 120 + + + + TCP LAST-ACK timeout in seconds + + u32:1-21474836 + TCP LAST-ACK timeout in seconds + + + + + + 30 + + + + TCP SYN-RECEIVED timeout in seconds + + u32:1-21474836 + TCP SYN-RECEIVED timeout in seconds + + + + + + 60 + + + + TCP SYN-SENT timeout in seconds + + u32:1-21474836 + TCP SYN-SENT timeout in seconds + + + + + + 120 + + + + TCP TIME-WAIT timeout in seconds + + u32:1-21474836 + TCP TIME-WAIT timeout in seconds + + + + + + 120 + + + + + + UDP timeout options + + + + + UDP generic timeout in seconds + + u32:1-21474836 + UDP generic timeout in seconds + + + + + + 30 + + + + UDP stream timeout in seconds + + u32:1-21474836 + UDP stream timeout in seconds + + + + + + 180 + + + diff --git a/interface-definitions/include/firewall/ttl.xml.i b/interface-definitions/include/firewall/ttl.xml.i new file mode 100644 index 0000000..9c782a9 --- /dev/null +++ b/interface-definitions/include/firewall/ttl.xml.i @@ -0,0 +1,12 @@ + + + + Time to live limit + + + #include + #include + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/generic-description.xml.i b/interface-definitions/include/generic-description.xml.i new file mode 100644 index 0000000..7e091ea --- /dev/null +++ b/interface-definitions/include/generic-description.xml.i @@ -0,0 +1,15 @@ + + + + Description + + txt + Description + + + .{0,255} + + Description too long (limit 255 characters) + + + diff --git a/interface-definitions/include/generic-disable-node.xml.i b/interface-definitions/include/generic-disable-node.xml.i new file mode 100644 index 0000000..97a328e --- /dev/null +++ b/interface-definitions/include/generic-disable-node.xml.i @@ -0,0 +1,8 @@ + + + + Disable instance + + + + diff --git a/interface-definitions/include/generic-interface-broadcast.xml.i b/interface-definitions/include/generic-interface-broadcast.xml.i new file mode 100644 index 0000000..e37e750 --- /dev/null +++ b/interface-definitions/include/generic-interface-broadcast.xml.i @@ -0,0 +1,17 @@ + + + + Interface to use + + + + + txt + Interface name + + + #include + + + + diff --git a/interface-definitions/include/generic-interface-multi-broadcast.xml.i b/interface-definitions/include/generic-interface-multi-broadcast.xml.i new file mode 100644 index 0000000..ed13cf2 --- /dev/null +++ b/interface-definitions/include/generic-interface-multi-broadcast.xml.i @@ -0,0 +1,18 @@ + + + + Interface to use + + + + + txt + Interface name + + + #include + + + + + diff --git a/interface-definitions/include/generic-interface-multi-wildcard.xml.i b/interface-definitions/include/generic-interface-multi-wildcard.xml.i new file mode 100644 index 0000000..6c846a7 --- /dev/null +++ b/interface-definitions/include/generic-interface-multi-wildcard.xml.i @@ -0,0 +1,18 @@ + + + + Interface to use + + + + + txt + Interface name, wildcard (*) supported + + + #include + + + + + diff --git a/interface-definitions/include/generic-interface-multi.xml.i b/interface-definitions/include/generic-interface-multi.xml.i new file mode 100644 index 0000000..cfc77af --- /dev/null +++ b/interface-definitions/include/generic-interface-multi.xml.i @@ -0,0 +1,18 @@ + + + + Interface to use + + + + + txt + Interface name + + + #include + + + + + diff --git a/interface-definitions/include/generic-interface.xml.i b/interface-definitions/include/generic-interface.xml.i new file mode 100644 index 0000000..65f5bfb --- /dev/null +++ b/interface-definitions/include/generic-interface.xml.i @@ -0,0 +1,17 @@ + + + + Interface to use + + + + + txt + Interface name + + + #include + + + + diff --git a/interface-definitions/include/generic-password.xml.i b/interface-definitions/include/generic-password.xml.i new file mode 100644 index 0000000..76d5f12 --- /dev/null +++ b/interface-definitions/include/generic-password.xml.i @@ -0,0 +1,15 @@ + + + + Password used for authentication + + txt + Password + + + [[:ascii:]]{1,128} + + Password is limited to ASCII characters only, with a total length of 128 + + + diff --git a/interface-definitions/include/generic-username.xml.i b/interface-definitions/include/generic-username.xml.i new file mode 100644 index 0000000..678f30d --- /dev/null +++ b/interface-definitions/include/generic-username.xml.i @@ -0,0 +1,15 @@ + + + + Username used for authentication + + txt + Username + + + [[:ascii:]]{1,128} + + Username is limited to ASCII characters only, with a total length of 128 + + + diff --git a/interface-definitions/include/haproxy/http-response-headers.xml.i b/interface-definitions/include/haproxy/http-response-headers.xml.i new file mode 100644 index 0000000..9e7ddfd --- /dev/null +++ b/interface-definitions/include/haproxy/http-response-headers.xml.i @@ -0,0 +1,29 @@ + + + + Headers to include in HTTP response + + txt + HTTP header name + + + [-a-zA-Z]+ + + Header names must only include alphabetical characters and hyphens + + + + + HTTP header value + + txt + HTTP header value + + + [[:ascii:]]{1,256} + + + + + + diff --git a/interface-definitions/include/haproxy/logging.xml.i b/interface-definitions/include/haproxy/logging.xml.i new file mode 100644 index 0000000..e0af54f --- /dev/null +++ b/interface-definitions/include/haproxy/logging.xml.i @@ -0,0 +1,10 @@ + + + + Logging parameters + + + #include + + + diff --git a/interface-definitions/include/haproxy/mode.xml.i b/interface-definitions/include/haproxy/mode.xml.i new file mode 100644 index 0000000..d013e02 --- /dev/null +++ b/interface-definitions/include/haproxy/mode.xml.i @@ -0,0 +1,23 @@ + + + + Proxy mode + + http tcp + + invalid value + + http + HTTP proxy mode + + + tcp + TCP proxy mode + + + (http|tcp) + + + http + + diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i new file mode 100644 index 0000000..b2be4fd --- /dev/null +++ b/interface-definitions/include/haproxy/rule-backend.xml.i @@ -0,0 +1,131 @@ + + + + Proxy rule number + + u32:1-10000 + Number for this proxy rule + + + + + Proxy rule number must be between 1 and 10000 + + + + + Domain name to match + + txt + Domain address to match + + + + + + + + + + Proxy modifications + + + + + Set URL location + + url + Set URL location + + + ^\/[\w\-.\/]+$ + + Incorrect URL format + + + + + Server name + + [-_a-zA-Z0-9]+ + + Server name must be alphanumeric and can contain hyphen and underscores + + + + + + + SSL match options + + req-ssl-sni ssl-fc-sni + + + req-ssl-sni + SSL Server Name Indication (SNI) request match + + + ssl-fc-sni + SSL frontend connection Server Name Indication match + + + ssl-fc-sni-end + SSL frontend match end of connection Server Name Indication + + + (req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end) + + + + + + URL path match + + + + + Begin URL match + + url + Begin URL + + + ^\/[\w\-.\/]+$ + + Incorrect URL format + + + + + + End URL match + + url + End URL + + + ^\/[\w\-.\/]+$ + + Incorrect URL format + + + + + + Exactly URL match + + url + Exactly URL + + + ^\/[\w\-.\/]*$ + + Incorrect URL format + + + + + + + + diff --git a/interface-definitions/include/haproxy/rule-frontend.xml.i b/interface-definitions/include/haproxy/rule-frontend.xml.i new file mode 100644 index 0000000..001ae2d --- /dev/null +++ b/interface-definitions/include/haproxy/rule-frontend.xml.i @@ -0,0 +1,131 @@ + + + + Proxy rule number + + u32:1-10000 + Number for this proxy rule + + + + + Proxy rule number must be between 1 and 10000 + + + + + Domain name to match + + txt + Domain address to match + + + + + + + + + + Proxy modifications + + + + + Set URL location + + url + Set URL location + + + ^\/[\w\-.\/]+$ + + Incorrect URL format + + + + + Backend name + + [-_a-zA-Z0-9]+ + + Server name must be alphanumeric and can contain hyphen and underscores + + + + + + + SSL match options + + req-ssl-sni ssl-fc-sni + + + req-ssl-sni + SSL Server Name Indication (SNI) request match + + + ssl-fc-sni + SSL frontend connection Server Name Indication match + + + ssl-fc-sni-end + SSL frontend match end of connection Server Name Indication + + + (req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end) + + + + + + URL path match + + + + + Begin URL match + + url + Begin URL + + + ^\/[\w\-.\/]+$ + + Incorrect URL format + + + + + + End URL match + + url + End URL + + + ^\/[\w\-.\/]+$ + + Incorrect URL format + + + + + + Exactly URL match + + url + Exactly URL + + + ^\/[\w\-.\/]+$ + + Incorrect URL format + + + + + + + + diff --git a/interface-definitions/include/haproxy/tcp-request.xml.i b/interface-definitions/include/haproxy/tcp-request.xml.i new file mode 100644 index 0000000..3d60bd8 --- /dev/null +++ b/interface-definitions/include/haproxy/tcp-request.xml.i @@ -0,0 +1,22 @@ + + + + TCP request directive + + + + + Set the maximum allowed time to wait for data during content inspection + + u32:1-65535 + The timeout value specified in milliseconds + + + + + The timeout value must be in range 1 to 65535 milliseconds + + + + + diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i new file mode 100644 index 0000000..79e7303 --- /dev/null +++ b/interface-definitions/include/haproxy/timeout.xml.i @@ -0,0 +1,45 @@ + + + + Timeout options + + + + + Timeout in seconds for established connections + + u32:1-3600 + Check timeout in seconds + + + + + + + + + Set the maximum time to wait for a connection attempt to a server to succeed + + u32:1-3600 + Connect timeout in seconds + + + + + + + + + Set the maximum inactivity time on the server side + + u32:1-3600 + Server timeout in seconds + + + + + + + + + diff --git a/interface-definitions/include/ids/threshold.xml.i b/interface-definitions/include/ids/threshold.xml.i new file mode 100644 index 0000000..e21e3a0 --- /dev/null +++ b/interface-definitions/include/ids/threshold.xml.i @@ -0,0 +1,38 @@ + + + + Flows per second + + u32:0-4294967294 + Flows per second + + + + + + + + + Megabits per second + + u32:0-4294967294 + Megabits per second + + + + + + + + + Packets per second + + u32:0-4294967294 + Packets per second + + + + + + + diff --git a/interface-definitions/include/inbound-interface.xml.i b/interface-definitions/include/inbound-interface.xml.i new file mode 100644 index 0000000..422f9de --- /dev/null +++ b/interface-definitions/include/inbound-interface.xml.i @@ -0,0 +1,11 @@ + + + + Inbound interface of NAT traffic + + any + + + + + diff --git a/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i new file mode 100644 index 0000000..5057ed9 --- /dev/null +++ b/interface-definitions/include/interface/address-ipv4-ipv6-dhcp.xml.i @@ -0,0 +1,31 @@ + + + + IP address + + dhcp dhcpv6 + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + dhcp + Dynamic Host Configuration Protocol + + + dhcpv6 + Dynamic Host Configuration Protocol for IPv6 + + + + (dhcp|dhcpv6) + + + + + diff --git a/interface-definitions/include/interface/address-ipv4-ipv6.xml.i b/interface-definitions/include/interface/address-ipv4-ipv6.xml.i new file mode 100644 index 0000000..d689da5 --- /dev/null +++ b/interface-definitions/include/interface/address-ipv4-ipv6.xml.i @@ -0,0 +1,19 @@ + + + + IP address + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + diff --git a/interface-definitions/include/interface/adjust-mss.xml.i b/interface-definitions/include/interface/adjust-mss.xml.i new file mode 100644 index 0000000..2b184a0 --- /dev/null +++ b/interface-definitions/include/interface/adjust-mss.xml.i @@ -0,0 +1,23 @@ + + + + + Adjust TCP MSS value + + clamp-mss-to-pmtu + + + clamp-mss-to-pmtu + Automatically sets the MSS to the proper value + + + u32:536-65535 + TCP Maximum segment size in bytes + + + + (clamp-mss-to-pmtu) + + + + diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i new file mode 100644 index 0000000..06d7ffe --- /dev/null +++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i @@ -0,0 +1,16 @@ + + + + ARP cache entry timeout in seconds + + u32:1-86400 + ARP cache entry timout in seconds + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + 30 + + diff --git a/interface-definitions/include/interface/authentication.xml.i b/interface-definitions/include/interface/authentication.xml.i new file mode 100644 index 0000000..0bd7922 --- /dev/null +++ b/interface-definitions/include/interface/authentication.xml.i @@ -0,0 +1,11 @@ + + + + Authentication settings + + + #include + #include + + + diff --git a/interface-definitions/include/interface/base-reachable-time.xml.i b/interface-definitions/include/interface/base-reachable-time.xml.i new file mode 100644 index 0000000..fb0d701 --- /dev/null +++ b/interface-definitions/include/interface/base-reachable-time.xml.i @@ -0,0 +1,16 @@ + + + + Base reachable time in seconds + + u32:1-86400 + Base reachable time in seconds + + + + + Base reachable time must be between 1 and 86400 seconds + + 30 + + diff --git a/interface-definitions/include/interface/default-route-distance.xml.i b/interface-definitions/include/interface/default-route-distance.xml.i new file mode 100644 index 0000000..6eda52c --- /dev/null +++ b/interface-definitions/include/interface/default-route-distance.xml.i @@ -0,0 +1,15 @@ + + + + Distance for installed default route + + u32:1-255 + Distance for the default route from DHCP server + + + + + + 210 + + diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i new file mode 100644 index 0000000..733512a --- /dev/null +++ b/interface-definitions/include/interface/dhcp-options.xml.i @@ -0,0 +1,80 @@ + + + + DHCP client settings/options + + + + + Identifier used by client to identify itself to the DHCP server + + txt + DHCP option string + + + #include + + + + + + Override system host-name sent to DHCP server + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + Use MTU value from DHCP server - ignore interface setting + + + + + + Identify the vendor client type to the DHCP server + + txt + DHCP option string + + + #include + + + + + + Identify to the DHCP server, user configurable option + + txt + DHCP option string + + + #include + + + + #include + #include + + + IP addresses or subnets from which to reject DHCP leases + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + + + + + + + + + diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i new file mode 100644 index 0000000..68d1b17 --- /dev/null +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -0,0 +1,95 @@ + + + + DHCPv6 client settings/options + + + #include + + + Acquire only config parameters, no address + + + + + + DHCPv6 prefix delegation interface statement + + instance number + Prefix delegation instance (>= 0) + + + + + + + + + Request IPv6 prefix length from peer + + u32:32-64 + Length of delegated prefix + + + + + + 64 + + + + Delegate IPv6 prefix from provider to this interface + + + + + + + + Local interface address assigned to interface (default: EUI-64) + + >0 + Used to form IPv6 interface address + + + + + + + + + Interface site-Level aggregator (SLA) + + u32:0-65535 + Decimal integer which fits in the length of SLA IDs + + + + + + + + + + + + + Wait for immediate reply instead of advertisements + + + + + + IPv6 temporary address + + + + + + Do not send a release message on client exit + + + + + + diff --git a/interface-definitions/include/interface/dial-on-demand.xml.i b/interface-definitions/include/interface/dial-on-demand.xml.i new file mode 100644 index 0000000..30e8c7e --- /dev/null +++ b/interface-definitions/include/interface/dial-on-demand.xml.i @@ -0,0 +1,8 @@ + + + + Establishment connection automatically when traffic is sent + + + + diff --git a/interface-definitions/include/interface/disable-arp-filter.xml.i b/interface-definitions/include/interface/disable-arp-filter.xml.i new file mode 100644 index 0000000..a69455d --- /dev/null +++ b/interface-definitions/include/interface/disable-arp-filter.xml.i @@ -0,0 +1,8 @@ + + + + Disable ARP filter on this interface + + + + diff --git a/interface-definitions/include/interface/disable-forwarding.xml.i b/interface-definitions/include/interface/disable-forwarding.xml.i new file mode 100644 index 0000000..45382ec --- /dev/null +++ b/interface-definitions/include/interface/disable-forwarding.xml.i @@ -0,0 +1,8 @@ + + + + Disable IP forwarding on this interface + + + + diff --git a/interface-definitions/include/interface/disable-link-detect.xml.i b/interface-definitions/include/interface/disable-link-detect.xml.i new file mode 100644 index 0000000..b101ec2 --- /dev/null +++ b/interface-definitions/include/interface/disable-link-detect.xml.i @@ -0,0 +1,8 @@ + + + + Ignore link state changes + + + + diff --git a/interface-definitions/include/interface/disable.xml.i b/interface-definitions/include/interface/disable.xml.i new file mode 100644 index 0000000..b76bd3f --- /dev/null +++ b/interface-definitions/include/interface/disable.xml.i @@ -0,0 +1,8 @@ + + + + Administratively disable interface + + + + diff --git a/interface-definitions/include/interface/duid.xml.i b/interface-definitions/include/interface/duid.xml.i new file mode 100644 index 0000000..8d80869 --- /dev/null +++ b/interface-definitions/include/interface/duid.xml.i @@ -0,0 +1,15 @@ + + + + DHCP unique identifier (DUID) to be sent by client + + duid + DHCP unique identifier + + + ([0-9A-Fa-f]{2}:){0,127}([0-9A-Fa-f]{2}) + + Invalid DUID, must be in the format h[[:h]...] + + + diff --git a/interface-definitions/include/interface/eapol.xml.i b/interface-definitions/include/interface/eapol.xml.i new file mode 100644 index 0000000..a3206f2 --- /dev/null +++ b/interface-definitions/include/interface/eapol.xml.i @@ -0,0 +1,11 @@ + + + + Extensible Authentication Protocol over Local Area Network + + + #include + #include + + + diff --git a/interface-definitions/include/interface/enable-arp-accept.xml.i b/interface-definitions/include/interface/enable-arp-accept.xml.i new file mode 100644 index 0000000..90f6bc3 --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-accept.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP accept on this interface + + + + diff --git a/interface-definitions/include/interface/enable-arp-announce.xml.i b/interface-definitions/include/interface/enable-arp-announce.xml.i new file mode 100644 index 0000000..cf02fce --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-announce.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP announce on this interface + + + + diff --git a/interface-definitions/include/interface/enable-arp-ignore.xml.i b/interface-definitions/include/interface/enable-arp-ignore.xml.i new file mode 100644 index 0000000..5bb444f --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-ignore.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP ignore on this interface + + + + diff --git a/interface-definitions/include/interface/enable-directed-broadcast.xml.i b/interface-definitions/include/interface/enable-directed-broadcast.xml.i new file mode 100644 index 0000000..a873958 --- /dev/null +++ b/interface-definitions/include/interface/enable-directed-broadcast.xml.i @@ -0,0 +1,8 @@ + + + + Enable directed broadcast forwarding on this interface + + + + diff --git a/interface-definitions/include/interface/enable-proxy-arp.xml.i b/interface-definitions/include/interface/enable-proxy-arp.xml.i new file mode 100644 index 0000000..27e497f --- /dev/null +++ b/interface-definitions/include/interface/enable-proxy-arp.xml.i @@ -0,0 +1,8 @@ + + + + Enable proxy-arp on this interface + + + + diff --git a/interface-definitions/include/interface/evpn-mh-uplink.xml.i b/interface-definitions/include/interface/evpn-mh-uplink.xml.i new file mode 100644 index 0000000..5f7fe1b --- /dev/null +++ b/interface-definitions/include/interface/evpn-mh-uplink.xml.i @@ -0,0 +1,8 @@ + + + + Uplink to the VXLAN core + + + + diff --git a/interface-definitions/include/interface/hw-id.xml.i b/interface-definitions/include/interface/hw-id.xml.i new file mode 100644 index 0000000..a3a1eec --- /dev/null +++ b/interface-definitions/include/interface/hw-id.xml.i @@ -0,0 +1,14 @@ + + + + Associate Ethernet Interface with given Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + diff --git a/interface-definitions/include/interface/inbound-interface.xml.i b/interface-definitions/include/interface/inbound-interface.xml.i new file mode 100644 index 0000000..96ade33 --- /dev/null +++ b/interface-definitions/include/interface/inbound-interface.xml.i @@ -0,0 +1,10 @@ + + + + Inbound Interface + + + + + + diff --git a/interface-definitions/include/interface/ipv4-options.xml.i b/interface-definitions/include/interface/ipv4-options.xml.i new file mode 100644 index 0000000..eda77e8 --- /dev/null +++ b/interface-definitions/include/interface/ipv4-options.xml.i @@ -0,0 +1,20 @@ + + + + IPv4 routing parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/ipv6-accept-dad.xml.i b/interface-definitions/include/interface/ipv6-accept-dad.xml.i new file mode 100644 index 0000000..7554b27 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-accept-dad.xml.i @@ -0,0 +1,20 @@ + + + + Accept Duplicate Address Detection + + 0 + Disable DAD + + + 1 + Enable DAD + + + 2 + Enable DAD - disable IPv6 if MAC-based duplicate link-local address found + + + 1 + + diff --git a/interface-definitions/include/interface/ipv6-address-autoconf.xml.i b/interface-definitions/include/interface/ipv6-address-autoconf.xml.i new file mode 100644 index 0000000..cd1483b --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address-autoconf.xml.i @@ -0,0 +1,8 @@ + + + + Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + + + + diff --git a/interface-definitions/include/interface/ipv6-address-eui64.xml.i b/interface-definitions/include/interface/ipv6-address-eui64.xml.i new file mode 100644 index 0000000..fe1f43d --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address-eui64.xml.i @@ -0,0 +1,16 @@ + + + + Prefix for IPv6 address with MAC-based EUI-64 + + <h:h:h:h:h:h:h:h/64> + IPv6 /64 network + + + + + EUI64 prefix length must be 64 + + + + diff --git a/interface-definitions/include/interface/ipv6-address-no-default-link-local.xml.i b/interface-definitions/include/interface/ipv6-address-no-default-link-local.xml.i new file mode 100644 index 0000000..012490e --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address-no-default-link-local.xml.i @@ -0,0 +1,8 @@ + + + + Remove the default link-local address from the interface + + + + diff --git a/interface-definitions/include/interface/ipv6-address.xml.i b/interface-definitions/include/interface/ipv6-address.xml.i new file mode 100644 index 0000000..e1bdf02 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address.xml.i @@ -0,0 +1,12 @@ + + + + IPv6 address configuration modes + + + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i new file mode 100644 index 0000000..3b9294d --- /dev/null +++ b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i @@ -0,0 +1,19 @@ + + + + Number of NS messages to send while performing DAD + + u32:0 + Disable Duplicate Address Dectection (DAD) + + + u32:1-n + Number of NS messages to send while performing DAD + + + + + + 1 + + diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i new file mode 100644 index 0000000..ec6ec64 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -0,0 +1,16 @@ + + + + IPv6 routing parameters + + + #include + #include + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/mac-multi.xml.i b/interface-definitions/include/interface/mac-multi.xml.i new file mode 100644 index 0000000..458372e --- /dev/null +++ b/interface-definitions/include/interface/mac-multi.xml.i @@ -0,0 +1,15 @@ + + + + Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + + diff --git a/interface-definitions/include/interface/mac.xml.i b/interface-definitions/include/interface/mac.xml.i new file mode 100644 index 0000000..705330d --- /dev/null +++ b/interface-definitions/include/interface/mac.xml.i @@ -0,0 +1,14 @@ + + + + Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + diff --git a/interface-definitions/include/interface/macsec-key.xml.i b/interface-definitions/include/interface/macsec-key.xml.i new file mode 100644 index 0000000..5a857a6 --- /dev/null +++ b/interface-definitions/include/interface/macsec-key.xml.i @@ -0,0 +1,15 @@ + + + + MACsec static key + + txt + 16-byte (128-bit) hex-string (32 hex-digits) for gcm-aes-128 or 32-byte (256-bit) hex-string (64 hex-digits) for gcm-aes-256 + + + [A-Fa-f0-9]{32} + [A-Fa-f0-9]{64} + + + + diff --git a/interface-definitions/include/interface/mirror.xml.i b/interface-definitions/include/interface/mirror.xml.i new file mode 100644 index 0000000..903c627 --- /dev/null +++ b/interface-definitions/include/interface/mirror.xml.i @@ -0,0 +1,33 @@ + + + + Mirror ingress/egress packets + + + + + Mirror ingress traffic to destination interface + + + + + txt + Destination interface name + + + + + + Mirror egress traffic to destination interface + + + + + txt + Destination interface name + + + + + + diff --git a/interface-definitions/include/interface/mtu-1200-16000.xml.i b/interface-definitions/include/interface/mtu-1200-16000.xml.i new file mode 100644 index 0000000..fab053f --- /dev/null +++ b/interface-definitions/include/interface/mtu-1200-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + u32:1200-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 1200 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-1450-16000.xml.i b/interface-definitions/include/interface/mtu-1450-16000.xml.i new file mode 100644 index 0000000..1e71eab --- /dev/null +++ b/interface-definitions/include/interface/mtu-1450-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + u32:1450-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 1450 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-64-8024.xml.i b/interface-definitions/include/interface/mtu-64-8024.xml.i new file mode 100644 index 0000000..30c77f7 --- /dev/null +++ b/interface-definitions/include/interface/mtu-64-8024.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + u32:64-8024 + Maximum Transmission Unit in byte + + + + + MTU must be between 64 and 8024 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-68-1500.xml.i b/interface-definitions/include/interface/mtu-68-1500.xml.i new file mode 100644 index 0000000..693e0be --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-1500.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + u32:68-1500 + Maximum Transmission Unit in byte + + + + + MTU must be between 68 and 1500 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-68-16000.xml.i b/interface-definitions/include/interface/mtu-68-16000.xml.i new file mode 100644 index 0000000..df1b7b7 --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-16000.xml.i @@ -0,0 +1,15 @@ + + + + Maximum Transmission Unit (MTU) + + u32:68-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 68 and 16000 + + + diff --git a/interface-definitions/include/interface/netns.xml.i b/interface-definitions/include/interface/netns.xml.i new file mode 100644 index 0000000..fd6da8f --- /dev/null +++ b/interface-definitions/include/interface/netns.xml.i @@ -0,0 +1,14 @@ + + + + Network namespace name + + txt + Network namespace name + + + netns name + + + + diff --git a/interface-definitions/include/interface/no-default-route.xml.i b/interface-definitions/include/interface/no-default-route.xml.i new file mode 100644 index 0000000..307fcff --- /dev/null +++ b/interface-definitions/include/interface/no-default-route.xml.i @@ -0,0 +1,8 @@ + + + + Do not install default route to system + + + + diff --git a/interface-definitions/include/interface/no-peer-dns.xml.i b/interface-definitions/include/interface/no-peer-dns.xml.i new file mode 100644 index 0000000..d663f04 --- /dev/null +++ b/interface-definitions/include/interface/no-peer-dns.xml.i @@ -0,0 +1,8 @@ + + + + Do not use DNS servers provided by the peer + + + + diff --git a/interface-definitions/include/interface/parameters-df.xml.i b/interface-definitions/include/interface/parameters-df.xml.i new file mode 100644 index 0000000..82436b5 --- /dev/null +++ b/interface-definitions/include/interface/parameters-df.xml.i @@ -0,0 +1,26 @@ + + + + Usage of the DF (don't Fragment) bit in outgoing packets + + set unset inherit + + + set + Always set DF (don't fragment) bit + + + unset + Always unset DF (don't fragment) bit + + + inherit + Copy from the original IP header + + + (set|unset|inherit) + + + unset + + diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i new file mode 100644 index 0000000..b2e8821 --- /dev/null +++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i @@ -0,0 +1,22 @@ + + + + Specifies the flow label to use in outgoing packets + + inherit + + + inherit + Copy field from original header + + + 0x0-0x0fffff + Tunnel key, or hex value + + + ((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit) + + Must be 'inherit' or a number + + + diff --git a/interface-definitions/include/interface/parameters-innerproto.xml.i b/interface-definitions/include/interface/parameters-innerproto.xml.i new file mode 100644 index 0000000..9cafebd --- /dev/null +++ b/interface-definitions/include/interface/parameters-innerproto.xml.i @@ -0,0 +1,8 @@ + + + + Use IPv4 as inner protocol instead of Ethernet + + + + diff --git a/interface-definitions/include/interface/parameters-key.xml.i b/interface-definitions/include/interface/parameters-key.xml.i new file mode 100644 index 0000000..25a6c03 --- /dev/null +++ b/interface-definitions/include/interface/parameters-key.xml.i @@ -0,0 +1,15 @@ + + + + Tunnel key (only GRE tunnels) + + u32 + Tunnel key + + + + + key must be between 0-4294967295 + + + diff --git a/interface-definitions/include/interface/parameters-tos.xml.i b/interface-definitions/include/interface/parameters-tos.xml.i new file mode 100644 index 0000000..1b342a4 --- /dev/null +++ b/interface-definitions/include/interface/parameters-tos.xml.i @@ -0,0 +1,16 @@ + + + + Specifies TOS value to use in outgoing packets + + u32:0-99 + Type of Service (TOS) + + + + + TOS must be between 0 and 99 + + inherit + + diff --git a/interface-definitions/include/interface/parameters-ttl.xml.i b/interface-definitions/include/interface/parameters-ttl.xml.i new file mode 100644 index 0000000..ade33b4 --- /dev/null +++ b/interface-definitions/include/interface/parameters-ttl.xml.i @@ -0,0 +1,20 @@ + + + + Specifies TTL value to use in outgoing packets + + u32:0 + Inherit - copy value from original IP header + + + u32:1-255 + Time to Live + + + + + TTL must be between 0 and 255 + + 0 + + diff --git a/interface-definitions/include/interface/per-client-thread.xml.i b/interface-definitions/include/interface/per-client-thread.xml.i new file mode 100644 index 0000000..2fd19b5 --- /dev/null +++ b/interface-definitions/include/interface/per-client-thread.xml.i @@ -0,0 +1,8 @@ + + + + Process traffic from each client in a dedicated thread + + + + diff --git a/interface-definitions/include/interface/proxy-arp-pvlan.xml.i b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i new file mode 100644 index 0000000..c00b2fe --- /dev/null +++ b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i @@ -0,0 +1,8 @@ + + + + Enable private VLAN proxy ARP on this interface + + + + diff --git a/interface-definitions/include/interface/redirect.xml.i b/interface-definitions/include/interface/redirect.xml.i new file mode 100644 index 0000000..9b41cd8 --- /dev/null +++ b/interface-definitions/include/interface/redirect.xml.i @@ -0,0 +1,17 @@ + + + + Redirect incoming packet to destination + + + + + txt + Destination interface name + + + #include + + + + diff --git a/interface-definitions/include/interface/source-validation.xml.i b/interface-definitions/include/interface/source-validation.xml.i new file mode 100644 index 0000000..fc9a7d3 --- /dev/null +++ b/interface-definitions/include/interface/source-validation.xml.i @@ -0,0 +1,25 @@ + + + + Source validation by reversed path (RFC3704) + + strict loose disable + + + strict + Enable Strict Reverse Path Forwarding as defined in RFC3704 + + + loose + Enable Loose Reverse Path Forwarding as defined in RFC3704 + + + disable + No source validation + + + (strict|loose|disable) + + + + diff --git a/interface-definitions/include/interface/tunnel-remote-multi.xml.i b/interface-definitions/include/interface/tunnel-remote-multi.xml.i new file mode 100644 index 0000000..f672087 --- /dev/null +++ b/interface-definitions/include/interface/tunnel-remote-multi.xml.i @@ -0,0 +1,19 @@ + + + + Tunnel remote address + + ipv4 + Tunnel remote IPv4 address + + + ipv6 + Tunnel remote IPv6 address + + + + + + + + diff --git a/interface-definitions/include/interface/tunnel-remote.xml.i b/interface-definitions/include/interface/tunnel-remote.xml.i new file mode 100644 index 0000000..2a8891b --- /dev/null +++ b/interface-definitions/include/interface/tunnel-remote.xml.i @@ -0,0 +1,18 @@ + + + + Tunnel remote address + + ipv4 + Tunnel remote IPv4 address + + + ipv6 + Tunnel remote IPv6 address + + + + + + + diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i new file mode 100644 index 0000000..02e7ab0 --- /dev/null +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -0,0 +1,55 @@ + + + + QinQ TAG-S Virtual Local Area Network (VLAN) ID + + u32:0-4094 + QinQ Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 0 and 4094 + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + QinQ TAG-C Virtual Local Area Network (VLAN) ID + + + + VLAN ID must be between 0 and 4094 + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + #include + #include + + + diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i new file mode 100644 index 0000000..ec3921b --- /dev/null +++ b/interface-definitions/include/interface/vif.xml.i @@ -0,0 +1,56 @@ + + + + Virtual Local Area Network (VLAN) ID + + u32:0-4094 + Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 0 and 4094 + + + #include + #include + #include + #include + #include + #include + + + VLAN egress QoS + + txt + Format for qos mapping, e.g.: '0:1 1:6 7:6' + + + [:0-7 ]+ + + QoS mapping should be in the format of '0:7 2:3' with numbers 0-9 + + + + + VLAN ingress QoS + + txt + Format for qos mapping, e.g.: '0:1 1:6 7:6' + + + [:0-7 ]+ + + QoS mapping should be in the format of '0:7 2:3' with numbers 0-9 + + + #include + #include + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/vlan-protocol.xml.i b/interface-definitions/include/interface/vlan-protocol.xml.i new file mode 100644 index 0000000..2fe8d65 --- /dev/null +++ b/interface-definitions/include/interface/vlan-protocol.xml.i @@ -0,0 +1,23 @@ + + + + Protocol used for service VLAN (default: 802.1ad) + + 802.1ad 802.1q + + + 802.1ad + Provider Bridging (IEEE 802.1ad, Q-inQ), ethertype 0x88a8 + + + 802.1q + VLAN-tagged frame (IEEE 802.1q), ethertype 0x8100 + + + (802.1q|802.1ad) + + Ethertype must be 802.1ad or 802.1q + + 802.1ad + + diff --git a/interface-definitions/include/interface/vrf.xml.i b/interface-definitions/include/interface/vrf.xml.i new file mode 100644 index 0000000..ef0058f --- /dev/null +++ b/interface-definitions/include/interface/vrf.xml.i @@ -0,0 +1,15 @@ + + + + VRF instance name + + txt + VRF instance name + + + vrf name + + #include + + + diff --git a/interface-definitions/include/ip-protocol.xml.i b/interface-definitions/include/ip-protocol.xml.i new file mode 100644 index 0000000..ce93450 --- /dev/null +++ b/interface-definitions/include/ip-protocol.xml.i @@ -0,0 +1,17 @@ + + + + Protocol + + txt + Protocol name + + + + + + + + + + diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i new file mode 100644 index 0000000..4e0b848 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-id.xml.i @@ -0,0 +1,11 @@ + + + + Local ID for peer authentication + + txt + Local ID used for peer authentication + + + + diff --git a/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i new file mode 100644 index 0000000..af26693 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i @@ -0,0 +1,11 @@ + + + + Pre-shared secret key + + txt + Pre-shared secret key + + + + diff --git a/interface-definitions/include/ipsec/authentication-rsa.xml.i b/interface-definitions/include/ipsec/authentication-rsa.xml.i new file mode 100644 index 0000000..0a364e8 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-rsa.xml.i @@ -0,0 +1,30 @@ + + + + RSA keys + + + + + Name of PKI key-pair with local private key + + pki key-pair + + + + + + Local private key passphrase + + + + + Name of PKI key-pair with remote public key + + pki key-pair + + + + + + diff --git a/interface-definitions/include/ipsec/authentication-x509.xml.i b/interface-definitions/include/ipsec/authentication-x509.xml.i new file mode 100644 index 0000000..1d04c94 --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-x509.xml.i @@ -0,0 +1,11 @@ + + + + X.509 certificate + + + #include + #include + + + diff --git a/interface-definitions/include/ipsec/bind.xml.i b/interface-definitions/include/ipsec/bind.xml.i new file mode 100644 index 0000000..edc46d4 --- /dev/null +++ b/interface-definitions/include/ipsec/bind.xml.i @@ -0,0 +1,10 @@ + + + + VTI tunnel interface associated with this configuration + + interfaces vti + + + + diff --git a/interface-definitions/include/ipsec/esp-group.xml.i b/interface-definitions/include/ipsec/esp-group.xml.i new file mode 100644 index 0000000..5e5d819 --- /dev/null +++ b/interface-definitions/include/ipsec/esp-group.xml.i @@ -0,0 +1,10 @@ + + + + Encapsulating Security Payloads (ESP) group name + + vpn ipsec esp-group + + + + diff --git a/interface-definitions/include/ipsec/ike-group.xml.i b/interface-definitions/include/ipsec/ike-group.xml.i new file mode 100644 index 0000000..f7649ed --- /dev/null +++ b/interface-definitions/include/ipsec/ike-group.xml.i @@ -0,0 +1,10 @@ + + + + Internet Key Exchange (IKE) group name + + vpn ipsec ike-group + + + + diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i new file mode 100644 index 0000000..71f5149 --- /dev/null +++ b/interface-definitions/include/ipsec/local-address.xml.i @@ -0,0 +1,27 @@ + + + + IPv4 or IPv6 address of a local interface to use for VPN + + any + + + + ipv4 + IPv4 address of a local interface for VPN + + + ipv6 + IPv6 address of a local interface for VPN + + + any + Allow any IPv4 address present on the system to be used for VPN + + + + (any) + + + + diff --git a/interface-definitions/include/ipsec/local-traffic-selector.xml.i b/interface-definitions/include/ipsec/local-traffic-selector.xml.i new file mode 100644 index 0000000..9ae67f5 --- /dev/null +++ b/interface-definitions/include/ipsec/local-traffic-selector.xml.i @@ -0,0 +1,28 @@ + + + + Local parameters for interesting traffic + + + #include + + + Local IPv4 or IPv6 prefix + + ipv4net + Local IPv4 prefix + + + ipv6net + Local IPv6 prefix + + + + + + + + + + + diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i new file mode 100644 index 0000000..91decba --- /dev/null +++ b/interface-definitions/include/ipsec/remote-address.xml.i @@ -0,0 +1,29 @@ + + + + IPv4 or IPv6 address of the remote peer + + ipv4 + IPv4 address of the remote peer + + + ipv6 + IPv6 address of the remote peer + + + hostname + Fully qualified domain name of the remote peer + + + any + Allow any IP address of the remote peer + + + + + (any) + + + + + diff --git a/interface-definitions/include/ipsec/replay-window.xml.i b/interface-definitions/include/ipsec/replay-window.xml.i new file mode 100644 index 0000000..f35ed55 --- /dev/null +++ b/interface-definitions/include/ipsec/replay-window.xml.i @@ -0,0 +1,19 @@ + + + + IPsec replay window to configure for this CHILD_SA + + u32:0 + Disable IPsec replay protection + + + u32:1-2040 + Replay window size in packets + + + + + + 32 + + diff --git a/interface-definitions/include/ipv4-address-prefix-range.xml.i b/interface-definitions/include/ipv4-address-prefix-range.xml.i new file mode 100644 index 0000000..aadc6aa --- /dev/null +++ b/interface-definitions/include/ipv4-address-prefix-range.xml.i @@ -0,0 +1,39 @@ + + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + !ipv4 + Match everything except the specified address + + + !ipv4net + Match everything except the specified prefix + + + !ipv4range + Match everything except the specified range + + + + + + + + + + + + diff --git a/interface-definitions/include/ipv4-address-prefix.xml.i b/interface-definitions/include/ipv4-address-prefix.xml.i new file mode 100644 index 0000000..f5be6f1 --- /dev/null +++ b/interface-definitions/include/ipv4-address-prefix.xml.i @@ -0,0 +1,19 @@ + + + + IP address, prefix + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + + + + + + diff --git a/interface-definitions/include/isis/default-information-level.xml.i b/interface-definitions/include/isis/default-information-level.xml.i new file mode 100644 index 0000000..5ade72a --- /dev/null +++ b/interface-definitions/include/isis/default-information-level.xml.i @@ -0,0 +1,32 @@ + + + + Distribute default route into level-1 + + + + + Always advertise default route + + + + #include + #include + + + + + Distribute default route into level-2 + + + + + Always advertise default route + + + + #include + #include + + + diff --git a/interface-definitions/include/isis/ldp-sync-holddown.xml.i b/interface-definitions/include/isis/ldp-sync-holddown.xml.i new file mode 100644 index 0000000..15ac26f --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-holddown.xml.i @@ -0,0 +1,14 @@ + + + + Hold down timer for LDP-IGP cost restoration + + u32:0-10000 + Time to wait in seconds for LDP-IGP synchronization to occur before restoring interface cost + + + + + + + diff --git a/interface-definitions/include/isis/ldp-sync-interface.xml.i b/interface-definitions/include/isis/ldp-sync-interface.xml.i new file mode 100644 index 0000000..222a352 --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-interface.xml.i @@ -0,0 +1,11 @@ + + + + LDP-IGP synchronization configuration for interface + + + #include + #include + + + diff --git a/interface-definitions/include/isis/ldp-sync-protocol.xml.i b/interface-definitions/include/isis/ldp-sync-protocol.xml.i new file mode 100644 index 0000000..b2e696a --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-protocol.xml.i @@ -0,0 +1,10 @@ + + + + Protocol wide LDP-IGP synchronization configuration + + + #include + + + diff --git a/interface-definitions/include/isis/level-1-2-leaf.xml.i b/interface-definitions/include/isis/level-1-2-leaf.xml.i new file mode 100644 index 0000000..3703da1 --- /dev/null +++ b/interface-definitions/include/isis/level-1-2-leaf.xml.i @@ -0,0 +1,13 @@ + + + + Match on IS-IS level-1 routes + + + + + + Match on IS-IS level-2 routes + + + \ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-local.xml.i b/interface-definitions/include/isis/lfa-local.xml.i new file mode 100644 index 0000000..c5bf6a3 --- /dev/null +++ b/interface-definitions/include/isis/lfa-local.xml.i @@ -0,0 +1,128 @@ + + + + Local loop free alternate options + + + + + Load share prefixes across multiple backups + + + + + Disable load sharing + + + #include + + + + + + + Limit backup computation up to the prefix priority + + + + + Compute for critical, high, and medium priority prefixes + + + #include + + + + + Compute for critical, and high priority prefixes + + + #include + + + + + Compute for critical priority prefixes only + + + #include + + + + + + + Configure tiebreaker for multiple backups + + + + + Prefer backup path via downstream node + + + + + Set preference order among tiebreakers + + u32:1-255 + The index integer value + + + + + + + #include + + + + + + + Prefer backup path with lowest total metric + + + + + Set preference order among tiebreakers + + u32:1-255 + The index integer value + + + + + + + #include + + + + + + + Prefer node protecting backup path + + + + + Set preference order among tiebreakers + + u32:1-255 + The index integer value + + + + + + + #include + + + + + + + + + \ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-protocol.xml.i b/interface-definitions/include/isis/lfa-protocol.xml.i new file mode 100644 index 0000000..cfb1a6d --- /dev/null +++ b/interface-definitions/include/isis/lfa-protocol.xml.i @@ -0,0 +1,11 @@ + + + + Loop free alternate functionality + + + #include + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-remote.xml.i b/interface-definitions/include/isis/lfa-remote.xml.i new file mode 100644 index 0000000..8434e35 --- /dev/null +++ b/interface-definitions/include/isis/lfa-remote.xml.i @@ -0,0 +1,28 @@ + + + + Remote loop free alternate options + + + + + Filter PQ node router ID based on prefix list + + policy prefix-list + + + txt + Name of IPv4/IPv6 prefix-list + + + #include + + Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores + + + #include + + + + + \ No newline at end of file diff --git a/interface-definitions/include/isis/metric.xml.i b/interface-definitions/include/isis/metric.xml.i new file mode 100644 index 0000000..30e2cdc --- /dev/null +++ b/interface-definitions/include/isis/metric.xml.i @@ -0,0 +1,14 @@ + + + + Set default metric for circuit + + u32:0-16777215 + Default metric value + + + + + + + diff --git a/interface-definitions/include/isis/passive.xml.i b/interface-definitions/include/isis/passive.xml.i new file mode 100644 index 0000000..6d05f8c --- /dev/null +++ b/interface-definitions/include/isis/passive.xml.i @@ -0,0 +1,8 @@ + + + + Configure passive mode for interface + + + + diff --git a/interface-definitions/include/isis/password.xml.i b/interface-definitions/include/isis/password.xml.i new file mode 100644 index 0000000..27c3b0f --- /dev/null +++ b/interface-definitions/include/isis/password.xml.i @@ -0,0 +1,20 @@ + + + + Plain-text authentication type + + txt + Circuit password + + + + + + MD5 authentication type + + txt + Level-wide password + + + + diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i new file mode 100644 index 0000000..35ce80b --- /dev/null +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -0,0 +1,729 @@ + + + + Advertise high metric value on all interfaces + + + + + + Advertise prefixes of passive interfaces only + + + + + + Configure the authentication password for an area + + + #include + + + + + Control distribution of default information + + + + + Distribute a default route + + + + + Distribute default route for IPv4 + + + #include + + + + + Distribute default route for IPv6 + + + #include + + + + + + + + + Set the authentication password for a routing domain + + + #include + + + + + Dynamic hostname for IS-IS + + + + + + IS-IS level number + + level-1 level-1-2 level-2 + + + level-1 + Act as a station router + + + level-1-2 + Act as both a station and an area router + + + level-2 + Act as an area router + + + (level-1|level-1-2|level-2) + + + +#include + + + Minimum interval between regenerating same LSP + + u32:1-120 + Minimum interval in seconds + + + + + + + + + Configure the maximum size of generated LSPs + + u32:128-4352 + Maximum size of generated LSPs + + + + + + 1497 + + + + LSP refresh interval + + u32:1-65235 + LSP refresh interval in seconds + + + + + + + + + Maximum LSP lifetime + + u32:350-65535 + LSP lifetime in seconds + + + + + + + + + Use old-style (ISO 10589) or new-style packet formats + + narrow transition wide + + + narrow + Use old style of TLVs with narrow metric + + + transition + Send and accept both styles of TLVs during transition + + + wide + Use new style of TLVs to carry wider metric + + + (narrow|transition|wide) + + + +#include + + + Configure IS-IS topologies + + ipv4-multicast ipv4-mgmt ipv6-unicast ipv6-multicast ipv6-mgmt ipv6-dstsrc + + + ipv4-multicast + Use IPv4 multicast topology + + + ipv4-mgmt + Use IPv4 management topology + + + ipv6-unicast + Use IPv6 unicast topology + + + ipv6-multicast + Use IPv6 multicast topology + + + ipv6-mgmt + Use IPv6 management topology + + + ipv6-dstsrc + Use IPv6 dst-src topology + + + (ipv4-multicast|ipv4-mgmt|ipv6-unicast|ipv6-multicast|ipv6-mgmt|ipv6-dstsrc) + + + + + + IS-IS fast reroute configuration + + + #include + + +#include + + + Use the RFC 6232 purge-originator + + + + + + IS-IS traffic engineering extensions + + + + + Enable MPLS traffic engineering extensions + + + + + + + MPLS traffic engineering router ID + + ipv4 + IPv4 address + + + + + + + + + + + Segment-Routing (SPRING) settings + + + + + Segment Routing Global Block label range + + + #include + + + + + Segment Routing Local Block label range + + + #include + + + + + Maximum MPLS labels allowed for this router + + u32:1-16 + MPLS label depth + + + + + + + + + Static IPv4/IPv6 prefix segment/label mapping + + ipv4net + IPv4 prefix segment + + + ipv6net + IPv6 prefix segment + + + + + + + + + + Specify the absolute value of prefix segment/label ID + + + + + Specify the absolute value of prefix segment/label ID + + u32:16-1048575 + The absolute segment/label ID value + + + + + + + + + Request upstream neighbor to replace segment/label with explicit null label + + + + + + Do not request penultimate hop popping for segment/label + + + + + + + + Specify the index value of prefix segment/label ID + + + + + Specify the index value of prefix segment/label ID + + u32:0-65535 + The index segment/label ID value + + + + + + + + + Request upstream neighbor to replace segment/label with explicit null label + + + + + + Do not request penultimate hop popping for segment/label + + + + + + + + + + + + Redistribute information from another routing protocol + + + + + Redistribute IPv4 routes + + + + + Border Gateway Protocol (BGP) + + + #include + + + + + Redistribute connected routes into IS-IS + + + #include + + + + + Redistribute kernel routes into IS-IS + + + #include + + + + + Redistribute OSPF routes into IS-IS + + + #include + + + + + Redistribute RIP routes into IS-IS + + + #include + + + + + Redistribute Babel routes into IS-IS + + + #include + + + + + Redistribute static routes into IS-IS + + + #include + + + + + + + Redistribute IPv6 routes + + + + + Redistribute BGP routes into IS-IS + + + #include + + + + + Redistribute connected routes into IS-IS + + + #include + + + + + Redistribute kernel routes into IS-IS + + + #include + + + + + Redistribute OSPFv3 routes into IS-IS + + + #include + + + + + Redistribute RIPng routes into IS-IS + + + #include + + + + + Redistribute Babel routes into IS-IS + + + #include + + + + + Redistribute static routes into IS-IS + + + #include + + + + + + + + + Set attached bit to identify as L1/L2 router for inter-area traffic + + + + + + Set overload bit to avoid any transit traffic + + + + + + IETF SPF delay algorithm + + + + + Delay used while in QUIET state + + u32:0-60000 + Delay used while in QUIET state (in ms) + + + + + + + + + Delay used while in SHORT_WAIT state + + u32:0-60000 + Delay used while in SHORT_WAIT state (in ms) + + + + + + + + + Delay used while in LONG_WAIT + + u32:0-60000 + Delay used while in LONG_WAIT state in ms + + + + + + + + + Time with no received IGP events before considering IGP stable + + u32:0-60000 + Time with no received IGP events before considering IGP stable in ms + + + + + + + + + Maximum duration needed to learn all the events related to a single failure + + u32:0-60000 + Maximum duration needed to learn all the events related to a single failure in ms + + + + + + + + + + + Minimum interval between SPF calculations + + u32:1-120 + Interval in seconds + + + + + + + + + Interface params + + + + + + #include + + + Configure circuit type for interface + + level-1 level-1-2 level-2-only + + + level-1 + Level-1 only adjacencies are formed + + + level-1-2 + Level-1-2 adjacencies are formed + + + level-2-only + Level-2 only adjacencies are formed + + + (level-1|level-1-2|level-2-only) + + + + + + Add padding to IS-IS hello packets + + + + + + Set Hello interval + + u32:1-600 + Set Hello interval + + + + + + + + + Set Hello interval + + u32:2-100 + Set multiplier for Hello holding time + + + + + + + #include + #include + + + Set network type + + + + + point-to-point network type + + + + + + #include + + + Configure the authentication password for a circuit + + + #include + + + + + Set priority for Designated Router election + + u32:0-127 + Priority value + + + + + + + + + Set PSNP interval + + u32:0-127 + PSNP interval in seconds + + + + + + + + + Disable three-way handshake + + + + + + diff --git a/interface-definitions/include/isis/redistribute-level-1-2.xml.i b/interface-definitions/include/isis/redistribute-level-1-2.xml.i new file mode 100644 index 0000000..abb8527 --- /dev/null +++ b/interface-definitions/include/isis/redistribute-level-1-2.xml.i @@ -0,0 +1,20 @@ + + + + Redistribute into level-1 + + + #include + #include + + + + + Redistribute into level-2 + + + #include + #include + + + diff --git a/interface-definitions/include/listen-address-ipv4-single.xml.i b/interface-definitions/include/listen-address-ipv4-single.xml.i new file mode 100644 index 0000000..81e9479 --- /dev/null +++ b/interface-definitions/include/listen-address-ipv4-single.xml.i @@ -0,0 +1,17 @@ + + + + Local IPv4 addresses to listen on + + + + + ipv4 + IPv4 address to listen for incoming connections + + + + + + + diff --git a/interface-definitions/include/listen-address-ipv4.xml.i b/interface-definitions/include/listen-address-ipv4.xml.i new file mode 100644 index 0000000..9cca297 --- /dev/null +++ b/interface-definitions/include/listen-address-ipv4.xml.i @@ -0,0 +1,18 @@ + + + + Local IPv4 addresses to listen on + + + + + ipv4 + IPv4 address to listen for incoming connections + + + + + + + + diff --git a/interface-definitions/include/listen-address-single.xml.i b/interface-definitions/include/listen-address-single.xml.i new file mode 100644 index 0000000..6cc5aef --- /dev/null +++ b/interface-definitions/include/listen-address-single.xml.i @@ -0,0 +1,22 @@ + + + + Local IP addresses to listen on + + + + + ipv4 + IPv4 address to listen for incoming connections + + + ipv6 + IPv6 address to listen for incoming connections + + + + + + + + diff --git a/interface-definitions/include/listen-address-vrf.xml.i b/interface-definitions/include/listen-address-vrf.xml.i new file mode 100644 index 0000000..23ecc24 --- /dev/null +++ b/interface-definitions/include/listen-address-vrf.xml.i @@ -0,0 +1,24 @@ + + + + Local IP addresses to listen on + + + + + ipv4 + IPv4 address to listen for incoming connections + + + ipv6 + IPv6 address to listen for incoming connections + + + + + + + #include + + + diff --git a/interface-definitions/include/listen-address.xml.i b/interface-definitions/include/listen-address.xml.i new file mode 100644 index 0000000..2454f43 --- /dev/null +++ b/interface-definitions/include/listen-address.xml.i @@ -0,0 +1,23 @@ + + + + Local IP addresses to listen on + + + + + ipv4 + IPv4 address to listen for incoming connections + + + ipv6 + IPv6 address to listen for incoming connections + + + + + + + + + diff --git a/interface-definitions/include/listen-interface-multi-broadcast.xml.i b/interface-definitions/include/listen-interface-multi-broadcast.xml.i new file mode 100644 index 0000000..00bd45e --- /dev/null +++ b/interface-definitions/include/listen-interface-multi-broadcast.xml.i @@ -0,0 +1,18 @@ + + + + Interface to listen on + + + + + txt + Interface name + + + #include + + + + + diff --git a/interface-definitions/include/log-adjacency-changes.xml.i b/interface-definitions/include/log-adjacency-changes.xml.i new file mode 100644 index 0000000..a0628b8 --- /dev/null +++ b/interface-definitions/include/log-adjacency-changes.xml.i @@ -0,0 +1,8 @@ + + + + Log changes in adjacency state + + + + diff --git a/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i new file mode 100644 index 0000000..b326a65 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i @@ -0,0 +1,24 @@ + + + + Domain Name Servers (DNS) addresses to forward queries to + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + #include + + 53 + + + + diff --git a/interface-definitions/include/name-server-ipv4-ipv6.xml.i b/interface-definitions/include/name-server-ipv4-ipv6.xml.i new file mode 100644 index 0000000..cf483e5 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6.xml.i @@ -0,0 +1,19 @@ + + + + Domain Name Servers (DNS) addresses + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + diff --git a/interface-definitions/include/name-server-ipv4.xml.i b/interface-definitions/include/name-server-ipv4.xml.i new file mode 100644 index 0000000..0cf884e --- /dev/null +++ b/interface-definitions/include/name-server-ipv4.xml.i @@ -0,0 +1,15 @@ + + + + Domain Name Servers (DNS) addresses + + ipv4 + Domain Name Server (DNS) IPv4 address + + + + + + + + diff --git a/interface-definitions/include/name-server-ipv6.xml.i b/interface-definitions/include/name-server-ipv6.xml.i new file mode 100644 index 0000000..d4517c4 --- /dev/null +++ b/interface-definitions/include/name-server-ipv6.xml.i @@ -0,0 +1,15 @@ + + + + Domain Name Servers (DNS) addresses + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + diff --git a/interface-definitions/include/nat-address.xml.i b/interface-definitions/include/nat-address.xml.i new file mode 100644 index 0000000..a6460ac --- /dev/null +++ b/interface-definitions/include/nat-address.xml.i @@ -0,0 +1,39 @@ + + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + !ipv4 + Match everything except the specified address + + + !ipv4net + Match everything except the specified prefix + + + !ipv4range + Match everything except the specified range + + + + + + + + + + + + diff --git a/interface-definitions/include/nat-exclude.xml.i b/interface-definitions/include/nat-exclude.xml.i new file mode 100644 index 0000000..4d53cf8 --- /dev/null +++ b/interface-definitions/include/nat-exclude.xml.i @@ -0,0 +1,8 @@ + + + + Exclude packets matching this rule from NAT + + + + diff --git a/interface-definitions/include/nat-interface.xml.i b/interface-definitions/include/nat-interface.xml.i new file mode 100644 index 0000000..ef1ffc1 --- /dev/null +++ b/interface-definitions/include/nat-interface.xml.i @@ -0,0 +1,11 @@ + + + + Outbound interface of NAT traffic + + any + + + + + diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i new file mode 100644 index 0000000..5f762cf --- /dev/null +++ b/interface-definitions/include/nat-port.xml.i @@ -0,0 +1,26 @@ + + + + Port number + + txt + Named port (any name in /etc/services, e.g., http) + + + u32:1-65535 + Numeric IP port + + + start-end + Numbered port range (e.g. 1001-1005) + + + + \n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005' + + + + + + + diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i new file mode 100644 index 0000000..deb1352 --- /dev/null +++ b/interface-definitions/include/nat-rule.xml.i @@ -0,0 +1,325 @@ + + + + Rule number for NAT + + u32:1-999999 + Number of NAT rule + + + + + NAT rule number must be between 1 and 999999 + + + #include + + + NAT destination parameters + + + #include + #include + #include + + + #include + #include + + + Apply NAT load balance + + + #include + #include + + + #include + + + Packet type + + broadcast host multicast other + + + broadcast + Match broadcast packet type + + + host + Match host packet type, addressed to local host + + + multicast + Match multicast packet type + + + other + Match packet addressed to another host + + + (broadcast|host|multicast|other) + + + + + + Protocol to NAT + + all ip hopopt icmp igmp ggp ipencap st tcp egp igp pup udp tcp_udp hmp xns-idp rdp iso-tp4 dccp xtp ddp idpr-cmtp ipv6 ipv6-route ipv6-frag idrp rsvp gre esp ah skip ipv6-icmp ipv6-nonxt ipv6-opts rspf vmtp eigrp ospf ax.25 ipip etherip encap 99 pim ipcomp vrrp l2tp isis sctp fc mobility-header udplite mpls-in-ip manet hip shim6 wesp rohc + + + all + All IP protocols + + + ip + Internet Protocol, pseudo protocol number + + + hopopt + IPv6 Hop-by-Hop Option [RFC1883] + + + icmp + internet control message protocol + + + igmp + Internet Group Management + + + ggp + gateway-gateway protocol + + + ipencap + IP encapsulated in IP (officially IP) + + + st + ST datagram mode + + + tcp + transmission control protocol + + + egp + exterior gateway protocol + + + igp + any private interior gateway (Cisco) + + + pup + PARC universal packet protocol + + + udp + user datagram protocol + + + tcp_udp + Both TCP and UDP + + + hmp + host monitoring protocol + + + xns-idp + Xerox NS IDP + + + rdp + "reliable datagram" protocol + + + iso-tp4 + ISO Transport Protocol class 4 [RFC905] + + + dccp + Datagram Congestion Control Prot. [RFC4340] + + + xtp + Xpress Transfer Protocol + + + ddp + Datagram Delivery Protocol + + + idpr-cmtp + IDPR Control Message Transport + + + Ipv6 + Internet Protocol, version 6 + + + ipv6-route + Routing Header for IPv6 + + + ipv6-frag + Fragment Header for IPv6 + + + idrp + Inter-Domain Routing Protocol + + + rsvp + Reservation Protocol + + + gre + General Routing Encapsulation + + + esp + Encap Security Payload [RFC2406] + + + ah + Authentication Header [RFC2402] + + + skip + SKIP + + + ipv6-icmp + ICMP for IPv6 + + + ipv6-nonxt + No Next Header for IPv6 + + + ipv6-opts + Destination Options for IPv6 + + + rspf + Radio Shortest Path First (officially CPHB) + + + vmtp + Versatile Message Transport + + + eigrp + Enhanced Interior Routing Protocol (Cisco) + + + ospf + Open Shortest Path First IGP + + + ax.25 + AX.25 frames + + + ipip + IP-within-IP Encapsulation Protocol + + + etherip + Ethernet-within-IP Encapsulation [RFC3378] + + + encap + Yet Another IP encapsulation [RFC1241] + + + 99 + Any private encryption scheme + + + pim + Protocol Independent Multicast + + + ipcomp + IP Payload Compression Protocol + + + vrrp + Virtual Router Redundancy Protocol [RFC5798] + + + l2tp + Layer Two Tunneling Protocol [RFC2661] + + + isis + IS-IS over IPv4 + + + sctp + Stream Control Transmission Protocol + + + fc + Fibre Channel + + + mobility-header + Mobility Support for IPv6 [RFC3775] + + + udplite + UDP-Lite [RFC3828] + + + mpls-in-ip + MPLS-in-IP [RFC4023] + + + manet + MANET Protocols [RFC5498] + + + hip + Host Identity Protocol + + + shim6 + Shim6 Protocol + + + wesp + Wrapped Encapsulating Security Payload + + + rohc + Robust Header Compression + + + u32:0-255 + IP protocol number + + + + + + all + + + + NAT source parameters + + + #include + #include + #include + + + + + diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i new file mode 100644 index 0000000..c890059 --- /dev/null +++ b/interface-definitions/include/nat-translation-options.xml.i @@ -0,0 +1,49 @@ + + + + Translation options + + + + + Address mapping options + + persistent random + + + persistent + Gives a client the same source or destination-address for each connection + + + random + Random source or destination address allocation for each connection + + + (persistent|random) + + + random + + + + Port mapping options + + random none + + + random + Randomize source port mapping + + + none + Do not apply port randomization + + + (random|none) + + + none + + + + diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i new file mode 100644 index 0000000..6f17df3 --- /dev/null +++ b/interface-definitions/include/nat-translation-port.xml.i @@ -0,0 +1,18 @@ + + + + Port number + + u32:1-65535 + Numeric IP port + + + range + Numbered port range (e.g., 1001-1005) + + + + + + + diff --git a/interface-definitions/include/nat/protocol.xml.i b/interface-definitions/include/nat/protocol.xml.i new file mode 100644 index 0000000..54e7ff0 --- /dev/null +++ b/interface-definitions/include/nat/protocol.xml.i @@ -0,0 +1,34 @@ + + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + + diff --git a/interface-definitions/include/nat64/protocol.xml.i b/interface-definitions/include/nat64/protocol.xml.i new file mode 100644 index 0000000..a640873 --- /dev/null +++ b/interface-definitions/include/nat64/protocol.xml.i @@ -0,0 +1,27 @@ + + + + Apply translation address to a specfic protocol + + + + + Transmission Control Protocol + + + + + + User Datagram Protocol + + + + + + Internet Control Message Protocol + + + + + + diff --git a/interface-definitions/include/net.xml.i b/interface-definitions/include/net.xml.i new file mode 100644 index 0000000..10b54ee --- /dev/null +++ b/interface-definitions/include/net.xml.i @@ -0,0 +1,14 @@ + + + + A Network Entity Title for the process (ISO only) + + XX.XXXX. ... .XXX.XX + Network entity title (NET) + + + [a-fA-F0-9]{2}(\.[a-fA-F0-9]{4}){3,9}\.[a-fA-F0-9]{2} + + + + diff --git a/interface-definitions/include/openfabric/password.xml.i b/interface-definitions/include/openfabric/password.xml.i new file mode 100644 index 0000000..fa34a4d --- /dev/null +++ b/interface-definitions/include/openfabric/password.xml.i @@ -0,0 +1,20 @@ + + + + Use plain text password + + txt + Authentication password + + + + + + Use MD5 hash authentication + + txt + Authentication password + + + + diff --git a/interface-definitions/include/ospf/authentication.xml.i b/interface-definitions/include/ospf/authentication.xml.i new file mode 100644 index 0000000..8e8cad0 --- /dev/null +++ b/interface-definitions/include/ospf/authentication.xml.i @@ -0,0 +1,56 @@ + + + + Authentication + + + + + MD5 key id + + + + + MD5 key id + + u32:1-255 + MD5 key id + + + + + + + + + MD5 authentication type + + txt + MD5 Key (16 characters or less) + + + [^[:space:]]{1,16} + + Password must be 16 characters or less + + + + + + + + + Plain text password + + txt + Plain text password (8 characters or less) + + + [^[:space:]]{1,8} + + Password must be 8 characters or less + + + + + diff --git a/interface-definitions/include/ospf/auto-cost.xml.i b/interface-definitions/include/ospf/auto-cost.xml.i new file mode 100644 index 0000000..da6483a --- /dev/null +++ b/interface-definitions/include/ospf/auto-cost.xml.i @@ -0,0 +1,22 @@ + + + + Calculate interface cost according to bandwidth + + + + + Reference bandwidth method to assign cost + + u32:1-4294967 + Reference bandwidth cost in Mbits/sec + + + + + + 100 + + + + diff --git a/interface-definitions/include/ospf/default-information.xml.i b/interface-definitions/include/ospf/default-information.xml.i new file mode 100644 index 0000000..50cda54 --- /dev/null +++ b/interface-definitions/include/ospf/default-information.xml.i @@ -0,0 +1,25 @@ + + + + Default route advertisment settings + + + + + Distribute a default route + + + + + Always advertise a default route + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/include/ospf/distance-global.xml.i b/interface-definitions/include/ospf/distance-global.xml.i new file mode 100644 index 0000000..31809cb --- /dev/null +++ b/interface-definitions/include/ospf/distance-global.xml.i @@ -0,0 +1,14 @@ + + + + Administrative distance + + u32:1-255 + Administrative distance + + + + + + + diff --git a/interface-definitions/include/ospf/distance-per-protocol.xml.i b/interface-definitions/include/ospf/distance-per-protocol.xml.i new file mode 100644 index 0000000..da3f16c --- /dev/null +++ b/interface-definitions/include/ospf/distance-per-protocol.xml.i @@ -0,0 +1,38 @@ + + + + Distance for external routes + + u32:1-255 + Distance for external routes + + + + + + + + + Distance for inter-area routes + + u32:1-255 + Distance for inter-area routes + + + + + + + + + Distance for intra-area routes + + u32:1-255 + Distance for intra-area routes + + + + + + + diff --git a/interface-definitions/include/ospf/graceful-restart.xml.i b/interface-definitions/include/ospf/graceful-restart.xml.i new file mode 100644 index 0000000..37d9a7f --- /dev/null +++ b/interface-definitions/include/ospf/graceful-restart.xml.i @@ -0,0 +1,67 @@ + + + + Graceful Restart + + + + + Maximum length of the grace period + + u32:1-1800 + Maximum length of the grace period in seconds + + + + + + 120 + + + + OSPF graceful-restart helpers + + + + + Enable helper support + + + + + Advertising Router-ID + + ipv4 + Router-ID in IP address format + + + + + + + + + + + + Supported only planned restart + + + + + + Supported grace timer + + u32:10-1800 + Grace interval in seconds + + + + + + + + + + + diff --git a/interface-definitions/include/ospf/interface-common.xml.i b/interface-definitions/include/ospf/interface-common.xml.i new file mode 100644 index 0000000..9c8b94f --- /dev/null +++ b/interface-definitions/include/ospf/interface-common.xml.i @@ -0,0 +1,34 @@ + +#include + + + Interface cost + + u32:1-65535 + OSPF interface cost + + + + + + + + + Disable Maximum Transmission Unit (MTU) mismatch detection + + + + + + Router priority + + u32:0-255 + OSPF router priority cost + + + + + + 1 + + diff --git a/interface-definitions/include/ospf/intervals.xml.i b/interface-definitions/include/ospf/intervals.xml.i new file mode 100644 index 0000000..9f6e5df --- /dev/null +++ b/interface-definitions/include/ospf/intervals.xml.i @@ -0,0 +1,54 @@ + + + + Interval after which a neighbor is declared dead + + u32:1-65535 + Neighbor dead interval (seconds) + + + + + + 40 + + + + Interval between hello packets + + u32:1-65535 + Hello interval (seconds) + + + + + + 10 + + + + Interval between retransmitting lost link state advertisements + + u32:1-65535 + Retransmit interval (seconds) + + + + + + 5 + + + + Link state transmit delay + + u32:1-65535 + Link state transmit delay (seconds) + + + + + + 1 + + diff --git a/interface-definitions/include/ospf/log-adjacency-changes.xml.i b/interface-definitions/include/ospf/log-adjacency-changes.xml.i new file mode 100644 index 0000000..24c6cbe --- /dev/null +++ b/interface-definitions/include/ospf/log-adjacency-changes.xml.i @@ -0,0 +1,15 @@ + + + + Log adjacency state changes + + + + + Log all state changes + + + + + + diff --git a/interface-definitions/include/ospf/metric-type.xml.i b/interface-definitions/include/ospf/metric-type.xml.i new file mode 100644 index 0000000..de55c76 --- /dev/null +++ b/interface-definitions/include/ospf/metric-type.xml.i @@ -0,0 +1,15 @@ + + + + OSPF metric type for default routes + + u32:1-2 + Set OSPF External Type 1/2 metrics + + + + + + 2 + + diff --git a/interface-definitions/include/ospf/metric.xml.i b/interface-definitions/include/ospf/metric.xml.i new file mode 100644 index 0000000..64b455b --- /dev/null +++ b/interface-definitions/include/ospf/metric.xml.i @@ -0,0 +1,14 @@ + + + + OSPF default metric + + u32:0-16777214 + Default metric + + + + + + + diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i new file mode 100644 index 0000000..c4778e1 --- /dev/null +++ b/interface-definitions/include/ospf/protocol-common-config.xml.i @@ -0,0 +1,959 @@ + + + + External route aggregation + + + + + Delay timer + + u32:5-1800 + Timer interval in seconds + + + + + + 5 + + + + + + Access list to filter networks in routing updates + + policy access-list + + + u32 + Access-list number + + + + + + + + + Filter for outgoing routing update + + bgp connected kernel rip static + + + bgp + Filter BGP routes + + + connected + Filter connected routes + + + isis + Filter IS-IS routes + + + kernel + Filter Kernel routes + + + rip + Filter RIP routes + + + static + Filter static routes + + + (bgp|connected|isis|kernel|rip|static) + + Must be bgp, connected, kernel, rip, or static + + + + + + + + OSPF area settings + + u32 + OSPF area number in decimal notation + + + ipv4 + OSPF area number in dotted decimal notation + + + + + + + + + + Area type + + + + + Normal OSPF area + + + + + + Not-So-Stubby OSPF area + + + + + Summary-default cost of an NSSA area + + u32:0-16777215 + Summary default cost + + + + + + + + + Do not inject inter-area routes into stub + + + + + + Configure NSSA-ABR + + always candidate never + + + always + Always translate LSA types + + + candidate + Translate for election + + + never + Never translate LSA types + + + (always|candidate|never) + + + candidate + + + + + + Stub OSPF area + + + + + Summary-default cost + + u32:0-16777215 + Summary default cost + + + + + + + + + Do not inject inter-area routes into the stub + + + + + + + + + + OSPF area authentication type + + plaintext-password md5 + + + plaintext-password + Use plain-text authentication + + + md5 + Use MD5 authentication + + + (plaintext-password|md5) + + + + + + OSPF network + + ipv4net + OSPF network + + + + + + + + + + Summarize routes matching a prefix (border routers only) + + ipv4net + Area range prefix + + + + + + + + + Metric for this range + + u32:0-16777215 + Metric for this range + + + + + + + + + Do not advertise this range + + + + + + Advertise area range as another prefix + + ipv4net + Advertise area range as another prefix + + + + + + + + + + + Area shortcut mode + + default disable enable + + + default + Set default + + + disable + Disable shortcutting mode + + + enable + Enable shortcutting mode + + + (default|disable|enable) + + + + + + Set the filter for networks announced to other areas + + policy access-list + + + u32 + Access-list number + + + + + + + + + Set the filter for networks from other areas announced + + policy access-list + + + u32 + Access-list number + + + + + + + + + Virtual link + + ipv4 + OSPF area in dotted decimal notation + + + + + + + + #include + #include + + + + +#include + + + Enable specific OSPF features + + + + + Opaque LSA + + + + + +#include + + + Metric of redistributed routes + + u32:0-16777214 + Metric of redistributed routes + + + + + + +#include + + + + + + + Disable strict LSA check + + + + + + + + + + Maximum multiple paths (ECMP) + + u32:1-64 + Maximum multiple paths (ECMP) + + + + + + +#include + + + Administrative distance + + + #include + + + OSPF administrative distance + + + #include + + + + + + + Interface configuration + + + + + txt + Interface name + + + #include + + + + + + Enable OSPF on this interface + + protocols ospf area + + + u32 + OSPF area ID as decimal notation + + + ipv4 + OSPF area ID in IP address notation + + + + + + + + #include + #include + #include + #include + + + Interface bandwidth (Mbit/s) + + u32:1-100000 + Bandwidth in Megabit/sec (for calculating OSPF cost) + + + + + + + + + Hello multiplier factor + + u32:1-10 + Number of Hellos to send each second + + + + + + + + + Network type + + broadcast non-broadcast point-to-multipoint point-to-point + + + broadcast + Broadcast network type + + + non-broadcast + Non-broadcast network type + + + point-to-multipoint + Point-to-multipoint network type + + + point-to-point + Point-to-point network type + + + (broadcast|non-broadcast|point-to-multipoint|point-to-point) + + Must be broadcast, non-broadcast, point-to-multipoint or point-to-point + + + + + Suppress routing updates on an interface + + + #include + + + + +#include + + + OSPF maximum and infinite-distance metric + + + + + Advertise own Router-LSA with infinite distance (stub router) + + + + + Administratively apply, for an indefinite period + + + + + + Advertise stub-router prior to full shutdown of OSPF + + u32:5-100 + Time (seconds) to advertise self as stub-router + + + + + + + + + Automatically advertise stub Router-LSA on startup of OSPF + + u32:5-86400 + Time (seconds) to advertise self as stub-router + + + + + + + + + + + + + MultiProtocol Label Switching-Traffic Engineering (MPLS-TE) parameters + + + + + Enable MPLS-TE functionality + + + + + + Stable IP address of the advertising router + + ipv4 + Stable IP address of the advertising router + + + + + + 0.0.0.0 + + + + + + Specify neighbor router + + ipv4 + Neighbor IP address + + + + + + + + + Dead neighbor polling interval + + u32:1-65535 + Seconds between dead neighbor polling interval + + + + + + 60 + + + + Neighbor priority in seconds + + u32:0-255 + Neighbor priority + + + + + + 0 + + + + + + OSPF specific parameters + + + + + OSPF ABR type + + cisco ibm shortcut standard + + + cisco + Cisco ABR type + + + ibm + IBM ABR type + + + shortcut + Shortcut ABR type + + + standard + Standard ABR type + + + (cisco|ibm|shortcut|standard) + + + cisco + + + + Enable the Opaque-LSA capability (rfc2370) + + + + + + Enable RFC1583 criteria for handling AS external routes + + + + #include + + + + + Suppress routing updates on an interface + + default + + + default + Default to suppress routing updates on all interfaces + + + (default) + + + + + + Segment-Routing (SPRING) settings + + + + + Segment Routing Global Block label range + + + #include + + + + + Segment Routing Local Block label range + + + #include + + + + + Maximum MPLS labels allowed for this router + + u32:1-16 + MPLS label depth + + + + + + + + + Static IPv4 prefix segment/label mapping + + ipv4net + IPv4 prefix segment + + + + + + + + + Specify the index value of prefix segment/label ID + + + + + Specify the index value of prefix segment/label ID + + u32:0-65535 + The index segment/label ID value + + + + + + + + + Request upstream neighbor to replace segment/label with explicit null label + + + + + + Do not request penultimate hop popping for segment/label + + + + + + + + + + + + Redistribute information from another routing protocol + + + + + Redistribute BGP routes + + + #include + #include + #include + + + + + Redistribute connected routes + + + #include + #include + #include + + + + + Redistribute IS-IS routes + + + #include + #include + #include + + + + + Redistribute Kernel routes + + + #include + #include + #include + + + + + Redistribute RIP routes + + + #include + #include + #include + + + + + Redistribute Babel routes + + + #include + #include + #include + + + + + Redistribute statically configured routes + + + #include + #include + #include + + + + + Redistribute non-main Kernel Routing Table + + protocols static table + + + u32:1-200 + Policy route table number + + + + #include + #include + #include + + + + + + + Adjust refresh parameters + + + + + Refresh timer + + u32:10-1800 + Timer value in seconds + + + + + + + + + + + External summary address + + ipv4net + OSPF area number in dotted decimal notation + + + + + + + + + Don not advertise summary route + + + + + + Router tag + + u32:1-4294967295 + Router tag value + + + + + + + + + + + Adjust routing timers + + + + + Throttling adaptive timers + + + + + OSPF SPF timers + + + + + Delay from the first change received to SPF calculation + + u32:0-600000 + Delay in milliseconds + + + + + + 200 + + + + Initial hold time between consecutive SPF calculations + + u32:0-600000 + Initial hold time in milliseconds + + + + + + 1000 + + + + Maximum hold time + + u32:0-600000 + Max hold time in milliseconds + + + + + + 10000 + + + + + + + + diff --git a/interface-definitions/include/ospfv3/no-summary.xml.i b/interface-definitions/include/ospfv3/no-summary.xml.i new file mode 100644 index 0000000..a6afda3 --- /dev/null +++ b/interface-definitions/include/ospfv3/no-summary.xml.i @@ -0,0 +1,8 @@ + + + + Do not inject inter-area routes into the stub + + + + diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i new file mode 100644 index 0000000..72fb86d --- /dev/null +++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i @@ -0,0 +1,296 @@ + + + + OSPFv3 Area + + u32 + Area ID as a decimal value + + + ipv4 + Area ID in IP address forma + + + + + + + + + + OSPFv3 Area type + + + + + NSSA OSPFv3 area + + + + + Originate Type 7 default into NSSA area + + + + #include + + + + + Stub OSPFv3 area + + + #include + + + + + + + Name of export-list + + policy access-list6 + + + + + + Name of import-list + + policy access-list6 + + + + + + Specify IPv6 prefix (border routers only) + + ipv6net + Specify IPv6 prefix (border routers only) + + + + + + + + + Advertise this range + + + + + + Do not advertise this range + + + + + + + +#include +#include + + + Administrative distance + + + #include + + + OSPFv3 administrative distance + + + #include + + + + +#include + + + + + + + Disable strict LSA check + + + + + + + + + + Enable routing on an IPv6 interface + + + + + txt + Interface used for routing information exchange + + + #include + + + + + + Enable OSPF on this interface + + protocols ospfv3 area + + + u32 + OSPF area ID as decimal notation + + + ipv4 + OSPF area ID in IP address notation + + + + + + + + #include + #include + + + Interface MTU + + u32:1-65535 + Interface MTU + + + + + + + + + Instance ID + + u32:0-255 + Instance Id + + + + + + 0 + + + + Network type + + broadcast point-to-point + + + broadcast + Broadcast network type + + + point-to-point + Point-to-point network type + + + (broadcast|point-to-point) + + Must be broadcast or point-to-point + + + #include + + +#include + + + OSPFv3 specific parameters + + + #include + + + + + Redistribute information from another routing protocol + + + + + Redistribute Babel routes + + + #include + #include + #include + + + + + Redistribute BGP routes + + + #include + #include + #include + + + + + Redistribute connected routes + + + #include + #include + #include + + + + + Redistribute IS-IS routes + + + #include + #include + #include + + + + + Redistribute kernel routes + + + #include + #include + #include + + + + + Redistribute RIPNG routes + + + #include + #include + #include + + + + + Redistribute static routes + + + #include + #include + #include + + + + + diff --git a/interface-definitions/include/pim/bsm.xml.i b/interface-definitions/include/pim/bsm.xml.i new file mode 100644 index 0000000..cc2cf14 --- /dev/null +++ b/interface-definitions/include/pim/bsm.xml.i @@ -0,0 +1,14 @@ + + + + Do not process bootstrap messages + + + + + + Do not process unicast bootstrap messages + + + + diff --git a/interface-definitions/include/pim/dr-priority.xml.i b/interface-definitions/include/pim/dr-priority.xml.i new file mode 100644 index 0000000..e4b3067 --- /dev/null +++ b/interface-definitions/include/pim/dr-priority.xml.i @@ -0,0 +1,14 @@ + + + + Designated router election priority + + u32:1-4294967295 + DR Priority + + + + + + + diff --git a/interface-definitions/include/pim/hello.xml.i b/interface-definitions/include/pim/hello.xml.i new file mode 100644 index 0000000..0c7601b --- /dev/null +++ b/interface-definitions/include/pim/hello.xml.i @@ -0,0 +1,14 @@ + + + + Hello Interval + + u32:1-180 + Hello Interval in seconds + + + + + + + diff --git a/interface-definitions/include/pim/join-prune-interval.xml.i b/interface-definitions/include/pim/join-prune-interval.xml.i new file mode 100644 index 0000000..882787d --- /dev/null +++ b/interface-definitions/include/pim/join-prune-interval.xml.i @@ -0,0 +1,15 @@ + + + + Join prune send interval + + u32:1-65535 + Interval in seconds + + + + + + 60 + + diff --git a/interface-definitions/include/pim/keep-alive-timer.xml.i b/interface-definitions/include/pim/keep-alive-timer.xml.i new file mode 100644 index 0000000..0dd27d6 --- /dev/null +++ b/interface-definitions/include/pim/keep-alive-timer.xml.i @@ -0,0 +1,14 @@ + + + + Keep alive Timer + + u32:1-65535 + Keep alive Timer in seconds + + + + + + + diff --git a/interface-definitions/include/pim/packets.xml.i b/interface-definitions/include/pim/packets.xml.i new file mode 100644 index 0000000..1dc00c9 --- /dev/null +++ b/interface-definitions/include/pim/packets.xml.i @@ -0,0 +1,15 @@ + + + + Packets to process at once + + u32:1-255 + Number of packets + + + + + + 3 + + diff --git a/interface-definitions/include/pim/passive.xml.i b/interface-definitions/include/pim/passive.xml.i new file mode 100644 index 0000000..e4e9ca0 --- /dev/null +++ b/interface-definitions/include/pim/passive.xml.i @@ -0,0 +1,8 @@ + + + + Disable sending and receiving PIM control packets on the interface + + + + diff --git a/interface-definitions/include/pim/register-suppress-time.xml.i b/interface-definitions/include/pim/register-suppress-time.xml.i new file mode 100644 index 0000000..919945b --- /dev/null +++ b/interface-definitions/include/pim/register-suppress-time.xml.i @@ -0,0 +1,14 @@ + + + + Register suppress timer + + u32:1-65535 + Timer in seconds + + + + + + + diff --git a/interface-definitions/include/pki/ca-certificate-multi.xml.i b/interface-definitions/include/pki/ca-certificate-multi.xml.i new file mode 100644 index 0000000..646131b --- /dev/null +++ b/interface-definitions/include/pki/ca-certificate-multi.xml.i @@ -0,0 +1,15 @@ + + + + Certificate Authority chain in PKI configuration + + pki ca + + + txt + Name of CA in PKI configuration + + + + + diff --git a/interface-definitions/include/pki/ca-certificate.xml.i b/interface-definitions/include/pki/ca-certificate.xml.i new file mode 100644 index 0000000..b32bb67 --- /dev/null +++ b/interface-definitions/include/pki/ca-certificate.xml.i @@ -0,0 +1,14 @@ + + + + Certificate Authority in PKI configuration + + pki ca + + + txt + Name of CA in PKI configuration + + + + diff --git a/interface-definitions/include/pki/certificate-key.xml.i b/interface-definitions/include/pki/certificate-key.xml.i new file mode 100644 index 0000000..7f26d25 --- /dev/null +++ b/interface-definitions/include/pki/certificate-key.xml.i @@ -0,0 +1,12 @@ + +#include + + + Private key passphrase + + txt + Passphrase to decrypt the private key + + + + diff --git a/interface-definitions/include/pki/certificate-multi.xml.i b/interface-definitions/include/pki/certificate-multi.xml.i new file mode 100644 index 0000000..c49c5d9 --- /dev/null +++ b/interface-definitions/include/pki/certificate-multi.xml.i @@ -0,0 +1,15 @@ + + + + Certificate in PKI configuration + + pki certificate + + + txt + Name of certificate in PKI configuration + + + + + diff --git a/interface-definitions/include/pki/certificate.xml.i b/interface-definitions/include/pki/certificate.xml.i new file mode 100644 index 0000000..1ba70e0 --- /dev/null +++ b/interface-definitions/include/pki/certificate.xml.i @@ -0,0 +1,14 @@ + + + + Certificate in PKI configuration + + pki certificate + + + txt + Name of certificate in PKI configuration + + + + diff --git a/interface-definitions/include/pki/cli-certificate-base64.xml.i b/interface-definitions/include/pki/cli-certificate-base64.xml.i new file mode 100644 index 0000000..a3eff79 --- /dev/null +++ b/interface-definitions/include/pki/cli-certificate-base64.xml.i @@ -0,0 +1,11 @@ + + + + Certificate in PEM format + + + + Certificate is not base64-encoded + + + diff --git a/interface-definitions/include/pki/cli-private-key-base64.xml.i b/interface-definitions/include/pki/cli-private-key-base64.xml.i new file mode 100644 index 0000000..f57e9b1 --- /dev/null +++ b/interface-definitions/include/pki/cli-private-key-base64.xml.i @@ -0,0 +1,11 @@ + + + + Private key in PEM format + + + + Private key is not base64-encoded + + + diff --git a/interface-definitions/include/pki/cli-public-key-base64.xml.i b/interface-definitions/include/pki/cli-public-key-base64.xml.i new file mode 100644 index 0000000..f7cffae --- /dev/null +++ b/interface-definitions/include/pki/cli-public-key-base64.xml.i @@ -0,0 +1,11 @@ + + + + Public key in PEM format + + + + Public key is not base64-encoded + + + diff --git a/interface-definitions/include/pki/cli-revoke.xml.i b/interface-definitions/include/pki/cli-revoke.xml.i new file mode 100644 index 0000000..61cd978 --- /dev/null +++ b/interface-definitions/include/pki/cli-revoke.xml.i @@ -0,0 +1,8 @@ + + + + Include certificate in parent CRL + + + + diff --git a/interface-definitions/include/pki/dh-params.xml.i b/interface-definitions/include/pki/dh-params.xml.i new file mode 100644 index 0000000..a422df8 --- /dev/null +++ b/interface-definitions/include/pki/dh-params.xml.i @@ -0,0 +1,10 @@ + + + + Diffie Hellman parameters (server only) + + pki dh + + + + diff --git a/interface-definitions/include/pki/openssh-key.xml.i b/interface-definitions/include/pki/openssh-key.xml.i new file mode 100644 index 0000000..8f005d0 --- /dev/null +++ b/interface-definitions/include/pki/openssh-key.xml.i @@ -0,0 +1,14 @@ + + + + OpenSSH key in PKI configuration + + pki openssh + + + txt + Name of OpenSSH key in PKI configuration + + + + diff --git a/interface-definitions/include/pki/password-protected.xml.i b/interface-definitions/include/pki/password-protected.xml.i new file mode 100644 index 0000000..b72e4ec --- /dev/null +++ b/interface-definitions/include/pki/password-protected.xml.i @@ -0,0 +1,8 @@ + + + + Private key portion is password protected + + + + diff --git a/interface-definitions/include/pki/private-key.xml.i b/interface-definitions/include/pki/private-key.xml.i new file mode 100644 index 0000000..ae4e910 --- /dev/null +++ b/interface-definitions/include/pki/private-key.xml.i @@ -0,0 +1,30 @@ + + + + Private key + + + + + Private key in PKI configuration + + pki key-pair + + + txt + Name of private key in PKI configuration + + + + + + Private key passphrase + + txt + Passphrase to decrypt the private key + + + + + + diff --git a/interface-definitions/include/pki/public-key.xml.i b/interface-definitions/include/pki/public-key.xml.i new file mode 100644 index 0000000..3067bff --- /dev/null +++ b/interface-definitions/include/pki/public-key.xml.i @@ -0,0 +1,14 @@ + + + + Public key in PKI configuration + + pki key-pair + + + txt + Name of public key in PKI configuration + + + + diff --git a/interface-definitions/include/policy/action.xml.i b/interface-definitions/include/policy/action.xml.i new file mode 100644 index 0000000..5aa8655 --- /dev/null +++ b/interface-definitions/include/policy/action.xml.i @@ -0,0 +1,21 @@ + + + + Action to take on entries matching this rule + + permit deny + + + permit + Permit matching entries + + + deny + Deny matching entries + + + (permit|deny) + + + + diff --git a/interface-definitions/include/policy/community-clear.xml.i b/interface-definitions/include/policy/community-clear.xml.i new file mode 100644 index 0000000..0fd57cd --- /dev/null +++ b/interface-definitions/include/policy/community-clear.xml.i @@ -0,0 +1,8 @@ + + + + Completely remove communities attribute from a prefix + + + + diff --git a/interface-definitions/include/policy/community-value-list.xml.i b/interface-definitions/include/policy/community-value-list.xml.i new file mode 100644 index 0000000..8c665c5 --- /dev/null +++ b/interface-definitions/include/policy/community-value-list.xml.i @@ -0,0 +1,90 @@ + + + + local-as + no-advertise + no-export + internet + graceful-shutdown + accept-own + route-filter-translated-v4 + route-filter-v4 + route-filter-translated-v6 + route-filter-v6 + llgr-stale + no-llgr + accept-own-nexthop + blackhole + no-peer + + + + <AS:VAL> + Community number in <0-65535:0-65535> format + + + local-as + Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03 + + + no-advertise + Well-known communities value NO_ADVERTISE 0xFFFFFF02 + + + no-export + Well-known communities value NO_EXPORT 0xFFFFFF01 + + + internet + Well-known communities value 0 + + + graceful-shutdown + Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000 + + + accept-own + Well-known communities value ACCEPT_OWN 0xFFFF0001 + + + route-filter-translated-v4 + Well-known communities value ROUTE_FILTER_TRANSLATED_v4 0xFFFF0002 + + + route-filter-v4 + Well-known communities value ROUTE_FILTER_v4 0xFFFF0003 + + + route-filter-translated-v6 + Well-known communities value ROUTE_FILTER_TRANSLATED_v6 0xFFFF0004 + + + route-filter-v6 + Well-known communities value ROUTE_FILTER_v6 0xFFFF0005 + + + llgr-stale + Well-known communities value LLGR_STALE 0xFFFF0006 + + + no-llgr + Well-known communities value NO_LLGR 0xFFFF0007 + + + accept-own-nexthop + Well-known communities value accept-own-nexthop 0xFFFF0008 + + + blackhole + Well-known communities value BLACKHOLE 0xFFFF029A + + + no-peer + Well-known communities value NOPEER 0xFFFFFF04 + + + + local-as|no-advertise|no-export|internet|graceful-shutdown|accept-own|route-filter-translated-v4|route-filter-v4|route-filter-translated-v6|route-filter-v6|llgr-stale|no-llgr|accept-own-nexthop|blackhole|no-peer + + + diff --git a/interface-definitions/include/policy/extended-community-value-list.xml.i b/interface-definitions/include/policy/extended-community-value-list.xml.i new file mode 100644 index 0000000..33a279b --- /dev/null +++ b/interface-definitions/include/policy/extended-community-value-list.xml.i @@ -0,0 +1,15 @@ + + + ASN:NN + based on autonomous system number in format <0-65535:0-4294967295> + + + IP:NN + Based on a router-id IP address in format <IP:0-65535> + + + + +Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number + + diff --git a/interface-definitions/include/policy/host.xml.i b/interface-definitions/include/policy/host.xml.i new file mode 100644 index 0000000..ac017c6 --- /dev/null +++ b/interface-definitions/include/policy/host.xml.i @@ -0,0 +1,14 @@ + + + + Single host IP address to match + + ipv4 + Host address to match + + + + + + + diff --git a/interface-definitions/include/policy/inverse-mask.xml.i b/interface-definitions/include/policy/inverse-mask.xml.i new file mode 100644 index 0000000..cec69a8 --- /dev/null +++ b/interface-definitions/include/policy/inverse-mask.xml.i @@ -0,0 +1,14 @@ + + + + Network/netmask to match (requires network be defined) + + ipv4 + Inverse-mask to match + + + + + + + diff --git a/interface-definitions/include/policy/large-community-value-list.xml.i b/interface-definitions/include/policy/large-community-value-list.xml.i new file mode 100644 index 0000000..33b1f13 --- /dev/null +++ b/interface-definitions/include/policy/large-community-value-list.xml.i @@ -0,0 +1,10 @@ + + + Community in format <0-4294967295:0-4294967295:0-4294967295> + <GA:LDP1:LDP2> + + + + + + diff --git a/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i new file mode 100644 index 0000000..ffe73ee --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i @@ -0,0 +1,20 @@ + + + + IPv4 address or prefix + + ipv4 + Address to match against + + + ipv4net + Prefix to match against + + + + + + + + + diff --git a/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i new file mode 100644 index 0000000..d8fb6c0 --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i @@ -0,0 +1,20 @@ + + + + IPv6 address or prefix + + ipv6 + Address to match against + + + ipv6net + Prefix to match against + + + + + + + + + diff --git a/interface-definitions/include/policy/local-route_rule_protocol.xml.i b/interface-definitions/include/policy/local-route_rule_protocol.xml.i new file mode 100644 index 0000000..57582eb --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_protocol.xml.i @@ -0,0 +1,21 @@ + + + + Protocol to match (protocol name or number) + + + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + + + + + diff --git a/interface-definitions/include/policy/network.xml.i b/interface-definitions/include/policy/network.xml.i new file mode 100644 index 0000000..f2aea6b --- /dev/null +++ b/interface-definitions/include/policy/network.xml.i @@ -0,0 +1,14 @@ + + + + Network/netmask to match (requires inverse-mask be defined) + + ipv4net + Inverse-mask to match + + + + + + + diff --git a/interface-definitions/include/policy/prefix-list.xml.i b/interface-definitions/include/policy/prefix-list.xml.i new file mode 100644 index 0000000..5d7980e --- /dev/null +++ b/interface-definitions/include/policy/prefix-list.xml.i @@ -0,0 +1,14 @@ + + + + Prefix-list to use + + txt + Prefix-list to apply (IPv4) + + + policy prefix-list + + + + diff --git a/interface-definitions/include/policy/prefix-list6.xml.i b/interface-definitions/include/policy/prefix-list6.xml.i new file mode 100644 index 0000000..101702f --- /dev/null +++ b/interface-definitions/include/policy/prefix-list6.xml.i @@ -0,0 +1,14 @@ + + + + Prefix-list to use + + txt + Prefix-list to apply (IPv6) + + + policy prefix-list6 + + + + diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i new file mode 100644 index 0000000..19ffc05 --- /dev/null +++ b/interface-definitions/include/policy/route-common.xml.i @@ -0,0 +1,116 @@ + +#include +#include +#include +#include +#include +#include +#include +#include + + + Protocol to match (protocol name, number, or "all") + + + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + 0-255 + IP protocol number + + + !<protocol> + IP protocol number + + + + + + all + + + + Parameters for matching recently seen sources + + + + + Source addresses seen more than N times + + u32:1-255 + Source addresses seen more than N times + + + + + + + + + Source addresses seen in the last N seconds + + u32:0-4294967295 + Source addresses seen in the last N seconds + + + + + + + + +#include +#include +#include +#include + + + Time to match rule + + + + + Monthdays to match rule on + + + + + Date to start matching rule + + + + + Time of day to start matching rule + + + + + Date to stop matching rule + + + + + Time of day to stop matching rule + + + + + Interpret times for startdate, stopdate, starttime and stoptime to be UTC + + + + + + Weekdays to match rule on + + + + + diff --git a/interface-definitions/include/policy/route-ipv4.xml.i b/interface-definitions/include/policy/route-ipv4.xml.i new file mode 100644 index 0000000..c12abca --- /dev/null +++ b/interface-definitions/include/policy/route-ipv4.xml.i @@ -0,0 +1,14 @@ + + + + Source parameters + + + #include + #include + #include + #include + + +#include + diff --git a/interface-definitions/include/policy/route-ipv6.xml.i b/interface-definitions/include/policy/route-ipv6.xml.i new file mode 100644 index 0000000..d636a65 --- /dev/null +++ b/interface-definitions/include/policy/route-ipv6.xml.i @@ -0,0 +1,196 @@ + + + + Source parameters + + + #include + #include + #include + #include + + + + + ICMPv6 type and code information + + + + + ICMP type-name + + any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply packet-too-big + + + any + Any ICMP type/code + + + echo-reply + ICMP type/code name + + + pong + ICMP type/code name + + + destination-unreachable + ICMP type/code name + + + network-unreachable + ICMP type/code name + + + host-unreachable + ICMP type/code name + + + protocol-unreachable + ICMP type/code name + + + port-unreachable + ICMP type/code name + + + fragmentation-needed + ICMP type/code name + + + source-route-failed + ICMP type/code name + + + network-unknown + ICMP type/code name + + + host-unknown + ICMP type/code name + + + network-prohibited + ICMP type/code name + + + host-prohibited + ICMP type/code name + + + TOS-network-unreachable + ICMP type/code name + + + TOS-host-unreachable + ICMP type/code name + + + communication-prohibited + ICMP type/code name + + + host-precedence-violation + ICMP type/code name + + + precedence-cutoff + ICMP type/code name + + + source-quench + ICMP type/code name + + + redirect + ICMP type/code name + + + network-redirect + ICMP type/code name + + + host-redirect + ICMP type/code name + + + TOS-network-redirect + ICMP type/code name + + + TOS host-redirect + ICMP type/code name + + + echo-request + ICMP type/code name + + + ping + ICMP type/code name + + + router-advertisement + ICMP type/code name + + + router-solicitation + ICMP type/code name + + + time-exceeded + ICMP type/code name + + + ttl-exceeded + ICMP type/code name + + + ttl-zero-during-transit + ICMP type/code name + + + ttl-zero-during-reassembly + ICMP type/code name + + + parameter-problem + ICMP type/code name + + + ip-header-bad + ICMP type/code name + + + required-option-missing + ICMP type/code name + + + timestamp-request + ICMP type/code name + + + timestamp-reply + ICMP type/code name + + + address-mask-request + ICMP type/code name + + + address-mask-reply + ICMP type/code name + + + packet-too-big + ICMP type/code name + + + (any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big) + + + + + + + diff --git a/interface-definitions/include/policy/route-rule-action.xml.i b/interface-definitions/include/policy/route-rule-action.xml.i new file mode 100644 index 0000000..c2698db --- /dev/null +++ b/interface-definitions/include/policy/route-rule-action.xml.i @@ -0,0 +1,29 @@ + + + + Rule action + + accept reject return drop + + + accept + Accept matching entries + + + reject + Reject matching entries + + + return + Return from the current chain and continue at the next rule of the last chain + + + drop + Drop matching entries + + + (accept|reject|return|drop) + + + + diff --git a/interface-definitions/include/policy/tag.xml.i b/interface-definitions/include/policy/tag.xml.i new file mode 100644 index 0000000..ec25b93 --- /dev/null +++ b/interface-definitions/include/policy/tag.xml.i @@ -0,0 +1,14 @@ + + + + Route tag value + + u32:1-65535 + Route tag + + + + + + + diff --git a/interface-definitions/include/port-number-start-zero.xml.i b/interface-definitions/include/port-number-start-zero.xml.i new file mode 100644 index 0000000..04a1442 --- /dev/null +++ b/interface-definitions/include/port-number-start-zero.xml.i @@ -0,0 +1,15 @@ + + + + Port number used by connection + + u32:0-65535 + Numeric IP port + + + + + Port number must be in range 0 to 65535 + + + diff --git a/interface-definitions/include/port-number.xml.i b/interface-definitions/include/port-number.xml.i new file mode 100644 index 0000000..6820df0 --- /dev/null +++ b/interface-definitions/include/port-number.xml.i @@ -0,0 +1,15 @@ + + + + Port number used by connection + + u32:1-65535 + Numeric IP port + + + + + Port number must be in range 1 to 65535 + + + diff --git a/interface-definitions/include/port-port-range.xml.i b/interface-definitions/include/port-port-range.xml.i new file mode 100644 index 0000000..ce550f5 --- /dev/null +++ b/interface-definitions/include/port-port-range.xml.i @@ -0,0 +1,26 @@ + + + + Port number + + txt + Named port (any name in /etc/services, e.g., http) + + + u32:1-65535 + Numeric IP port + + + start-end + Numbered port range (e.g. 1001-1005) + + + + \n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005' + + + + + + + diff --git a/interface-definitions/include/pppoe-access-concentrator.xml.i b/interface-definitions/include/pppoe-access-concentrator.xml.i new file mode 100644 index 0000000..8a75dae --- /dev/null +++ b/interface-definitions/include/pppoe-access-concentrator.xml.i @@ -0,0 +1,11 @@ + + + + Access concentrator name + + #include + + Access-concentrator name can only contain alpha-numeric letters, hyphen and underscores(max. 100 characters) + + + diff --git a/interface-definitions/include/protocol-tcp-udp.xml.i b/interface-definitions/include/protocol-tcp-udp.xml.i new file mode 100644 index 0000000..c186c02 --- /dev/null +++ b/interface-definitions/include/protocol-tcp-udp.xml.i @@ -0,0 +1,22 @@ + + + + Protocol to be used (TCP/UDP) + + udp tcp + + + udp + Listen protocol UDP + + + tcp + Listen protocol TCP + + + (udp|tcp) + + + udp + + diff --git a/interface-definitions/include/qos/bandwidth-auto.xml.i b/interface-definitions/include/qos/bandwidth-auto.xml.i new file mode 100644 index 0000000..fa16a6c --- /dev/null +++ b/interface-definitions/include/qos/bandwidth-auto.xml.i @@ -0,0 +1,47 @@ + + + + Available bandwidth for this policy + + auto + + + auto + Bandwidth matches interface speed + + + <number> + Bits per second + + + <number>bit + Bits per second + + + <number>kbit + Kilobits per second + + + <number>mbit + Megabits per second + + + <number>gbit + Gigabits per second + + + <number>tbit + Terabits per second + + + <number>%% + Percentage of interface link speed + + + + (auto|\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%) + + + auto + + diff --git a/interface-definitions/include/qos/bandwidth.xml.i b/interface-definitions/include/qos/bandwidth.xml.i new file mode 100644 index 0000000..0e29b64 --- /dev/null +++ b/interface-definitions/include/qos/bandwidth.xml.i @@ -0,0 +1,39 @@ + + + + Available bandwidth for this policy + + <number> + Bits per second + + + <number>bit + Bits per second + + + <number>kbit + Kilobits per second + + + <number>mbit + Megabits per second + + + <number>gbit + Gigabits per second + + + <number>tbit + Terabits per second + + + <number>%% + Percentage of interface link speed + + + + (\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%) + + + + diff --git a/interface-definitions/include/qos/burst.xml.i b/interface-definitions/include/qos/burst.xml.i new file mode 100644 index 0000000..7616180 --- /dev/null +++ b/interface-definitions/include/qos/burst.xml.i @@ -0,0 +1,16 @@ + + + + Burst size for this class + + <number> + Bytes + + + <number><suffix> + Bytes with scaling suffix (kb, mb, gb) + + + 15k + + diff --git a/interface-definitions/include/qos/class-match-group.xml.i b/interface-definitions/include/qos/class-match-group.xml.i new file mode 100644 index 0000000..40e3b72 --- /dev/null +++ b/interface-definitions/include/qos/class-match-group.xml.i @@ -0,0 +1,15 @@ + + + + Filter group for QoS policy + + txt + Match group name + + + + + + + + diff --git a/interface-definitions/include/qos/class-match-ipv4-address.xml.i b/interface-definitions/include/qos/class-match-ipv4-address.xml.i new file mode 100644 index 0000000..8e84c98 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv4-address.xml.i @@ -0,0 +1,19 @@ + + + + IPv4 destination address for this match + + ipv4 + IPv4 address + + + ipv4net + IPv4 prefix + + + + + + + + diff --git a/interface-definitions/include/qos/class-match-ipv4.xml.i b/interface-definitions/include/qos/class-match-ipv4.xml.i new file mode 100644 index 0000000..dc44d32 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv4.xml.i @@ -0,0 +1,31 @@ + + + + Match IP protocol header + + + + + Match on destination port or address + + + #include + #include + + + #include + #include + #include + + + Match on source port or address + + + #include + #include + + + #include + + + diff --git a/interface-definitions/include/qos/class-match-ipv6-address.xml.i b/interface-definitions/include/qos/class-match-ipv6-address.xml.i new file mode 100644 index 0000000..fd73881 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv6-address.xml.i @@ -0,0 +1,14 @@ + + + + IPv6 destination address for this match + + ipv6net + IPv6 address and prefix length + + + + + + + diff --git a/interface-definitions/include/qos/class-match-ipv6.xml.i b/interface-definitions/include/qos/class-match-ipv6.xml.i new file mode 100644 index 0000000..ed7acef --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv6.xml.i @@ -0,0 +1,31 @@ + + + + Match IPv6 protocol header + + + + + Match on destination port or address + + + #include + #include + + + #include + #include + #include + + + Match on source port or address + + + #include + #include + + + #include + + + diff --git a/interface-definitions/include/qos/class-match-mark.xml.i b/interface-definitions/include/qos/class-match-mark.xml.i new file mode 100644 index 0000000..a7481c6 --- /dev/null +++ b/interface-definitions/include/qos/class-match-mark.xml.i @@ -0,0 +1,14 @@ + + + + Match on mark applied by firewall + + u32 + FW mark to match + + + + + + + diff --git a/interface-definitions/include/qos/class-match-vif.xml.i b/interface-definitions/include/qos/class-match-vif.xml.i new file mode 100644 index 0000000..ec58db6 --- /dev/null +++ b/interface-definitions/include/qos/class-match-vif.xml.i @@ -0,0 +1,15 @@ + + + + Virtual Local Area Network (VLAN) ID for this match + + u32:0-4095 + Virtual Local Area Network (VLAN) tag + + + + + VLAN ID must be between 0 and 4095 + + + diff --git a/interface-definitions/include/qos/class-match.xml.i b/interface-definitions/include/qos/class-match.xml.i new file mode 100644 index 0000000..77d1933 --- /dev/null +++ b/interface-definitions/include/qos/class-match.xml.i @@ -0,0 +1,98 @@ + + + + Class matching rule name + + [^-].* + + Match queue name cannot start with hyphen + + + #include + + + Ethernet header match + + + + + Ethernet destination address for this match + + macaddr + MAC address to match + + + + + + + + + Ethernet protocol for this match + + + all 802.1Q 802_2 802_3 aarp aoe arp atalk dec ip ipv6 ipx lat localtalk rarp snap x25 + + + u32:0-65535 + Ethernet protocol number + + + txt + Ethernet protocol name + + + all + Any protocol + + + ip + Internet IP (IPv4) + + + ipv6 + Internet IP (IPv6) + + + arp + Address Resolution Protocol + + + atalk + Appletalk + + + ipx + Novell Internet Packet Exchange + + + 802.1Q + 802.1Q VLAN tag + + + + + + + + + Ethernet source address for this match + + macaddr + MAC address to match + + + + + + + + + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/qos/class-police-exceed.xml.i b/interface-definitions/include/qos/class-police-exceed.xml.i new file mode 100644 index 0000000..ee2ce16 --- /dev/null +++ b/interface-definitions/include/qos/class-police-exceed.xml.i @@ -0,0 +1,66 @@ + + + + Default action for packets exceeding the limiter + + continue drop ok reclassify pipe + + + continue + Do not do anything, just continue with the next action in line + + + drop + Drop the packet immediately + + + ok + Accept the packet + + + reclassify + Treat the packet as non-matching to the filter this action is attached to and continue with the next filter in line (if any) + + + pipe + Pass the packet to the next action in line + + + (continue|drop|ok|reclassify|pipe) + + + drop + + + + Default action for packets not exceeding the limiter + + continue drop ok reclassify pipe + + + continue + Do not do anything, just continue with the next action in line + + + drop + Drop the packet immediately + + + ok + Accept the packet + + + reclassify + Treat the packet as non-matching to the filter this action is attached to and continue with the next filter in line (if any) + + + pipe + Pass the packet to the next action in line + + + (continue|drop|ok|reclassify|pipe) + + + ok + + diff --git a/interface-definitions/include/qos/class-priority.xml.i b/interface-definitions/include/qos/class-priority.xml.i new file mode 100644 index 0000000..3fd848c --- /dev/null +++ b/interface-definitions/include/qos/class-priority.xml.i @@ -0,0 +1,15 @@ + + + + Priority for rule evaluation + + u32:0-20 + Priority for match rule evaluation + + + + + Priority must be between 0 and 20 + + + diff --git a/interface-definitions/include/qos/codel-quantum.xml.i b/interface-definitions/include/qos/codel-quantum.xml.i new file mode 100644 index 0000000..bc24630 --- /dev/null +++ b/interface-definitions/include/qos/codel-quantum.xml.i @@ -0,0 +1,16 @@ + + + + Deficit in the fair queuing algorithm + + u32:0-1048576 + Number of bytes used as 'deficit' + + + + + Interval must be in range 0 to 1048576 + + 1514 + + diff --git a/interface-definitions/include/qos/flows.xml.i b/interface-definitions/include/qos/flows.xml.i new file mode 100644 index 0000000..a7d7c64 --- /dev/null +++ b/interface-definitions/include/qos/flows.xml.i @@ -0,0 +1,16 @@ + + + + Number of flows into which the incoming packets are classified + + u32:1-65536 + Number of flows + + + + + Interval must be in range 1 to 65536 + + 1024 + + diff --git a/interface-definitions/include/qos/hfsc-d.xml.i b/interface-definitions/include/qos/hfsc-d.xml.i new file mode 100644 index 0000000..2a51350 --- /dev/null +++ b/interface-definitions/include/qos/hfsc-d.xml.i @@ -0,0 +1,15 @@ + + + + Service curve delay + + <number> + Time in milliseconds + + + + + Priority must be between 0 and 65535 + + + diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i new file mode 100644 index 0000000..21b9c4f --- /dev/null +++ b/interface-definitions/include/qos/hfsc-m1.xml.i @@ -0,0 +1,32 @@ + + + + Linkshare m1 parameter for class traffic + + <number> + Rate in kbit (kilobit per second) + + + <number>%% + Percentage of overall rate + + + <number>bit + bit(1), kbit(10^3), mbit(10^6), gbit, tbit + + + <number>ibit + kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4) + + + <number>ibps + kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec + + + <number>bps + bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec + + + 0bit + + diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i new file mode 100644 index 0000000..24e8f5d --- /dev/null +++ b/interface-definitions/include/qos/hfsc-m2.xml.i @@ -0,0 +1,32 @@ + + + + Linkshare m2 parameter for class traffic + + <number> + Rate in kbit (kilobit per second) + + + <number>%% + Percentage of overall rate + + + <number>bit + bit(1), kbit(10^3), mbit(10^6), gbit, tbit + + + <number>ibit + kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4) + + + <number>ibps + kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec + + + <number>bps + bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec + + + 100% + + diff --git a/interface-definitions/include/qos/interval.xml.i b/interface-definitions/include/qos/interval.xml.i new file mode 100644 index 0000000..41896ac --- /dev/null +++ b/interface-definitions/include/qos/interval.xml.i @@ -0,0 +1,16 @@ + + + + Interval used to measure the delay + + u32 + Interval in milliseconds + + + + + Interval must be in range 0 to 4294967295 + + 100 + + diff --git a/interface-definitions/include/qos/match-dscp.xml.i b/interface-definitions/include/qos/match-dscp.xml.i new file mode 100644 index 0000000..2d2fd0a --- /dev/null +++ b/interface-definitions/include/qos/match-dscp.xml.i @@ -0,0 +1,142 @@ + + + + Match on Differentiated Services Codepoint (DSCP) + + default reliability throughput lowdelay priority immediate flash flash-override critical internet network AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF + + + u32:0-63 + Differentiated Services Codepoint (DSCP) value + + + default + match DSCP (000000) + + + reliability + match DSCP (000001) + + + throughput + match DSCP (000010) + + + lowdelay + match DSCP (000100) + + + priority + match DSCP (001000) + + + immediate + match DSCP (010000) + + + flash + match DSCP (011000) + + + flash-override + match DSCP (100000) + + + critical + match DSCP (101000) + + + internet + match DSCP (110000) + + + network + match DSCP (111000) + + + AF11 + High-throughput data + + + AF12 + High-throughput data + + + AF13 + High-throughput data + + + AF21 + Low-latency data + + + AF22 + Low-latency data + + + AF23 + Low-latency data + + + AF31 + Multimedia streaming + + + AF32 + Multimedia streaming + + + AF33 + Multimedia streaming + + + AF41 + Multimedia conferencing + + + AF42 + Multimedia conferencing + + + AF43 + Multimedia conferencing + + + CS1 + Low-priority data + + + CS2 + OAM + + + CS3 + Broadcast video + + + CS4 + Real-time interactive + + + CS5 + Signaling + + + CS6 + Network control + + + CS7 + + + + EF + Expedited Forwarding + + + + (default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF) + + + + diff --git a/interface-definitions/include/qos/max-length.xml.i b/interface-definitions/include/qos/max-length.xml.i new file mode 100644 index 0000000..64cdd02 --- /dev/null +++ b/interface-definitions/include/qos/max-length.xml.i @@ -0,0 +1,15 @@ + + + + Maximum packet length + + u32:1-65535 + Maximum packet/payload length + + + + + Maximum packet length is 65535 + + + diff --git a/interface-definitions/include/qos/mtu.xml.i b/interface-definitions/include/qos/mtu.xml.i new file mode 100644 index 0000000..161d4c2 --- /dev/null +++ b/interface-definitions/include/qos/mtu.xml.i @@ -0,0 +1,14 @@ + + + + MTU size for this class + + u32:256-65535 + Bytes + + + + + + + diff --git a/interface-definitions/include/qos/queue-average-packet.xml.i b/interface-definitions/include/qos/queue-average-packet.xml.i new file mode 100644 index 0000000..2f8bfe2 --- /dev/null +++ b/interface-definitions/include/qos/queue-average-packet.xml.i @@ -0,0 +1,16 @@ + + + + Average packet size (bytes) + + u32:16-10240 + Average packet size in bytes + + + + + Average packet size must be between 16 and 10240 + + 1024 + + diff --git a/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i b/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i new file mode 100644 index 0000000..2f2d446 --- /dev/null +++ b/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i @@ -0,0 +1,15 @@ + + + + Maximum queue size + + u32:1-4294967295 + Queue size in packets + + + + + Queue limit must be greater than zero + + + diff --git a/interface-definitions/include/qos/queue-limit-2-10999.xml.i b/interface-definitions/include/qos/queue-limit-2-10999.xml.i new file mode 100644 index 0000000..7a9c826 --- /dev/null +++ b/interface-definitions/include/qos/queue-limit-2-10999.xml.i @@ -0,0 +1,16 @@ + + + + Upper limit of the queue + + u32:2-10999 + Queue size in packets + + + + + Queue limit must greater than 1 and less than 11000 + + 10240 + + diff --git a/interface-definitions/include/qos/queue-mark-probability.xml.i b/interface-definitions/include/qos/queue-mark-probability.xml.i new file mode 100644 index 0000000..1a28628 --- /dev/null +++ b/interface-definitions/include/qos/queue-mark-probability.xml.i @@ -0,0 +1,16 @@ + + + + Mark probability for random detection + + u32 + Numeric value (1/N) + + + + + Mark probability must be greater than 0 + + 10 + + diff --git a/interface-definitions/include/qos/queue-maximum-threshold.xml.i b/interface-definitions/include/qos/queue-maximum-threshold.xml.i new file mode 100644 index 0000000..66d17cc --- /dev/null +++ b/interface-definitions/include/qos/queue-maximum-threshold.xml.i @@ -0,0 +1,16 @@ + + + + Maximum threshold for random detection + + u32:0-4096 + Maximum threshold in packets + + + + + Threshold must be between 0 and 4096 + + 18 + + diff --git a/interface-definitions/include/qos/queue-minimum-threshold.xml.i b/interface-definitions/include/qos/queue-minimum-threshold.xml.i new file mode 100644 index 0000000..81e12d6 --- /dev/null +++ b/interface-definitions/include/qos/queue-minimum-threshold.xml.i @@ -0,0 +1,15 @@ + + + + Minimum threshold for random detection + + u32:0-4096 + Minimum threshold in packets + + + + + Threshold must be between 0 and 4096 + + + diff --git a/interface-definitions/include/qos/queue-type.xml.i b/interface-definitions/include/qos/queue-type.xml.i new file mode 100644 index 0000000..c7d4cde --- /dev/null +++ b/interface-definitions/include/qos/queue-type.xml.i @@ -0,0 +1,33 @@ + + + + Queue type for default traffic + + drop-tail fair-queue fq-codel priority random-detect + + + drop-tail + First-In-First-Out (FIFO) + + + fair-queue + Stochastic Fair Queue (SFQ) + + + fq-codel + Fair Queue Codel + + + priority + Priority queuing + + + random-detect + Random Early Detection (RED) + + + (drop-tail|fair-queue|fq-codel|priority|random-detect) + + + + diff --git a/interface-definitions/include/qos/set-dscp.xml.i b/interface-definitions/include/qos/set-dscp.xml.i new file mode 100644 index 0000000..07f3378 --- /dev/null +++ b/interface-definitions/include/qos/set-dscp.xml.i @@ -0,0 +1,143 @@ + + + + Change the Differentiated Services (DiffServ) field in the IP header + + default reliability throughput lowdelay priority immediate flash flash-override critical internet network AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF + + + u32:0-63 + Priority order for bandwidth pool + + + default + match DSCP (000000) + + + reliability + match DSCP (000001) + + + throughput + match DSCP (000010) + + + lowdelay + match DSCP (000100) + + + priority + match DSCP (001000) + + + immediate + match DSCP (010000) + + + flash + match DSCP (011000) + + + flash-override + match DSCP (100000) + + + critical + match DSCP (101000) + + + internet + match DSCP (110000) + + + network + match DSCP (111000) + + + AF11 + High-throughput data + + + AF12 + High-throughput data + + + AF13 + High-throughput data + + + AF21 + Low-latency data + + + AF22 + Low-latency data + + + AF23 + Low-latency data + + + AF31 + Multimedia streaming + + + AF32 + Multimedia streaming + + + AF33 + Multimedia streaming + + + AF41 + Multimedia conferencing + + + AF42 + Multimedia conferencing + + + AF43 + Multimedia conferencing + + + CS1 + Low-priority data + + + CS2 + OAM + + + CS3 + Broadcast video + + + CS4 + Real-time interactive + + + CS5 + Signaling + + + CS6 + Network control + + + CS7 + + + + EF + Expedited Forwarding + + + + (default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF) + + Priority must be between 0 and 63 + + + diff --git a/interface-definitions/include/qos/target.xml.i b/interface-definitions/include/qos/target.xml.i new file mode 100644 index 0000000..bf6342a --- /dev/null +++ b/interface-definitions/include/qos/target.xml.i @@ -0,0 +1,16 @@ + + + + Acceptable minimum standing/persistent queue delay + + u32 + Queue delay in milliseconds + + + + + Delay must be in range 0 to 4294967295 + + 5 + + diff --git a/interface-definitions/include/qos/tcp-flags.xml.i b/interface-definitions/include/qos/tcp-flags.xml.i new file mode 100644 index 0000000..81d70d1 --- /dev/null +++ b/interface-definitions/include/qos/tcp-flags.xml.i @@ -0,0 +1,21 @@ + + + + TCP Flags matching + + + + + Match TCP ACK + + + + + + Match TCP SYN + + + + + + diff --git a/interface-definitions/include/radius-acct-server-ipv4.xml.i b/interface-definitions/include/radius-acct-server-ipv4.xml.i new file mode 100644 index 0000000..9365aa8 --- /dev/null +++ b/interface-definitions/include/radius-acct-server-ipv4.xml.i @@ -0,0 +1,26 @@ + + + + RADIUS accounting for users OpenConnect VPN sessions OpenConnect authentication mode radius + + + + + RADIUS server configuration + + ipv4 + RADIUS server IPv4 address + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/include/radius-auth-server-ipv4.xml.i b/interface-definitions/include/radius-auth-server-ipv4.xml.i new file mode 100644 index 0000000..dc6f4d8 --- /dev/null +++ b/interface-definitions/include/radius-auth-server-ipv4.xml.i @@ -0,0 +1,27 @@ + + + + RADIUS based user authentication + + + #include + + + RADIUS server configuration + + ipv4 + RADIUS server IPv4 address + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/include/radius-nas-identifier.xml.i b/interface-definitions/include/radius-nas-identifier.xml.i new file mode 100644 index 0000000..8e6933c --- /dev/null +++ b/interface-definitions/include/radius-nas-identifier.xml.i @@ -0,0 +1,7 @@ + + + + NAS-Identifier attribute sent to RADIUS + + + diff --git a/interface-definitions/include/radius-nas-ip-address.xml.i b/interface-definitions/include/radius-nas-ip-address.xml.i new file mode 100644 index 0000000..8d0a3fd --- /dev/null +++ b/interface-definitions/include/radius-nas-ip-address.xml.i @@ -0,0 +1,14 @@ + + + + NAS-IP-Address attribute sent to RADIUS + + + + + ipv4 + NAS-IP-Address attribute + + + + diff --git a/interface-definitions/include/radius-priority.xml.i b/interface-definitions/include/radius-priority.xml.i new file mode 100644 index 0000000..f77f501 --- /dev/null +++ b/interface-definitions/include/radius-priority.xml.i @@ -0,0 +1,14 @@ + + + + Server priority + + u32:1-255 + Server priority + + + + + + + diff --git a/interface-definitions/include/radius-server-acct-port.xml.i b/interface-definitions/include/radius-server-acct-port.xml.i new file mode 100644 index 0000000..0b356fa --- /dev/null +++ b/interface-definitions/include/radius-server-acct-port.xml.i @@ -0,0 +1,15 @@ + + + + Accounting port + + u32:1-65535 + Numeric IP port + + + + + + 1813 + + diff --git a/interface-definitions/include/radius-server-auth-port.xml.i b/interface-definitions/include/radius-server-auth-port.xml.i new file mode 100644 index 0000000..d9ea1d4 --- /dev/null +++ b/interface-definitions/include/radius-server-auth-port.xml.i @@ -0,0 +1,6 @@ + +#include + + 1812 + + diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i new file mode 100644 index 0000000..e454b90 --- /dev/null +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -0,0 +1,51 @@ + + + + RADIUS based user authentication + + + + + RADIUS server configuration + + ipv4 + RADIUS server IPv4 address + + + ipv6 + RADIUS server IPv6 address + + + + + + + #include + #include + #include + + + #include + + + Security mode for RADIUS authentication + + mandatory optional + + + mandatory + Deny access immediately if RADIUS answers with Access-Reject + + + optional + Pass to the next authentication method if RADIUS answers with Access-Reject + + + (mandatory|optional) + + + optional + + + + diff --git a/interface-definitions/include/radius-server-key.xml.i b/interface-definitions/include/radius-server-key.xml.i new file mode 100644 index 0000000..dd5cdb0 --- /dev/null +++ b/interface-definitions/include/radius-server-key.xml.i @@ -0,0 +1,15 @@ + + + + Shared secret key + + txt + Password string (key) + + + [[:ascii:]]{1,128} + + Password must be less then 128 characters + + + diff --git a/interface-definitions/include/radius-timeout.xml.i b/interface-definitions/include/radius-timeout.xml.i new file mode 100644 index 0000000..22bb6d3 --- /dev/null +++ b/interface-definitions/include/radius-timeout.xml.i @@ -0,0 +1,16 @@ + + + + Session timeout + + u32:1-240 + Session timeout in seconds (default: 2) + + + + + Timeout must be between 1 and 240 seconds + + 2 + + diff --git a/interface-definitions/include/rip/access-list.xml.i b/interface-definitions/include/rip/access-list.xml.i new file mode 100644 index 0000000..8799aa9 --- /dev/null +++ b/interface-definitions/include/rip/access-list.xml.i @@ -0,0 +1,39 @@ + + + + Access-list + + + + + Access list to apply to input packets + + u32 + Access list to apply to input packets + + + policy access-list + + + + + + + + + Access list to apply to output packets + + u32 + Access list to apply to output packets + + + policy access-list + + + + + + + + + diff --git a/interface-definitions/include/rip/access-list6.xml.i b/interface-definitions/include/rip/access-list6.xml.i new file mode 100644 index 0000000..7321352 --- /dev/null +++ b/interface-definitions/include/rip/access-list6.xml.i @@ -0,0 +1,39 @@ + + + + Access-list + + + + + Access list to apply to input packets + + u32 + Access list to apply to input packets + + + policy access-list6 + + + + + + + + + Access list to apply to output packets + + u32 + Access list to apply to output packets + + + policy access-list6 + + + + + + + + + diff --git a/interface-definitions/include/rip/default-information.xml.i b/interface-definitions/include/rip/default-information.xml.i new file mode 100644 index 0000000..957fb3a --- /dev/null +++ b/interface-definitions/include/rip/default-information.xml.i @@ -0,0 +1,15 @@ + + + + Control distribution of default route + + + + + Distribute a default route + + + + + + diff --git a/interface-definitions/include/rip/default-metric.xml.i b/interface-definitions/include/rip/default-metric.xml.i new file mode 100644 index 0000000..c0f1f9b --- /dev/null +++ b/interface-definitions/include/rip/default-metric.xml.i @@ -0,0 +1,14 @@ + + + + Metric of redistributed routes + + u32:1-16 + Default metric + + + + + + + diff --git a/interface-definitions/include/rip/interface.xml.i b/interface-definitions/include/rip/interface.xml.i new file mode 100644 index 0000000..7c64d07 --- /dev/null +++ b/interface-definitions/include/rip/interface.xml.i @@ -0,0 +1,33 @@ + + + + Interface name + + + + + txt + Interface name + + + #include + + + + + + Split horizon parameters + + + #include + + + Disable split horizon on specified interface + + + + + + + + diff --git a/interface-definitions/include/rip/prefix-list.xml.i b/interface-definitions/include/rip/prefix-list.xml.i new file mode 100644 index 0000000..8e806aa --- /dev/null +++ b/interface-definitions/include/rip/prefix-list.xml.i @@ -0,0 +1,33 @@ + + + + Prefix-list + + + + + Prefix-list to apply to input packets + + txt + Prefix-list to apply to input packets + + + policy prefix-list + + + + + + Prefix-list to apply to output packets + + txt + Prefix-list to apply to output packets + + + policy prefix-list + + + + + + diff --git a/interface-definitions/include/rip/prefix-list6.xml.i b/interface-definitions/include/rip/prefix-list6.xml.i new file mode 100644 index 0000000..84b6846 --- /dev/null +++ b/interface-definitions/include/rip/prefix-list6.xml.i @@ -0,0 +1,33 @@ + + + + Prefix-list + + + + + Prefix-list to apply to input packets + + txt + Prefix-list to apply to input packets + + + policy prefix-list6 + + + + + + Prefix-list to apply to output packets + + txt + Prefix-list to apply to output packets + + + policy prefix-list6 + + + + + + diff --git a/interface-definitions/include/rip/redistribute.xml.i b/interface-definitions/include/rip/redistribute.xml.i new file mode 100644 index 0000000..34154a5 --- /dev/null +++ b/interface-definitions/include/rip/redistribute.xml.i @@ -0,0 +1,15 @@ + + + + Metric for redistributed routes + + u32:1-16 + Redistribute route metric + + + + + + +#include + diff --git a/interface-definitions/include/rip/timers.xml.i b/interface-definitions/include/rip/timers.xml.i new file mode 100644 index 0000000..771a670 --- /dev/null +++ b/interface-definitions/include/rip/timers.xml.i @@ -0,0 +1,48 @@ + + + + RIPng timer values + + + + + Garbage collection timer + + u32:5-2147483647 + Garbage colletion time + + + + + + 120 + + + + Routing information timeout timer + + u32:5-2147483647 + Routing information timeout timer + + + + + + 180 + + + + Routing table update timer + + u32:5-2147483647 + Routing table update timer in seconds + + + + + + 30 + + + + diff --git a/interface-definitions/include/rip/version.xml.i b/interface-definitions/include/rip/version.xml.i new file mode 100644 index 0000000..61458b2 --- /dev/null +++ b/interface-definitions/include/rip/version.xml.i @@ -0,0 +1,18 @@ + + + + Limit RIP protocol version + + 1 + Allow RIPv1 only + + + 2 + Allow RIPv2 only + + + + + + + diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i new file mode 100644 index 0000000..e49c388 --- /dev/null +++ b/interface-definitions/include/route-map.xml.i @@ -0,0 +1,18 @@ + + + + Specify route-map name to use + + policy route-map + + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + diff --git a/interface-definitions/include/router-id.xml.i b/interface-definitions/include/router-id.xml.i new file mode 100644 index 0000000..272a8b6 --- /dev/null +++ b/interface-definitions/include/router-id.xml.i @@ -0,0 +1,14 @@ + + + + Override default router identifier + + ipv4 + Router-ID in IP address format + + + + + + + diff --git a/interface-definitions/include/routing-passive-interface.xml.i b/interface-definitions/include/routing-passive-interface.xml.i new file mode 100644 index 0000000..8fa0d0f --- /dev/null +++ b/interface-definitions/include/routing-passive-interface.xml.i @@ -0,0 +1,24 @@ + + + + Suppress routing updates on an interface + + default + + + + txt + Interface to be passive (i.e. suppress routing updates) + + + default + Default to suppress routing updates on all interfaces + + + (default) + #include + + + + + diff --git a/interface-definitions/include/segment-routing-label-value.xml.i b/interface-definitions/include/segment-routing-label-value.xml.i new file mode 100644 index 0000000..05e1edd --- /dev/null +++ b/interface-definitions/include/segment-routing-label-value.xml.i @@ -0,0 +1,26 @@ + + + + MPLS label lower bound + + u32:16-1048575 + Label value (recommended minimum value: 300) + + + + + + + + + MPLS label upper bound + + u32:16-1048575 + Label value + + + + + + + diff --git a/interface-definitions/include/server-ipv4-fqdn.xml.i b/interface-definitions/include/server-ipv4-fqdn.xml.i new file mode 100644 index 0000000..7bab981 --- /dev/null +++ b/interface-definitions/include/server-ipv4-fqdn.xml.i @@ -0,0 +1,15 @@ + + + + Remote server to connect to + + ipv4 + Server IPv4 address + + + hostname + Server hostname/FQDN + + + + diff --git a/interface-definitions/include/snmp/access-mode.xml.i b/interface-definitions/include/snmp/access-mode.xml.i new file mode 100644 index 0000000..7469805 --- /dev/null +++ b/interface-definitions/include/snmp/access-mode.xml.i @@ -0,0 +1,23 @@ + + + + Define access permission + + ro rw + + + ro + Read-Only + + + rw + read write + + + (ro|rw) + + Authorization type must be either 'rw' or 'ro' + + ro + + diff --git a/interface-definitions/include/snmp/authentication-type.xml.i b/interface-definitions/include/snmp/authentication-type.xml.i new file mode 100644 index 0000000..047d8cf --- /dev/null +++ b/interface-definitions/include/snmp/authentication-type.xml.i @@ -0,0 +1,22 @@ + + + + Define used protocol + + md5 sha + + + md5 + Message Digest 5 + + + sha + Secure Hash Algorithm + + + (md5|sha) + + + md5 + + diff --git a/interface-definitions/include/snmp/privacy-type.xml.i b/interface-definitions/include/snmp/privacy-type.xml.i new file mode 100644 index 0000000..d5fd1e8 --- /dev/null +++ b/interface-definitions/include/snmp/privacy-type.xml.i @@ -0,0 +1,22 @@ + + + + Defines the protocol for privacy + + des aes + + + des + Data Encryption Standard + + + aes + Advanced Encryption Standard + + + (des|aes) + + + des + + diff --git a/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i new file mode 100644 index 0000000..d56ca5b --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i @@ -0,0 +1,22 @@ + + + + Source IP address used to initiate connection + + + + + ipv4 + IPv4 source address + + + ipv6 + IPv6 source address + + + + + + + + diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i new file mode 100644 index 0000000..af3f9bb --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i @@ -0,0 +1,21 @@ + + + + Source IP address used to initiate connection + + + + + ipv4 + IPv4 source address + + + ipv6 + IPv6 source address + + + + + + + diff --git a/interface-definitions/include/source-address-ipv4-multi.xml.i b/interface-definitions/include/source-address-ipv4-multi.xml.i new file mode 100644 index 0000000..319a118 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-multi.xml.i @@ -0,0 +1,18 @@ + + + + IPv4 source address used to initiate connection + + + + + ipv4 + IPv4 source address + + + + + + + + diff --git a/interface-definitions/include/source-address-ipv4.xml.i b/interface-definitions/include/source-address-ipv4.xml.i new file mode 100644 index 0000000..0526781 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4.xml.i @@ -0,0 +1,17 @@ + + + + IPv4 source address used to initiate connection + + + + + ipv4 + IPv4 source address + + + + + + + diff --git a/interface-definitions/include/source-interface-ethernet.xml.i b/interface-definitions/include/source-interface-ethernet.xml.i new file mode 100644 index 0000000..e06e47d --- /dev/null +++ b/interface-definitions/include/source-interface-ethernet.xml.i @@ -0,0 +1,14 @@ + + + + Physical interface the traffic will go through + + interface + Physical interface used for traffic forwarding + + + + + + + diff --git a/interface-definitions/include/source-interface.xml.i b/interface-definitions/include/source-interface.xml.i new file mode 100644 index 0000000..40fdc6c --- /dev/null +++ b/interface-definitions/include/source-interface.xml.i @@ -0,0 +1,17 @@ + + + + Interface used to establish connection + + interface + Interface name + + + + + + #include + + + + diff --git a/interface-definitions/include/ssh-group.xml.i b/interface-definitions/include/ssh-group.xml.i new file mode 100644 index 0000000..9c8b869 --- /dev/null +++ b/interface-definitions/include/ssh-group.xml.i @@ -0,0 +1,12 @@ + + + + Allow members of a group to login + + [a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters or more than 32 characters + + + + diff --git a/interface-definitions/include/ssh-user.xml.i b/interface-definitions/include/ssh-user.xml.i new file mode 100644 index 0000000..6ac1f35 --- /dev/null +++ b/interface-definitions/include/ssh-user.xml.i @@ -0,0 +1,12 @@ + + + + Allow specific users to login + + [-_a-zA-Z0-9.]{1,100} + + Illegal characters or more than 100 characters + + + + diff --git a/interface-definitions/include/static/static-route-bfd.xml.i b/interface-definitions/include/static/static-route-bfd.xml.i new file mode 100644 index 0000000..d588b36 --- /dev/null +++ b/interface-definitions/include/static/static-route-bfd.xml.i @@ -0,0 +1,36 @@ + + + + BFD monitoring + + + #include + + + Use BFD multi hop session + + + + + Use source for BFD session + + ipv4 + IPv4 source address + + + ipv6 + IPv6 source address + + + + + + + #include + + + + + + + diff --git a/interface-definitions/include/static/static-route-blackhole.xml.i b/interface-definitions/include/static/static-route-blackhole.xml.i new file mode 100644 index 0000000..487f775 --- /dev/null +++ b/interface-definitions/include/static/static-route-blackhole.xml.i @@ -0,0 +1,11 @@ + + + + Silently discard pkts when matched + + + #include + #include + + + diff --git a/interface-definitions/include/static/static-route-distance.xml.i b/interface-definitions/include/static/static-route-distance.xml.i new file mode 100644 index 0000000..a651b98 --- /dev/null +++ b/interface-definitions/include/static/static-route-distance.xml.i @@ -0,0 +1,14 @@ + + + + Distance for this route + + u32:1-255 + Distance for this route + + + + + + + diff --git a/interface-definitions/include/static/static-route-interface.xml.i b/interface-definitions/include/static/static-route-interface.xml.i new file mode 100644 index 0000000..cb54368 --- /dev/null +++ b/interface-definitions/include/static/static-route-interface.xml.i @@ -0,0 +1,17 @@ + + + + Gateway interface name + + + + + txt + Gateway interface name + + + #include + + + + diff --git a/interface-definitions/include/static/static-route-reject.xml.i b/interface-definitions/include/static/static-route-reject.xml.i new file mode 100644 index 0000000..ef713ac --- /dev/null +++ b/interface-definitions/include/static/static-route-reject.xml.i @@ -0,0 +1,11 @@ + + + + Emit an ICMP unreachable when matched + + + #include + #include + + + diff --git a/interface-definitions/include/static/static-route-segments.xml.i b/interface-definitions/include/static/static-route-segments.xml.i new file mode 100644 index 0000000..2068b1a --- /dev/null +++ b/interface-definitions/include/static/static-route-segments.xml.i @@ -0,0 +1,14 @@ + + + + SRv6 segments + + txt + Segs (SIDs) + + + + + + + diff --git a/interface-definitions/include/static/static-route-tag.xml.i b/interface-definitions/include/static/static-route-tag.xml.i new file mode 100644 index 0000000..24bfa73 --- /dev/null +++ b/interface-definitions/include/static/static-route-tag.xml.i @@ -0,0 +1,14 @@ + + + + Tag value for this route + + u32:1-4294967295 + Tag value for this route + + + + + + + diff --git a/interface-definitions/include/static/static-route-vrf.xml.i b/interface-definitions/include/static/static-route-vrf.xml.i new file mode 100644 index 0000000..e1968f0 --- /dev/null +++ b/interface-definitions/include/static/static-route-vrf.xml.i @@ -0,0 +1,19 @@ + + + + VRF to leak route + + default + vrf name + + + txt + Name of VRF to leak to + + + (default) + + + + + diff --git a/interface-definitions/include/static/static-route.xml.i b/interface-definitions/include/static/static-route.xml.i new file mode 100644 index 0000000..29921a7 --- /dev/null +++ b/interface-definitions/include/static/static-route.xml.i @@ -0,0 +1,60 @@ + + + + Static IPv4 route + + ipv4net + IPv4 static route + + + + + + + #include + #include + #include + #include + + + Next-hop IPv4 router interface + + + + + txt + Gateway interface name + + + #include + + + + #include + #include + #include + + + + + Next-hop IPv4 router address + + ipv4 + Next-hop router address + + + + + + + #include + #include + #include + #include + #include + + + + + + diff --git a/interface-definitions/include/static/static-route6.xml.i b/interface-definitions/include/static/static-route6.xml.i new file mode 100644 index 0000000..4468c80 --- /dev/null +++ b/interface-definitions/include/static/static-route6.xml.i @@ -0,0 +1,60 @@ + + + + Static IPv6 route + + ipv6net + IPv6 static route + + + + + + + #include + #include + #include + + + IPv6 gateway interface name + + + + + txt + Gateway interface name + + + #include + + + + #include + #include + #include + #include + + + + + IPv6 gateway address + + ipv6 + Next-hop IPv6 router + + + + + + + #include + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/include/stunnel/address.xml.i b/interface-definitions/include/stunnel/address.xml.i new file mode 100644 index 0000000..d2901d5 --- /dev/null +++ b/interface-definitions/include/stunnel/address.xml.i @@ -0,0 +1,20 @@ + + + + Hostname or IP address + + ipv4 + IPv4 address + + + hostname + hostname + + + + + + Invalid FQDN or IP address + + + diff --git a/interface-definitions/include/stunnel/connect.xml.i b/interface-definitions/include/stunnel/connect.xml.i new file mode 100644 index 0000000..cd6246a --- /dev/null +++ b/interface-definitions/include/stunnel/connect.xml.i @@ -0,0 +1,11 @@ + + + + Connect to a remote address + + + #include + #include + + + diff --git a/interface-definitions/include/stunnel/listen.xml.i b/interface-definitions/include/stunnel/listen.xml.i new file mode 100644 index 0000000..13d0986 --- /dev/null +++ b/interface-definitions/include/stunnel/listen.xml.i @@ -0,0 +1,11 @@ + + + + Accept connections on specified address + + + #include + #include + + + diff --git a/interface-definitions/include/stunnel/protocol-options.xml.i b/interface-definitions/include/stunnel/protocol-options.xml.i new file mode 100644 index 0000000..2f02028 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-options.xml.i @@ -0,0 +1,75 @@ + + + + Advanced protocol options + + + + + Authentication type for the protocol negotiations + + basic ntlm plain login + + + basic + The default 'connect' authentication type + + + ntlm + Supported authentication types for the 'connect' protocol + + + plain + The default 'smtp' authentication type + + + login + Supported authentication types for the 'smtp' protocol + + + (basic|ntlm|plain|login) + + + + + + Domain for the 'connect' protocol. + + domain + domain + + + + + + + + + Destination address for the 'connect' protocol + + + #include + #include + + + + + Password for the protocol negotiations + + txt + Authentication password + + + + + + Username for the protocol negotiations + + txt + Authentication username + + + + + + diff --git a/interface-definitions/include/stunnel/protocol-value-cifs.xml.i b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i new file mode 100644 index 0000000..5b94847 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i @@ -0,0 +1,6 @@ + + + cifs + Proprietary (undocummented) extension of CIFS protocol + + diff --git a/interface-definitions/include/stunnel/protocol-value-connect.xml.i b/interface-definitions/include/stunnel/protocol-value-connect.xml.i new file mode 100644 index 0000000..3c30e71 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-connect.xml.i @@ -0,0 +1,6 @@ + + + connect + Based on RFC 2817 - Upgrading to TLS Within HTTP/1.1, section 5.2 - Requesting a Tunnel with CONNECT + + diff --git a/interface-definitions/include/stunnel/protocol-value-imap.xml.i b/interface-definitions/include/stunnel/protocol-value-imap.xml.i new file mode 100644 index 0000000..033e547 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-imap.xml.i @@ -0,0 +1,6 @@ + + + imap + Based on RFC 2595 - Using TLS with IMAP, POP3 and ACAP + + diff --git a/interface-definitions/include/stunnel/protocol-value-nntp.xml.i b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i new file mode 100644 index 0000000..60a6c02 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i @@ -0,0 +1,6 @@ + + + nntp + Based on RFC 4642 - Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) + + diff --git a/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i new file mode 100644 index 0000000..fd3a166 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i @@ -0,0 +1,6 @@ + + + pgsql + Based on PostgreSQL frontend/backend protocol + + diff --git a/interface-definitions/include/stunnel/protocol-value-pop3.xml.i b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i new file mode 100644 index 0000000..1c8af53 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i @@ -0,0 +1,6 @@ + + + pop3 + Based on RFC 2449 - POP3 Extension Mechanism + + diff --git a/interface-definitions/include/stunnel/protocol-value-proxy.xml.i b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i new file mode 100644 index 0000000..a4c20d1 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i @@ -0,0 +1,6 @@ + + + proxy + Passing of the original client IP address with HAProxy PROXY protocol version 1 + + diff --git a/interface-definitions/include/stunnel/protocol-value-smtp.xml.i b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i new file mode 100644 index 0000000..66ca204 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i @@ -0,0 +1,6 @@ + + + smtp + Based on RFC 2487 - SMTP Service Extension for Secure SMTP over TLS + + diff --git a/interface-definitions/include/stunnel/protocol-value-socks.xml.i b/interface-definitions/include/stunnel/protocol-value-socks.xml.i new file mode 100644 index 0000000..e110be5 --- /dev/null +++ b/interface-definitions/include/stunnel/protocol-value-socks.xml.i @@ -0,0 +1,6 @@ + + + socks + SOCKS versions 4, 4a, and 5 are supported + + diff --git a/interface-definitions/include/stunnel/psk.xml.i b/interface-definitions/include/stunnel/psk.xml.i new file mode 100644 index 0000000..db11a93 --- /dev/null +++ b/interface-definitions/include/stunnel/psk.xml.i @@ -0,0 +1,30 @@ + + + + Pre-shared key name + + + + + ID for authentication + + txt + ID used for authentication + + + + + + pre-shared secret key + + txt + pre-shared secret key are required to be at least 16 bytes long, which implies at least 32 characters for hexadecimal key + + + + + + + + + diff --git a/interface-definitions/include/stunnel/ssl.xml.i b/interface-definitions/include/stunnel/ssl.xml.i new file mode 100644 index 0000000..8aba299 --- /dev/null +++ b/interface-definitions/include/stunnel/ssl.xml.i @@ -0,0 +1,11 @@ + + + + SSL Certificate, SSL Key and CA + + + #include + #include + + + diff --git a/interface-definitions/include/syslog-facility.xml.i b/interface-definitions/include/syslog-facility.xml.i new file mode 100644 index 0000000..e6138a1 --- /dev/null +++ b/interface-definitions/include/syslog-facility.xml.i @@ -0,0 +1,149 @@ + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + err + + + + diff --git a/interface-definitions/include/system-ip-nht.xml.i b/interface-definitions/include/system-ip-nht.xml.i new file mode 100644 index 0000000..4074043 --- /dev/null +++ b/interface-definitions/include/system-ip-nht.xml.i @@ -0,0 +1,15 @@ + + + + Filter Next Hop tracking route resolution + + + + + Do not resolve via default route + + + + + + diff --git a/interface-definitions/include/system-ip-protocol.xml.i b/interface-definitions/include/system-ip-protocol.xml.i new file mode 100644 index 0000000..c630eb3 --- /dev/null +++ b/interface-definitions/include/system-ip-protocol.xml.i @@ -0,0 +1,56 @@ + + + + Filter routing info exchanged between routing protocol and zebra + + any babel bgp connected eigrp isis kernel ospf rip static table + + + any + Any of the above protocols + + + babel + Babel routing protocol + + + bgp + Border Gateway Protocol + + + connected + Connected routes (directly attached subnet or host) + + + eigrp + Enhanced Interior Gateway Routing Protocol + + + isis + Intermediate System to Intermediate System + + + kernel + Kernel routes (not installed via the zebra RIB) + + + ospf + Open Shortest Path First (OSPFv2) + + + rip + Routing Information Protocol + + + static + Statically configured routes + + + (any|babel|bgp|connected|eigrp|isis|kernel|ospf|rip|static|table) + + + + #include + + + \ No newline at end of file diff --git a/interface-definitions/include/system-ipv6-protocol.xml.i b/interface-definitions/include/system-ipv6-protocol.xml.i new file mode 100644 index 0000000..485776a --- /dev/null +++ b/interface-definitions/include/system-ipv6-protocol.xml.i @@ -0,0 +1,52 @@ + + + + Filter routing info exchanged between routing protocol and zebra + + any babel bgp connected isis kernel ospfv3 ripng static table + + + any + Any of the above protocols + + + babel + Babel routing protocol + + + bgp + Border Gateway Protocol + + + connected + Connected routes (directly attached subnet or host) + + + isis + Intermediate System to Intermediate System + + + kernel + Kernel routes (not installed via the zebra RIB) + + + ospfv3 + Open Shortest Path First (OSPFv3) + + + ripng + Routing Information Protocol next-generation + + + static + Statically configured routes + + + (any|babel|bgp|connected|isis|kernel|ospfv3|ripng|static|table) + + + + #include + + + diff --git a/interface-definitions/include/tls-version-min.xml.i b/interface-definitions/include/tls-version-min.xml.i new file mode 100644 index 0000000..b3dcbad --- /dev/null +++ b/interface-definitions/include/tls-version-min.xml.i @@ -0,0 +1,29 @@ + + + + Specify the minimum required TLS version + + 1.0 1.1 1.2 1.3 + + + 1.0 + TLS v1.0 + + + 1.1 + TLS v1.1 + + + 1.2 + TLS v1.2 + + + 1.3 + TLS v1.3 + + + (1.0|1.1|1.2|1.3) + + + + diff --git a/interface-definitions/include/url-http-https.xml.i b/interface-definitions/include/url-http-https.xml.i new file mode 100644 index 0000000..f763c2b --- /dev/null +++ b/interface-definitions/include/url-http-https.xml.i @@ -0,0 +1,15 @@ + + + + Remote URL + + url + Remote HTTP(S) URL + + + + + Invalid HTTP(S) URL format + + + diff --git a/interface-definitions/include/version/bgp-version.xml.i b/interface-definitions/include/version/bgp-version.xml.i new file mode 100644 index 0000000..6bed718 --- /dev/null +++ b/interface-definitions/include/version/bgp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/broadcast-relay-version.xml.i b/interface-definitions/include/version/broadcast-relay-version.xml.i new file mode 100644 index 0000000..98481f4 --- /dev/null +++ b/interface-definitions/include/version/broadcast-relay-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/cluster-version.xml.i b/interface-definitions/include/version/cluster-version.xml.i new file mode 100644 index 0000000..402fe36 --- /dev/null +++ b/interface-definitions/include/version/cluster-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/config-management-version.xml.i b/interface-definitions/include/version/config-management-version.xml.i new file mode 100644 index 0000000..695ba09 --- /dev/null +++ b/interface-definitions/include/version/config-management-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/conntrack-sync-version.xml.i b/interface-definitions/include/version/conntrack-sync-version.xml.i new file mode 100644 index 0000000..f040c29 --- /dev/null +++ b/interface-definitions/include/version/conntrack-sync-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i new file mode 100644 index 0000000..6995ce1 --- /dev/null +++ b/interface-definitions/include/version/conntrack-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/container-version.xml.i b/interface-definitions/include/version/container-version.xml.i new file mode 100644 index 0000000..ed6e942 --- /dev/null +++ b/interface-definitions/include/version/container-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/dhcp-relay-version.xml.i b/interface-definitions/include/version/dhcp-relay-version.xml.i new file mode 100644 index 0000000..75f5d54 --- /dev/null +++ b/interface-definitions/include/version/dhcp-relay-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/dhcp-server-version.xml.i b/interface-definitions/include/version/dhcp-server-version.xml.i new file mode 100644 index 0000000..71f3d4a --- /dev/null +++ b/interface-definitions/include/version/dhcp-server-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/dhcpv6-server-version.xml.i b/interface-definitions/include/version/dhcpv6-server-version.xml.i new file mode 100644 index 0000000..8b72a9c --- /dev/null +++ b/interface-definitions/include/version/dhcpv6-server-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i new file mode 100644 index 0000000..346385c --- /dev/null +++ b/interface-definitions/include/version/dns-dynamic-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/dns-forwarding-version.xml.i b/interface-definitions/include/version/dns-forwarding-version.xml.i new file mode 100644 index 0000000..86121ae --- /dev/null +++ b/interface-definitions/include/version/dns-forwarding-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i new file mode 100644 index 0000000..a15cf0e --- /dev/null +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/flow-accounting-version.xml.i b/interface-definitions/include/version/flow-accounting-version.xml.i new file mode 100644 index 0000000..5b01fe4 --- /dev/null +++ b/interface-definitions/include/version/flow-accounting-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/https-version.xml.i b/interface-definitions/include/version/https-version.xml.i new file mode 100644 index 0000000..525314d --- /dev/null +++ b/interface-definitions/include/version/https-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/ids-version.xml.i b/interface-definitions/include/version/ids-version.xml.i new file mode 100644 index 0000000..9133be0 --- /dev/null +++ b/interface-definitions/include/version/ids-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i new file mode 100644 index 0000000..2915b31 --- /dev/null +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/ipoe-server-version.xml.i b/interface-definitions/include/version/ipoe-server-version.xml.i new file mode 100644 index 0000000..b7718fc --- /dev/null +++ b/interface-definitions/include/version/ipoe-server-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i new file mode 100644 index 0000000..a4d556c --- /dev/null +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/isis-version.xml.i b/interface-definitions/include/version/isis-version.xml.i new file mode 100644 index 0000000..f50329b --- /dev/null +++ b/interface-definitions/include/version/isis-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/l2tp-version.xml.i b/interface-definitions/include/version/l2tp-version.xml.i new file mode 100644 index 0000000..5397407 --- /dev/null +++ b/interface-definitions/include/version/l2tp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/lldp-version.xml.i b/interface-definitions/include/version/lldp-version.xml.i new file mode 100644 index 0000000..b41d804 --- /dev/null +++ b/interface-definitions/include/version/lldp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/mdns-version.xml.i b/interface-definitions/include/version/mdns-version.xml.i new file mode 100644 index 0000000..b200a68 --- /dev/null +++ b/interface-definitions/include/version/mdns-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/monitoring-version.xml.i b/interface-definitions/include/version/monitoring-version.xml.i new file mode 100644 index 0000000..6a275a5 --- /dev/null +++ b/interface-definitions/include/version/monitoring-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i new file mode 100644 index 0000000..173e91e --- /dev/null +++ b/interface-definitions/include/version/nat-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i new file mode 100644 index 0000000..43a54c9 --- /dev/null +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/ntp-version.xml.i b/interface-definitions/include/version/ntp-version.xml.i new file mode 100644 index 0000000..155c824 --- /dev/null +++ b/interface-definitions/include/version/ntp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/openconnect-version.xml.i b/interface-definitions/include/version/openconnect-version.xml.i new file mode 100644 index 0000000..15097ee --- /dev/null +++ b/interface-definitions/include/version/openconnect-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/openvpn-version.xml.i b/interface-definitions/include/version/openvpn-version.xml.i new file mode 100644 index 0000000..67ef219 --- /dev/null +++ b/interface-definitions/include/version/openvpn-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/ospf-version.xml.i b/interface-definitions/include/version/ospf-version.xml.i new file mode 100644 index 0000000..df10883 --- /dev/null +++ b/interface-definitions/include/version/ospf-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/pim-version.xml.i b/interface-definitions/include/version/pim-version.xml.i new file mode 100644 index 0000000..24cc38c --- /dev/null +++ b/interface-definitions/include/version/pim-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i new file mode 100644 index 0000000..db727fe --- /dev/null +++ b/interface-definitions/include/version/policy-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/pppoe-server-version.xml.i b/interface-definitions/include/version/pppoe-server-version.xml.i new file mode 100644 index 0000000..2e020fa --- /dev/null +++ b/interface-definitions/include/version/pppoe-server-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/pptp-version.xml.i b/interface-definitions/include/version/pptp-version.xml.i new file mode 100644 index 0000000..a877d77 --- /dev/null +++ b/interface-definitions/include/version/pptp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/qos-version.xml.i b/interface-definitions/include/version/qos-version.xml.i new file mode 100644 index 0000000..c67e61e --- /dev/null +++ b/interface-definitions/include/version/qos-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/quagga-version.xml.i b/interface-definitions/include/version/quagga-version.xml.i new file mode 100644 index 0000000..23d884c --- /dev/null +++ b/interface-definitions/include/version/quagga-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i new file mode 100644 index 0000000..907ea1e --- /dev/null +++ b/interface-definitions/include/version/reverseproxy-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/rip-version.xml.i b/interface-definitions/include/version/rip-version.xml.i new file mode 100644 index 0000000..30ace48 --- /dev/null +++ b/interface-definitions/include/version/rip-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/rpki-version.xml.i b/interface-definitions/include/version/rpki-version.xml.i new file mode 100644 index 0000000..45ff4fb --- /dev/null +++ b/interface-definitions/include/version/rpki-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/salt-version.xml.i b/interface-definitions/include/version/salt-version.xml.i new file mode 100644 index 0000000..fe46840 --- /dev/null +++ b/interface-definitions/include/version/salt-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/snmp-version.xml.i b/interface-definitions/include/version/snmp-version.xml.i new file mode 100644 index 0000000..fa58672 --- /dev/null +++ b/interface-definitions/include/version/snmp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/ssh-version.xml.i b/interface-definitions/include/version/ssh-version.xml.i new file mode 100644 index 0000000..0f25caf --- /dev/null +++ b/interface-definitions/include/version/ssh-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/sstp-version.xml.i b/interface-definitions/include/version/sstp-version.xml.i new file mode 100644 index 0000000..5e30950 --- /dev/null +++ b/interface-definitions/include/version/sstp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i new file mode 100644 index 0000000..fcb24ab --- /dev/null +++ b/interface-definitions/include/version/system-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/vrf-version.xml.i b/interface-definitions/include/version/vrf-version.xml.i new file mode 100644 index 0000000..9d7ff35 --- /dev/null +++ b/interface-definitions/include/version/vrf-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/vrrp-version.xml.i b/interface-definitions/include/version/vrrp-version.xml.i new file mode 100644 index 0000000..1514b19 --- /dev/null +++ b/interface-definitions/include/version/vrrp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/vyos-accel-ppp-version.xml.i b/interface-definitions/include/version/vyos-accel-ppp-version.xml.i new file mode 100644 index 0000000..e5a4e16 --- /dev/null +++ b/interface-definitions/include/version/vyos-accel-ppp-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/wanloadbalance-version.xml.i b/interface-definitions/include/version/wanloadbalance-version.xml.i new file mode 100644 index 0000000..59f8729 --- /dev/null +++ b/interface-definitions/include/version/wanloadbalance-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/version/webproxy-version.xml.i b/interface-definitions/include/version/webproxy-version.xml.i new file mode 100644 index 0000000..42dbf3f --- /dev/null +++ b/interface-definitions/include/version/webproxy-version.xml.i @@ -0,0 +1,3 @@ + + + diff --git a/interface-definitions/include/vni.xml.i b/interface-definitions/include/vni.xml.i new file mode 100644 index 0000000..36176ca --- /dev/null +++ b/interface-definitions/include/vni.xml.i @@ -0,0 +1,14 @@ + + + + Virtual Network Identifier + + u32:0-16777214 + VXLAN virtual network identifier + + + + + + + diff --git a/interface-definitions/include/vpn-ipsec-encryption.xml.i b/interface-definitions/include/vpn-ipsec-encryption.xml.i new file mode 100644 index 0000000..629e6a0 --- /dev/null +++ b/interface-definitions/include/vpn-ipsec-encryption.xml.i @@ -0,0 +1,234 @@ + + + + Encryption algorithm + + null aes128 aes192 aes256 aes128ctr aes192ctr aes256ctr aes128ccm64 aes192ccm64 aes256ccm64 aes128ccm96 aes192ccm96 aes256ccm96 aes128ccm128 aes192ccm128 aes256ccm128 aes128gcm64 aes192gcm64 aes256gcm64 aes128gcm96 aes192gcm96 aes256gcm96 aes128gcm128 aes192gcm128 aes256gcm128 aes128gmac aes192gmac aes256gmac 3des blowfish128 blowfish192 blowfish256 camellia128 camellia192 camellia256 camellia128ctr camellia192ctr camellia256ctr camellia128ccm64 camellia192ccm64 camellia256ccm64 camellia128ccm96 camellia192ccm96 camellia256ccm96 camellia128ccm128 camellia192ccm128 camellia256ccm128 serpent128 serpent192 serpent256 twofish128 twofish192 twofish256 cast128 chacha20poly1305 + + + null + Null encryption + + + aes128 + 128 bit AES-CBC + + + aes192 + 192 bit AES-CBC + + + aes256 + 256 bit AES-CBC + + + aes128ctr + 128 bit AES-COUNTER + + + aes192ctr + 192 bit AES-COUNTER + + + aes256ctr + 256 bit AES-COUNTER + + + aes128ccm64 + 128 bit AES-CCM with 64 bit ICV + + + aes192ccm64 + 192 bit AES-CCM with 64 bit ICV + + + aes256ccm64 + 256 bit AES-CCM with 64 bit ICV + + + aes128ccm96 + 128 bit AES-CCM with 96 bit ICV + + + aes192ccm96 + 192 bit AES-CCM with 96 bit ICV + + + aes256ccm96 + 256 bit AES-CCM with 96 bit ICV + + + aes128ccm128 + 128 bit AES-CCM with 128 bit ICV + + + aes192ccm128 + 192 bit AES-CCM with 128 bit IC + + + aes256ccm128 + 256 bit AES-CCM with 128 bit ICV + + + aes128gcm64 + 128 bit AES-GCM with 64 bit ICV + + + aes192gcm64 + 192 bit AES-GCM with 64 bit ICV + + + aes256gcm64 + 256 bit AES-GCM with 64 bit ICV + + + aes128gcm96 + 128 bit AES-GCM with 96 bit ICV + + + aes192gcm96 + 192 bit AES-GCM with 96 bit ICV + + + aes256gcm96 + 256 bit AES-GCM with 96 bit ICV + + + aes128gcm128 + 128 bit AES-GCM with 128 bit ICV + + + aes192gcm128 + 192 bit AES-GCM with 128 bit ICV + + + aes256gcm128 + 256 bit AES-GCM with 128 bit ICV + + + aes128gmac + Null encryption with 128 bit AES-GMAC + + + aes192gmac + Null encryption with 192 bit AES-GMAC + + + aes256gmac + Null encryption with 256 bit AES-GMAC + + + 3des + 168 bit 3DES-EDE-CBC + + + blowfish128 + 128 bit Blowfish-CBC + + + blowfish192 + 192 bit Blowfish-CBC + + + blowfish256 + 256 bit Blowfish-CBC + + + camellia128 + 128 bit Camellia-CBC + + + camellia192 + 192 bit Camellia-CBC + + + camellia256 + 256 bit Camellia-CBC + + + camellia128ctr + 128 bit Camellia-COUNTER + + + camellia192ctr + 192 bit Camellia-COUNTER + + + camellia256ctr + 256 bit Camellia-COUNTER + + + camellia128ccm64 + 128 bit Camellia-CCM with 64 bit ICV + + + camellia192ccm64 + 192 bit Camellia-CCM with 64 bit ICV + + + camellia256ccm64 + 256 bit Camellia-CCM with 64 bit ICV + + + camellia128ccm96 + 128 bit Camellia-CCM with 96 bit ICV + + + camellia192ccm96 + 192 bit Camellia-CCM with 96 bit ICV + + + camellia256ccm96 + 256 bit Camellia-CCM with 96 bit ICV + + + camellia128ccm128 + 128 bit Camellia-CCM with 128 bit ICV + + + camellia192ccm128 + 192 bit Camellia-CCM with 128 bit ICV + + + camellia256ccm128 + 256 bit Camellia-CCM with 128 bit ICV + + + serpent128 + 128 bit Serpent-CBC + + + serpent192 + 192 bit Serpent-CBC + + + serpent256 + 256 bit Serpent-CBC + + + twofish128 + 128 bit Twofish-CBC + + + twofish192 + 192 bit Twofish-CBC + + + twofish256 + 256 bit Twofish-CBC + + + cast128 + 128 bit CAST-CBC + + + chacha20poly1305 + 256 bit ChaCha20/Poly1305 with 128 bit ICV + + + (null|aes128|aes192|aes256|aes128ctr|aes192ctr|aes256ctr|aes128ccm64|aes192ccm64|aes256ccm64|aes128ccm96|aes192ccm96|aes256ccm96|aes128ccm128|aes192ccm128|aes256ccm128|aes128gcm64|aes192gcm64|aes256gcm64|aes128gcm96|aes192gcm96|aes256gcm96|aes128gcm128|aes192gcm128|aes256gcm128|aes128gmac|aes192gmac|aes256gmac|3des|blowfish128|blowfish192|blowfish256|camellia128|camellia192|camellia256|camellia128ctr|camellia192ctr|camellia256ctr|camellia128ccm64|camellia192ccm64|camellia256ccm64|camellia128ccm96|camellia192ccm96|camellia256ccm96|camellia128ccm128|camellia192ccm128|camellia256ccm128|serpent128|serpent192|serpent256|twofish128|twofish192|twofish256|cast128|chacha20poly1305) + + + aes128 + + diff --git a/interface-definitions/include/vpn-ipsec-hash.xml.i b/interface-definitions/include/vpn-ipsec-hash.xml.i new file mode 100644 index 0000000..73d19c2 --- /dev/null +++ b/interface-definitions/include/vpn-ipsec-hash.xml.i @@ -0,0 +1,66 @@ + + + + Hash algorithm + + md5 md5_128 sha1 sha1_160 sha256 sha256_96 sha384 sha512 aesxcbc aescmac aes128gmac aes192gmac aes256gmac + + + md5 + MD5 HMAC + + + md5_128 + MD5_128 HMAC + + + sha1 + SHA1 HMAC + + + sha1_160 + SHA1_160 HMAC + + + sha256 + SHA2_256_128 HMAC + + + sha256_96 + SHA2_256_96 HMAC + + + sha384 + SHA2_384_192 HMAC + + + sha512 + SHA2_512_256 HMAC + + + aesxcbc + AES XCBC + + + aescmac + AES CMAC + + + aes128gmac + 128-bit AES-GMAC + + + aes192gmac + 192-bit AES-GMAC + + + aes256gmac + 256-bit AES-GMAC + + + (md5|md5_128|sha1|sha1_160|sha256|sha256_96|sha384|sha512|aesxcbc|aescmac|aes128gmac|aes192gmac|aes256gmac) + + + sha1 + + diff --git a/interface-definitions/include/vrf-multi.xml.i b/interface-definitions/include/vrf-multi.xml.i new file mode 100644 index 0000000..0b22894 --- /dev/null +++ b/interface-definitions/include/vrf-multi.xml.i @@ -0,0 +1,22 @@ + + + + VRF instance name + + vrf name + default + + + default + Explicitly start in default VRF + + + txt + VRF instance name + + #include + + + default + + diff --git a/interface-definitions/include/vrrp-transition-script.xml.i b/interface-definitions/include/vrrp-transition-script.xml.i new file mode 100644 index 0000000..cf57c3c --- /dev/null +++ b/interface-definitions/include/vrrp-transition-script.xml.i @@ -0,0 +1,41 @@ + + + + VRRP transition scripts + + + + + Script to run on VRRP state transition to master + + + + + + + + Script to run on VRRP state transition to backup + + + + + + + + Script to run on VRRP state transition to fault + + + + + + + + Script to run on VRRP state transition to stop + + + + + + + + diff --git a/interface-definitions/include/vrrp/garp.xml.i b/interface-definitions/include/vrrp/garp.xml.i new file mode 100644 index 0000000..b56b490 --- /dev/null +++ b/interface-definitions/include/vrrp/garp.xml.i @@ -0,0 +1,78 @@ + + + + Gratuitous ARP parameters + + + + + Interval between Gratuitous ARP + + <0.000-1000> + Interval in seconds, resolution microseconds + + + + + + 0 + + + + Delay for second set of gratuitous ARPs after transition to master + + u32:1-1000 + Delay in seconds + + + + + + 5 + + + + Minimum time interval for refreshing gratuitous ARPs while beeing master + + u32:0 + No refresh + + + u32:1-255 + Interval in seconds + + + + + + 5 + + + + Number of gratuitous ARP messages to send at a time while beeing master + + u32:1-255 + Number of gratuitous ARP messages + + + + + + 1 + + + + Number of gratuitous ARP messages to send at a time after transition to master + + u32:1-255 + Number of gratuitous ARP messages + + + + + + 5 + + + + diff --git a/interface-definitions/include/webproxy-url-filtering.xml.i b/interface-definitions/include/webproxy-url-filtering.xml.i new file mode 100644 index 0000000..7763cb3 --- /dev/null +++ b/interface-definitions/include/webproxy-url-filtering.xml.i @@ -0,0 +1,119 @@ + + + + Category to allow + + + + + + + + + Allow IP address URLs + + + + + + Category to block + + + + + + + + + Default action (default: allow) + + allow block + + + allow + Default filter action is allow) + + + block + Default filter action is block + + + (allow|block) + + + + + + Enable safe-mode search on popular search engines + + + + + + Local keyword to block + + keyword + Keyword (or regex) to block + + + + + + + Local URL to block + + url + Local URL to block (without "http://") + + + + + + + Local site to block + + ipv4 + IP address of site to block + + + + + + + + + + + Local URL to allow + + url + Local URL to allow (without "http://") + + + + + + + Local site to allow + + ipv4 + IP address of site to allow + + + + + + + + + + + Log block category + + + all + + + + + diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in new file mode 100644 index 0000000..b17cad4 --- /dev/null +++ b/interface-definitions/interfaces_bonding.xml.in @@ -0,0 +1,297 @@ + + + + + + + Bonding Interface/Link Aggregation + 320 + + bond[0-9]+ + + Bonding interface must be named bondN + + bondN + Bonding interface name + + + + #include + + + ARP link monitoring parameters + + + + + ARP link monitoring interval + + u32 + Specifies the ARP link monitoring frequency in milliseconds + + + + + + + + + IP address used for ARP monitoring + + ipv4 + Specify IPv4 address of ARP requests when interval is enabled + + + + + + + + + + #include + #include + #include + #include + #include + #include + #include + #include + + + EVPN Multihoming + + + + + Preference value used for designated forwarder (DF) election + + u32:1-65535 + DF Preference value + + + + + + + + + Ethernet segment identifier + + u32:1-16777215 + Local discriminator + + + txt + 10-byte ID - 00:11:22:33:44:55:AA:BB:CC:DD + + + + ([0-9A-Fa-f][0-9A-Fa-f]:){9}[0-9A-Fa-f][0-9A-Fa-f] + + + + + + Ethernet segment system MAC + + macaddr + MAC address + + + + + + + #include + + + + + Bonding transmit hash policy + + layer2 layer2+3 layer3+4 encap2+3 encap3+4 + + + layer2 + use MAC addresses to generate the hash + + + layer2+3 + combine MAC address and IP address to make hash + + + layer3+4 + combine IP address and port to make hash + + + encap2+3 + combine encapsulated MAC address and IP address to make hash + + + encap3+4 + combine encapsulated IP address and port to make hash + + + (layer2\+3|layer3\+4|layer2|encap2\+3|encap3\+4) + + hash-policy must be layer2 layer2+3 layer3+4 encap2+3 or encap3+4 + + layer2 + + #include + #include + #include + + + Specifies the MII link monitoring frequency in milliseconds + + u32:0 + Disable MII link monitoring + + + u32:50-1000 + MII link monitoring frequency in milliseconds + + + + + + 100 + + + + Minimum number of member interfaces required up before enabling bond + + u32:0-16 + Minimum number of member interfaces required up before enabling bond + + + + + + 0 + + + + System MAC address for 802.3ad + + macaddr + MAC address + + + + + + + + + Rate in which we will ask our link partner to transmit LACPDU packets + + slow fast + + + slow + Request partner to transmit LACPDUs every 30 seconds + + + fast + Request partner to transmit LACPDUs every 1 second + + + (slow|fast) + + + slow + + + + Bonding mode + + 802.3ad active-backup broadcast round-robin transmit-load-balance adaptive-load-balance xor-hash + + + 802.3ad + IEEE 802.3ad Dynamic link aggregation + + + active-backup + Fault tolerant: only one slave in the bond is active + + + broadcast + Fault tolerant: transmits everything on all slave interfaces + + + round-robin + Load balance: transmit packets in sequential order + + + transmit-load-balance + Load balance: adapts based on transmit load and speed + + + adaptive-load-balance + Load balance: adapts based on transmit and receive plus ARP + + + xor-hash + Distribute based on MAC address + + + (802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash) + + mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor + + 802.3ad + + + + Bridge member interfaces + + + + + Member interface name + + + + + txt + Interface name + + + #include + + + + + + + #include + + 1500 + + + + Primary device interface + + + + + txt + Interface name + + + #include + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in new file mode 100644 index 0000000..29dd61d --- /dev/null +++ b/interface-definitions/interfaces_bridge.xml.in @@ -0,0 +1,233 @@ + + + + + + + Bridge Interface + 310 + + br[0-9]+ + + Bridge interface must be named brN + + brN + Bridge interface name + + + + #include + + + MAC address aging interval + + u32:0 + Disable MAC address learning (always flood) + + + u32:10-1000000 + MAC address aging time in seconds + + + + + + 300 + + #include + #include + #include + #include + #include + #include + #include + + 1500 + + + + Forwarding delay + + u32:0-200 + Spanning Tree Protocol forwarding delay in seconds + + + + + Forwarding delay must be between 0 and 200 seconds + + 14 + + + + Hello packet advertisement interval + + u32:1-10 + Spanning Tree Protocol hello advertisement interval in seconds + + + + + Bridge Hello interval must be between 1 and 10 seconds + + 2 + + + + Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) settings + + + + + Enable IGMP/MLD querier + + + + + + Enable IGMP/MLD snooping + + + + + + #include + #include + #include + #include + + + Enable VLAN aware bridge + + + + #include + + 802.1q + + + + Interval at which neighbor bridges are removed + + u32:1-40 + Bridge maximum aging time in seconds + + + + + Bridge max aging value must be between 1 and 40 seconds + + 20 + + + + Bridge member interfaces + + + + + Member interface name + + + + + #include + + + + + + Specify VLAN id which should natively be present on the link + + u32:1-4094 + Virtual Local Area Network (VLAN) ID + + + + + VLAN ID must be between 1 and 4094 + + + + + Specify VLAN id which is allowed in this trunk interface + + <id> + VLAN id allowed to pass this interface + + + <idN>-<idM> + VLAN id range allowed on this interface (use '-' as delimiter) + + + + + not a valid VLAN ID value or range + + + + + + Bridge port cost + + u32:1-65535 + Path cost value for Spanning Tree Protocol + + + + + Path cost value must be between 1 and 65535 + + 100 + + + + Bridge port priority + + u32:0-63 + Bridge port priority + + + + + Port priority value must be between 0 and 63 + + 32 + + + + Port is isolated (also known as Private-VLAN) + + + + + + + + + + Priority for this bridge + + u32:0-65535 + Bridge priority + + + + + Bridge priority must be between 0 and 65535 (multiples of 4096) + + 32768 + + + + Enable spanning tree protocol + + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_dummy.xml.in b/interface-definitions/interfaces_dummy.xml.in new file mode 100644 index 0000000..36b4e41 --- /dev/null +++ b/interface-definitions/interfaces_dummy.xml.in @@ -0,0 +1,60 @@ + + + + + + + Dummy Interface + 300 + + dum[0-9]+ + + Dummy interface must be named dumN + + dumN + Dummy interface name + + + + #include + #include + #include + + + IPv4 routing parameters + + + #include + #include + + + + + IPv6 routing parameters + + + #include + + + IPv6 address configuration modes + + + #include + #include + + + + + #include + + 1500 + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in new file mode 100644 index 0000000..89f990d --- /dev/null +++ b/interface-definitions/interfaces_ethernet.xml.in @@ -0,0 +1,225 @@ + + + + + Network interfaces + + + + + Ethernet Interface + 318 + + ethN + Ethernet interface name + + + ((eth|lan)[0-9]+|(eno|ens|enp|enx).+) + + Invalid Ethernet interface name + + + #include + #include + #include + #include + + + Disable Ethernet flow control (pause frames) + + + + #include + #include + + + Duplex mode + + auto half full + + + auto + Auto negotiation + + + half + Half duplex + + + full + Full duplex + + + (auto|half|full) + + duplex must be auto, half or full + + auto + + #include + + + EVPN Multihoming + + + #include + + + #include + #include + #include + #include + #include + #include + + + Configurable offload options + + + + + Enable Generic Receive Offload + + + + + + Enable Generic Segmentation Offload + + + + + + Enable Hardware Flow Offload + + + + + + Enable Large Receive Offload + + + + + + Enable Receive Packet Steering + + + + + + Enable Receive Flow Steering + + + + + + Enable Scatter-Gather + + + + + + Enable TCP Segmentation Offloading + + + + + + + + Link speed + + auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000 + + + auto + Auto negotiation + + + 10 + 10 Mbit/sec + + + 100 + 100 Mbit/sec + + + 1000 + 1 Gbit/sec + + + 2500 + 2.5 Gbit/sec + + + 5000 + 5 Gbit/sec + + + 10000 + 10 Gbit/sec + + + 25000 + 25 Gbit/sec + + + 40000 + 40 Gbit/sec + + + 50000 + 50 Gbit/sec + + + 100000 + 100 Gbit/sec + + + (auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000) + + Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000 + + auto + + + + Shared buffer between the device driver and NIC + + + + + RX ring buffer + + u32:80-16384 + ring buffer size + + + + + + + + + TX ring buffer + + u32:80-16384 + ring buffer size + + + + + + + + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in new file mode 100644 index 0000000..990c5bd --- /dev/null +++ b/interface-definitions/interfaces_geneve.xml.in @@ -0,0 +1,61 @@ + + + + + + + Generic Network Virtualization Encapsulation (GENEVE) Interface + 460 + + gnv[0-9]+ + + GENEVE interface must be named gnvN + + gnvN + GENEVE interface name + + + + #include + #include + #include + #include + #include + #include + #include + + + GENEVE tunnel parameters + + + + + IPv4 specific tunnel parameters + + + #include + #include + #include + #include + + + + + IPv6 specific tunnel parameters + + + #include + + + + + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_input.xml.in b/interface-definitions/interfaces_input.xml.in new file mode 100644 index 0000000..771c47e --- /dev/null +++ b/interface-definitions/interfaces_input.xml.in @@ -0,0 +1,27 @@ + + + + + + + Input Functional Block (IFB) interface name + + 310 + + ifb[0-9]+ + + Input interface must be named ifbN + + ifbN + Input interface name + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_l2tpv3.xml.in b/interface-definitions/interfaces_l2tpv3.xml.in new file mode 100644 index 0000000..5f816c9 --- /dev/null +++ b/interface-definitions/interfaces_l2tpv3.xml.in @@ -0,0 +1,131 @@ + + + + + + + Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface + 485 + + l2tpeth[0-9]+ + + L2TPv3 interface must be named l2tpethN + + l2tpethN + L2TPv3 interface name + + + + #include + #include + + + UDP destination port for L2TPv3 tunnel + + u32:1-65535 + Numeric IP port + + + + + + 5000 + + #include + + + Encapsulation type + + udp ip + + + udp + UDP encapsulation + + + ip + IP encapsulation + + + (udp|ip) + + Encapsulation must be UDP or IP + + udp + + #include + #include + #include + #include + #include + + 1488 + + + + Peer session identifier + + u32:1-429496729 + L2TPv3 peer session identifier + + + + + + + + + Peer tunnel identifier + + u32:1-429496729 + L2TPv3 peer tunnel identifier + + + + + + + #include + + + Session identifier + + u32:1-429496729 + L2TPv3 session identifier + + + + + + + + + UDP source port for L2TPv3 tunnel + + u32:1-65535 + Numeric IP port + + + + + + 5000 + + + + Local tunnel identifier + + u32:1-429496729 + L2TPv3 local tunnel identifier + + + + + + + #include + + + + + diff --git a/interface-definitions/interfaces_loopback.xml.in b/interface-definitions/interfaces_loopback.xml.in new file mode 100644 index 0000000..09b4a00 --- /dev/null +++ b/interface-definitions/interfaces_loopback.xml.in @@ -0,0 +1,35 @@ + + + + + + + Loopback Interface + 300 + + lo + + Loopback interface must be named lo + + lo + Loopback interface + + + + #include + #include + + + IPv4 routing parameters + + + #include + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_macsec.xml.in b/interface-definitions/interfaces_macsec.xml.in new file mode 100644 index 0000000..d825f82 --- /dev/null +++ b/interface-definitions/interfaces_macsec.xml.in @@ -0,0 +1,153 @@ + + + + + + + MACsec Interface (802.1ae) + 461 + + macsec[0-9]+ + + MACsec interface must be named macsecN + + macsecN + MACsec interface name + + + + #include + #include + #include + #include + #include + #include + + + Security/Encryption Settings + + + + + Cipher suite used + + gcm-aes-128 gcm-aes-256 + + + gcm-aes-128 + Galois/Counter Mode of AES cipher with 128-bit key + + + gcm-aes-256 + Galois/Counter Mode of AES cipher with 256-bit key + + + (gcm-aes-128|gcm-aes-256) + + + + + + Enable optional MACsec encryption + + + + + + Use static keys for MACsec [static Secure Authentication Key (SAK) mode] + + + #include + + + MACsec peer name + + [^ ]{1,100} + + MACsec peer name exceeds limit of 100 characters + + + #include + #include + #include + + + + + + + MACsec Key Agreement protocol (MKA) + + + + + Secure Connectivity Association Key + + txt + 16-byte (128-bit) hex-string (32 hex-digits) for gcm-aes-128 or 32-byte (256-bit) hex-string (64 hex-digits) for gcm-aes-256 + + + [A-Fa-f0-9]{32} + [A-Fa-f0-9]{64} + + + + + + Secure Connectivity Association Key Name + + txt + 1..32-bytes (8..256 bit) hex-string (2..64 hex-digits) + + + [A-Fa-f0-9]{2,64} + + + + + + Priority of MACsec Key Agreement protocol (MKA) actor + + u32:0-255 + MACsec Key Agreement protocol (MKA) priority + + + + + + 255 + + + + + + IEEE 802.1X/MACsec replay protection window + + u32:0 + No replay window, strict check + + + u32:1-4294967295 + Number of packets that could be misordered + + + + + + + + + #include + #include + #include + + 1460 + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in new file mode 100644 index 0000000..3c84410 --- /dev/null +++ b/interface-definitions/interfaces_openvpn.xml.in @@ -0,0 +1,860 @@ + + + + + + + OpenVPN Tunnel Interface + 460 + + vtun[0-9]+ + + OpenVPN tunnel interface must be named vtunN + + vtunN + OpenVPN interface name + + + + #include + #include + + + OpenVPN interface device-type + + tun tap + + + tun + TUN device, required for OSI layer 3 + + + tap + TAP device, required for OSI layer 2 + + + (tun|tap) + + + tun + + #include + + + Data Encryption settings + + + + + Standard Data Encryption Algorithm + + none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + none + Disable encryption + + + 3des + DES algorithm with triple encryption + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + Cipher negotiation list for use in server or client mode + + none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + none + Disable encryption + + + 3des + DES algorithm with triple encryption + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + + #include + #include + #include + + + Hashing Algorithm + + md5 sha1 sha256 sha384 sha512 + + + md5 + MD5 algorithm + + + sha1 + SHA-1 algorithm + + + sha256 + SHA-256 algorithm + + + sha384 + SHA-384 algorithm + + + sha512 + SHA-512 algorithm + + + (md5|sha1|sha256|sha384|sha512) + + + + + + Keepalive helper options + + + + + Maximum number of keepalive packet failures + + u32:0-1000 + Maximum number of keepalive packet failures + + + + + + 60 + + + + Keepalive packet interval in seconds + + u32:0-600 + Keepalive packet interval (seconds) + + + + + + 10 + + + + + + Local IP address of tunnel (IPv4 or IPv6) + + + + + + + + Subnet-mask for local IP address of tunnel (IPv4 only) + + + + + + + + + + Local IP address to accept connections (all if not set) + + ipv4 + Local IPv4 address + + + ipv6 + Local IPv6 address + + + + + + + + + Local port number to accept connections + + u32:1-65535 + Numeric IP port + + + + + + + + + OpenVPN mode of operation + + site-to-site client server + + + site-to-site + Site-to-site mode + + + client + Client in client-server mode + + + server + Server in client-server mode + + + (site-to-site|client|server) + + + + + + Configurable offload options + + + + + Enable data channel offload on this interface + + + + + + + + Additional OpenVPN options. You must use the syntax of openvpn.conf in this text-field. Using this without proper knowledge may result in a crashed OpenVPN server. Check system log to look for errors. + + + + + + Do not close and reopen interface (TUN/TAP device) on client restarts + + + + + + OpenVPN communication protocol + + udp tcp-passive tcp-active + + + udp + UDP + + + tcp-passive + TCP and accepts connections passively + + + tcp-active + TCP and initiates connections actively + + + (udp|tcp-passive|tcp-active) + + + udp + + + + Force OpenVPN to use a specific IP protocol version + + auto ipv4 ipv6 dual-stack + + + auto + Select one IP protocol to use based on local or remote host + + + _ipv4 + Accept connections on or initate connections to IPv4 addresses only + + + _ipv6 + Accept connections on or initate connections to IPv6 addresses only + + + dual-stack + Accept connections on both protocols simultaneously (only supported in server mode) + + + (auto|ipv4|ipv6|dual-stack) + + + auto + + + + IP address of remote end of tunnel + + ipv4 + Remote end IPv4 address + + + ipv6 + Remote end IPv6 address + + + + + + + + + + Remote host to connect to (dynamic if not set) + + ipv4 + IPv4 address of remote host + + + ipv6 + IPv6 address of remote host + + + txt + Hostname of remote host + + + + + + + Remote port number to connect to + + u32:1-65535 + Numeric IP port + + + + + + + + + OpenVPN tunnel to be used as the default route + + + + + Tunnel endpoints are on the same subnet + + + + + + + Server-mode options + + + + + Client-specific settings + + name + Client common-name in the certificate + + + + #include + + + IP address of the client + + ipv4 + Client IPv4 address + + + ipv6 + Client IPv6 address + + + + + + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + + Subnet belonging to the client (iroute) + + ipv4net + IPv4 network and prefix length belonging to the client + + + ipv6net + IPv6 network and prefix length belonging to the client + + + + + + + + + + + + Used with TAP device (layer 2) + + + #include + + + First IP address in the pool + + + + + ipv4 + IPv4 address + + + + + + Last IP address in the pool + + + + + ipv4 + IPv4 address + + + + + + Subnet mask pushed to dynamic clients. + + + + + ipv4 + IPv4 subnet mask + + + + + + Gateway IP address + + + + + ipv4 + IPv4 address + + + + + + + + Pool of client IPv4 addresses + + + #include + + + First IP address in the pool + + + + + ipv4 + IPv4 address + + + + + + Last IP address in the pool + + + + + ipv4 + IPv4 address + + + + + + Subnet mask pushed to dynamic clients. If not set the server subnet mask will be used. Only used with topology subnet or device type tap. Not used with bridged interfaces. + + + + + ipv4 + IPv4 subnet mask + + + + + + + + Pool of client IPv6 addresses + + + + + Client IPv6 pool base address with optional prefix length + + ipv6net + Client IPv6 pool base address with optional prefix length (defaults: base = server subnet + 0x1000, prefix length = server prefix length) + + + + + + + #include + + + + + DNS suffix to be pushed to all clients + + txt + Domain Name Server suffix + + + + + + Number of maximum client connections + + u32:1-4096 + Number of concurrent clients + + + + + + + #include + + + Route to be pushed to all clients + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + Set metric for this route + + u32:0-4294967295 + Metric for this route + + + + + + 0 + + + + + + Reject connections from clients that are not explicitly configured + + + + + + Server-mode subnet (from which client IPs are allocated) + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + + Topology for clients + + subnet point-to-point net30 + + + subnet + Subnet topology (recommended) + + + point-to-point + Point-to-point topology + + + net30 + net30 topology (deprecated) + + + (subnet|point-to-point|net30) + + + subnet + + + + multi-factor authentication + + + + + Time-based one-time passwords + + + + + Maximum allowed clock slop in seconds + + 1-65535 + Seconds + + + + + + 180 + + + + Time drift in seconds + + 1-65535 + Seconds + + + + + + 0 + + + + Step value for totp in seconds + + 1-65535 + Seconds + + + + + + 30 + + + + Number of digits to use for totp hash + + 1-65535 + Digits + + + + + + 6 + + + + Expect password as result of a challenge response protocol + + disable enable + + + disable + Disable challenge-response + + + enable + Enable chalenge-response + + + (disable|enable) + + + enable + + + + + + + + + + Secret key shared with remote end of tunnel + + pki openvpn shared-secret + + + + + + Transport Layer Security (TLS) options + + + + + TLS shared secret key for tls-auth + + pki openvpn shared-secret + + + + #include + #include + #include + + + Static key to use to authenticate control channel + + pki openvpn shared-secret + + + + + + + Peer certificate SHA256 fingerprint + + [0-9a-fA-F]{2}:([0-9a-fA-F]{2}:){30}[0-9a-fA-F]{2} + + Peer certificate fingerprint must be a colon-separated SHA256 hex digest + + + #include + + + TLS negotiation role + + active passive + + + active + Initiate TLS negotiation actively + + + passive + Wait for incoming TLS connection + + + (active|passive) + + + + + + + + Use fast LZO compression on this TUN/TAP interface + + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in new file mode 100644 index 0000000..56660bc --- /dev/null +++ b/interface-definitions/interfaces_pppoe.xml.in @@ -0,0 +1,153 @@ + + + + + + + Point-to-Point Protocol over Ethernet (PPPoE) Interface + 322 + + pppoe[0-9]+ + + PPPoE interface must be named pppoeN + + pppoeN + PPPoE dialer interface name + + + + #include + #include + #include + #include + #include + #include + #include + #include + + + Delay before disconnecting idle session (in seconds) + + u32:0-86400 + Idle timeout in seconds + + + + + Timeout must be in range 0 to 86400 + + + + + PPPoE RFC2516 host-uniq tag + + txt + Host-uniq tag as byte string in HEX + + + ([a-fA-F0-9][a-fA-F0-9]){1,18} + + Host-uniq must be specified as hex-adecimal byte-string (even number of HEX characters) + + + + + Delay before re-dial to the access concentrator when PPP session terminated by peer (in seconds) + + u32:0-86400 + Holdoff time in seconds + + + + + Holdoff must be in range 0 to 86400 + + 30 + + + + IPv4 routing parameters + + + #include + #include + #include + + + + + IPv6 routing parameters + + + + + IPv6 address configuration modes + + + #include + + + #include + #include + + + #include + + + IPv4 address of local end of the PPPoE link + + ipv4 + Address of local end of the PPPoE link + + + + + + + #include + #include + + 1492 + + + + Maximum Receive Unit (MRU) (default: MTU value) + + u32:128-16384 + Maximum Receive Unit in byte + + + + + MRU must be between 128 and 16384 + + + #include + + + IPv4 address of remote end of the PPPoE link + + ipv4 + Address of remote end of the PPPoE link + + + + + + + + + Service name, only connect to access concentrators advertising this + + [a-zA-Z0-9]+ + + Service name must be alphanumeric only + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_pseudo-ethernet.xml.in b/interface-definitions/interfaces_pseudo-ethernet.xml.in new file mode 100644 index 0000000..031af35 --- /dev/null +++ b/interface-definitions/interfaces_pseudo-ethernet.xml.in @@ -0,0 +1,68 @@ + + + + + + + Pseudo Ethernet Interface (Macvlan) + 321 + + peth[0-9]+ + + Pseudo Ethernet interface must be named pethN + + pethN + Pseudo Ethernet interface name + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + Receive mode (default: private) + + private vepa bridge passthru + + + private + No communication with other pseudo-devices + + + vepa + Virtual Ethernet Port Aggregator reflective relay + + + bridge + Simple bridge between pseudo-devices + + + passthru + Promicious mode passthrough of underlying device + + + (private|vepa|bridge|passthru) + + mode must be private, vepa, bridge or passthru + + private + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_sstpc.xml.in b/interface-definitions/interfaces_sstpc.xml.in new file mode 100644 index 0000000..b7c4944 --- /dev/null +++ b/interface-definitions/interfaces_sstpc.xml.in @@ -0,0 +1,47 @@ + + + + + + + Secure Socket Tunneling Protocol (SSTP) client Interface + 460 + + sstpc[0-9]+ + + Secure Socket Tunneling Protocol interface must be named sstpcN + + sstpcN + Secure Socket Tunneling Protocol interface name + + + + #include + #include + #include + #include + #include + #include + #include + + 1452 + + #include + #include + + 443 + + + + Secure Sockets Layer (SSL) configuration + + + #include + + + #include + + + + + diff --git a/interface-definitions/interfaces_tunnel.xml.in b/interface-definitions/interfaces_tunnel.xml.in new file mode 100644 index 0000000..fe1dad3 --- /dev/null +++ b/interface-definitions/interfaces_tunnel.xml.in @@ -0,0 +1,281 @@ + + + + + + + Tunnel interface + 380 + + tun[0-9]+ + + tunnel interface must be named tunN + + tunN + Tunnel interface name + + + + #include + #include + #include + #include + #include + + 1476 + + #include + #include + #include + #include + #include + + + 6rd network prefix + + ipv6 + IPv6 address and prefix length + + + + + + + + + 6rd relay prefix + + ipv4net + IPv4 prefix of interface for 6rd + + + + + + + + + Encapsulation of this tunnel interface + + erspan gre gretap ip6erspan ip6gre ip6gretap ip6ip6 ipip ipip6 sit + + + erspan + Encapsulated Remote Switched Port Analyzer + + + gre + Generic Routing Encapsulation (network layer) + + + gretap + Generic Routing Encapsulation (datalink layer) + + + ip6erspan + Encapsulated Remote Switched Port Analyzer over IPv6 + + + ip6gre + GRE over IPv6 (network layer) + + + ip6gretap + GRE over IPv6 (datalink layer) + + + ip6ip6 + IPv6 in IPv6 encapsulation + + + ipip + IPv4 in IPv4 encapsulation + + + ipip6 + IPv4 in IP6 encapsulation + + + sit + Simple Internet Transition (IPv6 in IPv4) + + + (erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit) + + Invalid encapsulation, must be one of: erspan, gre, gretap, ip6erspan, ip6gre, ip6gretap, ipip, sit, ipip6 or ip6ip6 + + + #include + + + Enable multicast operation over tunnel + + + + + + Tunnel parameters + + + + + ERSPAN tunnel parameters + + + + + Mirrored traffic direction + + ingress egress + + + ingress + Mirror ingress traffic + + + egress + Mirror egress traffic + + + (ingress|egress) + + + + + + Unique identifier of an ERSPAN engine within a system + + u32:0-1048575 + Unique identifier of an ERSPAN engine + + + + + + + + + ERSPAN version 1 index field + + u32:0-63 + Platform-depedent field for specifying port number and direction + + + + + + + + + Protocol version + + 1 2 + + + 1 + ERSPAN Type II + + + 2 + ERSPAN Type III + + + + + + 1 + + + + + + IPv4-specific tunnel parameters + + + + + Disable path MTU discovery + + + + + + Ignore the DF (don't fragment) bit + + + + #include + #include + #include + + 64 + + + + + + IPv6-specific tunnel parameters + + + + + Set fixed encapsulation limit + + none + + + u32:0-255 + Encapsulation limit + + + none + Disable encapsulation limit + + + (none) + + + Tunnel encaplimit must be 0-255 or none + + 4 + + #include + + + Hoplimit + + u32:0-255 + Hop limit + + + + + hop limit must be between 0-255 + + 64 + + + + Traffic class (Tclass) + + 0x0-0x0fffff + Traffic class, 'inherit' or hex value + + + (0x){0,1}(0?[0-9A-Fa-f]{1,2}) + + Must be 'inherit' or a number + + inherit + + + + + + #include + #include + + + + + diff --git a/interface-definitions/interfaces_virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in new file mode 100644 index 0000000..c4610fe --- /dev/null +++ b/interface-definitions/interfaces_virtual-ethernet.xml.in @@ -0,0 +1,48 @@ + + + + + + + Virtual Ethernet (veth) Interface + 300 + + veth[0-9]+ + + Virtual Ethernet interface must be named vethN + + vethN + Virtual Ethernet interface name + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + Virtual ethernet peer interface name + + interfaces virtual-ethernet + + + txt + Name of peer interface + + + veth[0-9]+ + + Virutal Ethernet interface must be named vethN + + + + + + + diff --git a/interface-definitions/interfaces_vti.xml.in b/interface-definitions/interfaces_vti.xml.in new file mode 100644 index 0000000..39fb313 --- /dev/null +++ b/interface-definitions/interfaces_vti.xml.in @@ -0,0 +1,35 @@ + + + + + + + Virtual Tunnel Interface (XFRM) + 381 + + vti[0-9]+ + + VTI interface must be named vtiN + + vtiN + VTI interface name + + + + #include + #include + #include + #include + #include + #include + + 1500 + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in new file mode 100644 index 0000000..937acb1 --- /dev/null +++ b/interface-definitions/interfaces_vxlan.xml.in @@ -0,0 +1,153 @@ + + + + + + + Virtual Extensible LAN (VXLAN) Interface + 460 + + vxlan[0-9]+ + + VXLAN interface must be named vxlanN + + vxlanN + VXLAN interface name + + + + #include + #include + #include + + + Enable Generic Protocol extension (VXLAN-GPE) + + + + + + Multicast group address for VXLAN interface + + ipv4 + Multicast IPv4 group address + + + ipv6 + Multicast IPv6 group address + + + + + + Multicast IPv4/IPv6 address required + + + #include + #include + #include + #include + #include + + + VXLAN tunnel parameters + + + + + IPv4 specific tunnel parameters + + + #include + #include + #include + + 16 + + + + + + IPv6 specific tunnel parameters + + + #include + + + + + Use external control plane + + + + + + Do not add unknown addresses into forwarding database + + + + + + Enable neighbor discovery (ARP and ND) suppression + + + + + + Enable VNI filter support + + + + + + #include + + 4789 + + #include + #include + #include + #include + #include + #include + + + Configuring VLAN-to-VNI mappings for EVPN-VXLAN + + u32:0-4094 + Virtual Local Area Network (VLAN) ID + + + <start-end> + VLAN IDs range (use '-' as delimiter) + + + + + Not a valid VLAN ID or range, VLAN ID must be between 0 and 4094 + + + + + Virtual Network Identifier + + u32:0-16777214 + VXLAN virtual network identifier + + + <start-end> + VXLAN virtual network IDs range (use '-' as delimiter) + + + + + Not a valid VXLAN virtual network ID or range + + + + + + + + + diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in new file mode 100644 index 0000000..ce49de0 --- /dev/null +++ b/interface-definitions/interfaces_wireguard.xml.in @@ -0,0 +1,129 @@ + + + + + + + WireGuard Interface + 379 + + wg[0-9]+ + + WireGuard interface must be named wgN + + wgN + WireGuard interface name + + + + #include + #include + #include + #include + #include + + 1420 + + #include + #include + #include + + + A 32-bit fwmark value set on all outgoing packets + + number + value which marks the packet for QoS/shaper + + + + + + 0 + + + + Base64 encoded private key + + + + Key is not base64-encoded + + + + + peer alias + + [^ ]{1,100} + + peer alias too long (limit 100 characters) + + + #include + #include + + + base64 encoded public key + + + + Key is not base64-encoded + + + + + base64 encoded preshared key + + + + Key is not base64-encoded + + + + + IP addresses allowed to traverse the peer + + + + + + + + + IP address of tunnel endpoint + + ipv4 + IPv4 address of remote tunnel endpoint + + + ipv6 + IPv6 address of remote tunnel endpoint + + + + + + + + #include + + + Interval to send keepalive messages + + u32:1-65535 + Interval in seconds + + + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in new file mode 100644 index 0000000..4749535 --- /dev/null +++ b/interface-definitions/interfaces_wireless.xml.in @@ -0,0 +1,1026 @@ + + + + + + + Wireless (WiFi/WLAN) Network Interface + 318 + + + + + wlan[0-9]+ + + Wireless interface must be named wlanN + + wlanN + Wireless (WiFi/WLAN) interface name + + + + #include + + + HT and VHT capabilities for your card + + + + + High Throughput (HT) settings + + + + + 40MHz intolerance, use 20MHz only! + + + + + + Enable WMM-PS unscheduled automatic power save delivery [U-APSD] + + + + + + Supported channel set width + + ht20 ht40+ ht40- + + + ht20 + Supported channel set width both 20 MHz only + + + ht40+ + Supported channel set width both 20 MHz and 40 MHz with secondary channel above primary channel + + + ht40- + Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel + + + (ht20|ht40\+|ht40-) + + + + + + + Enable HT-delayed block ack + + + + + + Enable DSSS_CCK-40 + + + + + + Enable HT-greenfield + + + + + + Enable LDPC coding capability + + + + + + Enable L-SIG TXOP protection capability + + + + + + Set maximum A-MSDU length + + 3839 7935 + + + 3839 + Set maximum A-MSDU length to 3839 octets + + + 7935 + Set maximum A-MSDU length to 7935 octets + + + (3839|7935) + + + + + + Short GI capabilities + + 20 40 + + + 20 + Short GI for 20 MHz + + + 40 + Short GI for 40 MHz + + + (20|40) + + + + + + + Spatial Multiplexing Power Save (SMPS) settings + + static dynamic + + + static + STATIC Spatial Multiplexing (SM) Power Save + + + dynamic + DYNAMIC Spatial Multiplexing (SM) Power Save + + + (static|dynamic) + + + + + + Support for sending and receiving PPDU using STBC (Space Time Block Coding) + + + + + Enable receiving PPDU using STBC (Space Time Block Coding) + + [1-3]+ + Number of spacial streams that can use RX STBC + + + [1-3]+ + + Invalid capability item + + + + + Enable sending PPDU using STBC (Space Time Block Coding) + + + + + + + + + + Require stations to support HT PHY + + + + + + Very High Throughput (VHT) settings + + + + + Number of antennas on this card + + u32:1-8 + Number of antennas for this card + + + + + + + + + Set if antenna pattern does not change during the lifetime of an association + + + + + + VHT beamforming capabilities + + single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee + + + single-user-beamformer + Support for operation as single user beamformer + + + single-user-beamformee + Support for operation as single user beamformee + + + multi-user-beamformer + Support for operation as multi user beamformer + + + multi-user-beamformee + Support for operation as multi user beamformee + + + (single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee) + + + + + + + VHT operating channel center frequency + + + + + VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes) + + u32:34-177 + 5Ghz (802.11 a/h/j/n/ac) center channel index (use 42 for primary 80MHz channel 36) + + + + + Channel center value must be between 34 and 177 + + + + + VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode) + + u32:34-177 + 5Ghz (802.11 ac) center channel index (use 58 for secondary 80MHz channel 52) + + + + + Channel center value must be between 34 and 177 + + + + + + + VHT operating Channel width + + 0 1 2 3 + + + 0 + 20 or 40 MHz channel width + + + 1 + 80 MHz channel width + + + 2 + 160 MHz channel width + + + 3 + 80+80 MHz channel width + + + + + + + + + Enable LDPC (Low Density Parity Check) coding capability + + + + + + VHT link adaptation capabilities + + unsolicited both + + + unsolicited + Station provides only unsolicited VHT MFB + + + both + Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB + + + (unsolicited|both) + + Invalid capability item + + + + + Set the maximum length of A-MPDU pre-EOF padding that the station can receive + + u32:0-7 + Maximum length of A-MPDU pre-EOF padding = 2 pow(13 + x) -1 octets + + + + + + + + + Increase Maximum MPDU length to 7991 or 11454 octets (otherwise: 3895 octets) + + 7991 11454 + + + 7991 + ncrease Maximum MPDU length to 7991 octets + + + 11454 + ncrease Maximum MPDU length to 11454 octets + + + (7991|11454) + + + + + + Short GI capabilities + + 80 160 + + + 80 + Short GI for 80 MHz + + + 160 + Short GI for 160 MHz + + + (80|160) + + + + + + + Support for sending and receiving PPDU using STBC (Space Time Block Coding) + + + + + Enable receiving PPDU using STBC (Space Time Block Coding) + + [1-4]+ + Number of spacial streams that can use RX STBC + + + [1-4]+ + + Invalid capability item + + + + + Enable sending PPDU using STBC (Space Time Block Coding) + + + + + + + + Enable VHT TXOP Power Save Mode + + + + + + Station supports receiving VHT variant HT Control field + + + + + + + + Require stations to support VHT PHY + + + + + + High Efficiency (HE) settings + + + + + HE operating channel width + + + 81 83 84 131 132 133 134 135 + + + 81 + 2.4GHz, 20 MHz channel width + + + 83 + 2.4GHz, 40 MHz channel width, secondary 20MHz channel above primary channel + + + 84 + 2.4GHz, 40 MHz channel width, secondary 20MHz channel below primary channel + + + 131 + 6GHz, 20 MHz channel width + + + 132 + 6GHz, 40 MHz channel width + + + 133 + 6GHz, 80 MHz channel width + + + 134 + 6GHz, 160 MHz channel width + + + 135 + 6GHz, 80+80 MHz channel width + + + (81|83|84|131|132|133|134|135) + + + + + + HE operating channel center frequency + + + + + HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes) + + u32:1-233 + 6Ghz (802.11 ax) center channel index (use 3 (at 40MHz), 7 (at 80MHz) or 15 (at 160MHz) for primary channel 1) + + + + + Channel center value must be between 1 and 233 + + + + + HE operating channel center frequency - center freq 2 (for use with the 80+80 mode) + + u32:1-233 + 6Ghz (802.11 ax) center channel index (use 23 (at 80MHz) for secondary channel 17) + + + + + Channel center value must be between 1 and 233 + + + + + + + Tell the AP that antenna positions are fixed and will not change during the lifetime of an association + + + + + + HE beamforming capabilities + + + + + Support for operation as single user beamformer + + + + + + Support for operation as single user beamformee + + + + + + Support for operation as multi user beamformer + + + + + + + + BSS coloring helps to prevent channel jamming when multiple APs use the same channels + + + + + + + + Spacial Stream and Modulation Coding Scheme settings + + u32:0 + HE-MCS 0-7 + + + u32:1 + HE-MCS 0-9 + + + u32:2 + HE-MCS 0-11 + + + u32:3 + HE-MCS is not supported + + + + + + + + + + + Require stations to support HE PHY + + + + + + + + Wireless radio channel + + 0 + Automatic Channel Selection (ACS) + + + u32:1-14 + 2.4Ghz (802.11 b/g/n/ax) Channel + + + u32:34-177 + 5Ghz (802.11 a/h/j/n/ac) Channel + + + u32:1-233 + 6Ghz (802.11 ax) Channel + + + + + + 0 + + #include + #include + #include + + + Disable broadcast of SSID from access-point + + + + #include + #include + #include + + + Disassociate stations based on excessive transmission failures + + + + #include + #include + #include + + + Isolate stations on the AP so they cannot see each other + + + + #include + + + Maximum number of wireless radio stations. Excess stations will be rejected upon authentication request. + + u32:1-2007 + Number of allowed stations + + + + + Number of stations must be between 1 and 2007 + + + + + Stationary AP config indicates that the AP doesn't move. + + + + + + Management Frame Protection (MFP) according to IEEE 802.11w + + disabled optional required + + + disabled + no MFP + + + optional + MFP optional + + + required + MFP enforced (mandatory for WPA3) + + + (disabled|optional|required) + + + disabled + + + + Beacon Protection: management frame protection for Beacon frames, requires Management Frame Protection (MFP) + + + disabled + + + + Wireless radio mode + + a b g n ac ax + + + a + 802.11a - 54 Mbits/sec + + + b + 802.11b - 11 Mbits/sec + + + g + 802.11g - 54 Mbits/sec + + + n + 802.11n - 600 Mbits/sec + + + ac + 802.11ac - 1300 Mbits/sec + + + ax + 802.11ax (6GHz only for now) + + + (a|b|g|n|ac|ax) + + + g + + + #include + + + Wireless physical device + + + + + + + + phy0 + + + + Transmission power reduction in dBm + + u32:0-255 + TX power reduction in dBm + + + + + dBm value must be between 0 and 255 + + + + + Wireless security settings + + + + + Station MAC address based authentication + + + + + Select security operation mode + + accept deny + + + accept + Accept all clients unless found in deny list + + + deny + Deny all clients unless found in accept list + + + (accept|deny) + + + accept + + + + Accept station MAC address + + + #include + + + + + Deny station MAC address + + + #include + + + + + + + Wired Equivalent Privacy (WEP) parameters + + + + + WEP encryption key + + txt + Wired Equivalent Privacy key + + + ([a-fA-F0-9]{10}|[a-fA-F0-9]{26}|[a-fA-F0-9]{32}) + + Invalid WEP key + + + + + + + + Wifi Protected Access (WPA) parameters + + + + + Cipher suite for WPA unicast packets + + GCMP-256 GCMP CCMP-256 CCMP TKIP + + + GCMP-256 + AES in Galois/counter mode with 256-bit key + + + GCMP + AES in Galois/counter mode with 128-bit key + + + CCMP-256 + AES in Counter mode with CBC-MAC with 256-bit key + + + CCMP + AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs) + + + TKIP + Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] + + + (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) + + Invalid cipher selection + + + + + + Cipher suite for WPA multicast and broadcast packets + + GCMP-256 GCMP CCMP-256 CCMP TKIP + + + GCMP-256 + AES in Galois/counter mode with 256-bit key + + + GCMP + AES in Galois/counter mode with 128-bit key + + + CCMP-256 + AES in Counter mode with CBC-MAC with 256-bit key + + + CCMP + AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs) + + + TKIP + Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] + + + (GCMP-256|GCMP|CCMP-256|CCMP|TKIP) + + Invalid group cipher selection + + + + + Group management cipher suite. All the stations connecting to the BSS will also need to support the selected cipher + + AES-128-CMAC BIP-CMAC-256 BIP-GMAC-128 BIP-GMAC-256 + + + (AES-128-CMAC|BIP-CMAC-256|BIP-GMAC-128|BIP-GMAC-256) + + Invalid group management cipher selection + + AES-128-CMAC + + + + WPA mode + + wpa wpa2 wpa+wpa2 wpa3 + + + wpa + WPA (IEEE 802.11i/D3.0) + + + wpa2 + WPA2 (full IEEE 802.11i/RSN) + + + wpa+wpa2 + Allow both WPA and WPA2 + + + wpa3 + WPA3 (required for 802.11ax, you must also set mgmt-frame-protection as required) + + + (wpa|wpa2|wpa\+wpa2|wpa3) + + Unknown WPA mode + + wpa+wpa2 + + #include + + + WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required. + + txt + Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise + + + [[:ascii:]]{1,256} + + Invalid WPA pass phrase, must be 8 to 63 printable characters! + + + #include + + + + + + + Enable RADIUS server to receive accounting info + + + + + + + + + + + + + + Wireless access-point service set identifier (SSID) + + .{1,32} + + Invalid SSID + + + + + Basic Service Set Identifier (BSSID) - currently station mode only + + macaddr + BSSID (MAC) address + + + + + Invalid BSSID + + + + + Wireless device type for this interface + + access-point station monitor + + + access-point + Access-point forwards packets between other nodes + + + station + Connects to another access point + + + monitor + Passively monitor all packets on the frequency/channel + + + (access-point|station|monitor) + + Type must be access-point, station or monitor + + monitor + + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/interfaces_wwan.xml.in b/interface-definitions/interfaces_wwan.xml.in new file mode 100644 index 0000000..1580c3b --- /dev/null +++ b/interface-definitions/interfaces_wwan.xml.in @@ -0,0 +1,48 @@ + + + + + + + Wireless Modem (WWAN) Interface + 350 + + + + + wwan[0-9]+ + + Wireless Modem interface must be named wwanN + + wwanN + Wireless Wide Area Network interface name + + + + #include + + + Access Point Name (APN) + + + #include + #include + #include + #include + #include + #include + #include + #include + + 1430 + + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in new file mode 100644 index 0000000..1827462 --- /dev/null +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -0,0 +1,344 @@ + + + + + + + Configure reverse-proxy + 900 + + + + + Frontend service name + + #include + + Server name must be alphanumeric and can contain hyphen and underscores + + + + + Backend member + + #include + + Backend name must be alphanumeric and can contain hyphen and underscores + + txt + Name of reverse-proxy backend system + + + load-balancing reverse-proxy backend + + + + + #include + #include + #include + #include + #include + #include + #include + #include + + + Redirect HTTP to HTTPS + + + + + + SSL Certificate, SSL Key and CA + + + #include + + + + + + + Backend server name + + #include + + Backend name must be alphanumeric and can contain hyphen and underscores + + + + + Load-balancing algorithm + + source-address round-robin least-connection + + + source-address + Based on hash of source IP address + + + round-robin + Round robin + + + least-connection + Least connection + + + (source-address|round-robin|least-connection) + + + round-robin + + #include + #include + #include + #include + + + HTTP check configuration + + + + + HTTP method used for health check + + options head get post put + + + options|head|get|post|put + HTTP method used for health checking + + + (options|head|get|post|put) + + + + + + URI used for HTTP health check (Example: '/' or '/health') + + ^\/([^?#\s]*)(\?[^#\s]*)?$ + + + + + + Expected response for the health check to pass + + + + + Expected response status code for the health check to pass + + u32:200-399 + Expected response code + + + + + Status code must be in range 200-399 + + + + + Expected to be in response body for the health check to pass + + txt + A string expected to be in the response + + + + + + + + + + Non HTTP health check options + + ldap mysql pgsql redis smtp + + + ldap + LDAP protocol check + + + mysql + MySQL protocol check + + + pgsql + PostgreSQL protocol check + + + redis + Redis protocol check + + + smtp + SMTP protocol check + + + (ldap|mysql|redis|pgsql|smtp) + + + + #include + + + Backend server name + + + + + Backend server address + + ipv4 + IPv4 unicast peer address + + + ipv6 + IPv6 unicast peer address + + + + + + + + + Use backup server if other servers are not available + + + + + + Active health check backend server + + + + #include + + + Send a Proxy Protocol version 1 header (text format) + + + + + + Send a Proxy Protocol version 2 header (binary format) + + + + + + + + SSL Certificate, SSL Key and CA + + + #include + + + Do not attempt to verify SSL certificates for backend servers + + + + + + #include + + + + + Global perfomance parameters and limits + + + #include + + + Maximum allowed connections + + u32:1-2000000 + Maximum allowed connections + + + + + + + + + Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers + + ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 + + + ecdhe-ecdsa-aes128-gcm-sha256 + ecdhe-ecdsa-aes128-gcm-sha256 + + + ecdhe-rsa-aes128-gcm-sha256 + ecdhe-rsa-aes128-gcm-sha256 + + + ecdhe-ecdsa-aes256-gcm-sha384 + ecdhe-ecdsa-aes256-gcm-sha384 + + + ecdhe-rsa-aes256-gcm-sha384 + ecdhe-rsa-aes256-gcm-sha384 + + + ecdhe-ecdsa-chacha20-poly1305 + ecdhe-ecdsa-chacha20-poly1305 + + + ecdhe-rsa-chacha20-poly1305 + ecdhe-rsa-chacha20-poly1305 + + + dhe-rsa-aes128-gcm-sha256 + dhe-rsa-aes128-gcm-sha256 + + + dhe-rsa-aes256-gcm-sha384 + dhe-rsa-aes256-gcm-sha384 + + + (ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384) + + + + ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 + + + + Specify the minimum required TLS version + + 1.2 1.3 + + + 1.2 + TLS v1.2 + + + 1.3 + TLS v1.3 + + + (1.2|1.3) + + + 1.3 + + + + #include + + + + + diff --git a/interface-definitions/load-balancing_wan.xml.in b/interface-definitions/load-balancing_wan.xml.in new file mode 100644 index 0000000..310aa03 --- /dev/null +++ b/interface-definitions/load-balancing_wan.xml.in @@ -0,0 +1,399 @@ + + + + + Configure load-balancing + + + + + Configure Wide Area Network (WAN) load-balancing + 900 + + + + + Disable source NAT rules from being configured for WAN load balancing + + + + + + Enable WAN load balancing for locally sourced traffic + + + + + + Flush connection tracking tables on connection state change + + + + + + Script to be executed on interface status change + + txt + Script in /config/scripts + + + + + + + + + Interface name + + + + + + + + Failure count + + u32:1-10 + Failure count + + + + + + 1 + + + + Outbound interface nexthop address. Can be 'DHCP or IPv4 address' [REQUIRED] + + dhcp + + + ipv4 + Nexthop IP address + + + dhcp + Set the nexthop via DHCP + + + + (dhcp) + + + + + + Success count + + u32:1-10 + Success count + + + + + + 1 + + + + Rule number + + u32:0-4294967295 + Rule number + + + + + + + + + Ping response time (seconds) + + u32:1-30 + Response time (seconds) + + + + + + 5 + + + + Health target address + + ipv4 + Health target address + + + + + + + + + Path to user-defined script + + txt + Script in /config/scripts + + + + + + + + + TTL limit (hop count) + + u32:1-254 + Number of hops + + + + + + 1 + + + + WLB test type + + ping ttl user-defined + + + ping + Test with ICMP echo response + + + ttl + Test with UDP TTL expired response + + + user-defined + User-defined test script + + + (ping|ttl|user-defined) + + + ping + + + + + + + + Rule number (1-9999) + + u32:1-9999 + Rule number + + + + + + + #include + + + Destination + + + #include + #include + + + + + Exclude packets matching this rule from WAN load balance + + + + + + Enable failover for packets matching this rule from WAN load balance + + + + + + Inbound interface name (e.g., "eth0") [REQUIRED] + + any + + + + + + + Interface name [REQUIRED] + + + + + + + + Load-balance weight + + u32:1-255 + Interface weight + + + + + Weight must be between 1 and 255 + + 1 + + + + + + Enable packet limit for this rule + + + + + Burst limit for matching packets + + u32:0-4294967295 + Burst limit for matching packets + + + + + + 5 + + + + Time window for rate calculation + + hour minute second + + + hour + hour + + + minute + minute + + + second + second + + + (hour|minute|second) + + + second + + + + Number of packets used for rate limit + + u32:0-4294967295 + Number of packets used for rate limit + + + + + + 5 + + + + Threshold behavior for limit + + above below + + + above + Above limit + + + below + Below limit + + + (above|below) + + + below + + + + + + Option to match traffic per-packet instead of the default, per-flow + + + + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + all + + + + Source information + + + #include + #include + + + + + + + Configure sticky connections + + + + + Enable sticky incoming WAN connections + + + + + + + + + + diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in new file mode 100644 index 0000000..73a7481 --- /dev/null +++ b/interface-definitions/nat.xml.in @@ -0,0 +1,159 @@ + + + + + Network Address Translation (NAT) parameters + 220 + + + + + Destination NAT settings + + + #include + + + #include + + + Inside NAT IP (destination NAT only) + + + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + + + + + + + #include + #include + + + Redirect to local host + + + #include + + + + + + + + + + + Source NAT settings + + + #include + + + Rule number for NAT + + u32:1-999999 + Number of NAT rule + + + + + NAT rule number must be between 1 and 999999 + + + #include + + + Outside NAT IP (source NAT only) + + + + + IP address, subnet, or range + + masquerade + + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + masquerade + NAT to the primary address of outbound-interface + + + + + + (masquerade) + + + + #include + #include + + + + + + + + + Static NAT (one-to-one) + + + + + Rule number for NAT + + + #include + + + NAT destination parameters + + + #include + + + #include + #include + + + Translation address or prefix + + + #include + + + + + + + + + diff --git a/interface-definitions/nat64.xml.in b/interface-definitions/nat64.xml.in new file mode 100644 index 0000000..4b3c157 --- /dev/null +++ b/interface-definitions/nat64.xml.in @@ -0,0 +1,116 @@ + + + + + Network Address Translation (NAT64) parameters + 501 + + + + + IPv6 source to IPv4 destination address translation + + + + + Source NAT64 rule number + + u32:1-999999 + Number for this rule + + + + + NAT64 rule number must be between 1 and 999999 + + + #include + #include + + + Match + + + + + Match fwmark value + + u32:1-2147483647 + Fwmark value to match against + + + + + + + + + + + IPv6 source prefix options + + + + + IPv6 prefix to be translated + + ipv6net + IPv6 prefix + + + + + + + + + + + Translated IPv4 address options + + + + + Translation IPv4 pool number + + u32:1-999999 + Number for this rule + + + + + NAT64 pool number must be between 1 and 999999 + + + #include + #include + #include + #include + + + IPv4 address or prefix to translate to + + ipv4 + IPv4 address + + + ipv4net + IPv4 prefix + + + + + + + + + + + + + + + + + + diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in new file mode 100644 index 0000000..c59725c --- /dev/null +++ b/interface-definitions/nat66.xml.in @@ -0,0 +1,251 @@ + + + + + Network Prefix Translation (NAT66/NPTv6) parameters + 500 + + + + + Prefix mapping of IPv6 source address translation + + + + + Source NAT66 rule number + + u32:1-999999 + Number for this rule + + + + + NAT66 rule number must be between 1 and 999999 + + + #include + #include + #include + #include + #include + #include + + + IPv6 destination prefix options + + + + + IPv6 prefix to be translated + + ipv6net + IPv6 prefix + + + !ipv6net + Match everything except the specified IPv6 prefix + + + + + + + + #include + + + + + IPv6 source prefix options + + + + + IPv6 prefix to be translated + + ipv6net + IPv6 prefix + + + !ipv6net + Match everything except the specified IPv6 prefix + + + + + + + + #include + + + + + Translated IPv6 address options + + + + + IPv6 address to translate to + + masquerade + + + ipv6 + IPv6 address + + + ipv6net + IPv6 prefix + + + masquerade + NAT to the primary address of outbound-interface + + + + + (masquerade) + + + + #include + + + + + + + + + Prefix mapping for IPv6 destination address translation + + + + + Destination NAT66 rule number + + u32:1-999999 + Number for this rule + + + + + NAT66 rule number must be between 1 and 999999 + + + #include + #include + #include + + + NAT66 rule logging + + + + #include + #include + + + IPv6 destination prefix options + + + + + IPv6 address or prefix to be translated + + ipv6 + IPv6 address + + + ipv6net + IPv6 prefix + + + !ipv6 + Match everything except the specified IPv6 address + + + !ipv6net + Match everything except the specified IPv6 prefix + + + + + + + + + + #include + #include + + + + + IPv6 source prefix options + + + + + IPv6 address or prefix to be translated + + ipv6 + IPv6 address + + + ipv6net + IPv6 prefix + + + !ipv6 + Match everything except the specified IPv6 address + + + !ipv6net + Match everything except the specified IPv6 prefix + + + + + + + + + + #include + + + + + Translated IPv6 address options + + + + + IPv6 address or prefix to translate to + + ipv6 + IPv6 address + + + ipv6net + IPv6 prefix + + + + + + + + #include + + + + + + + + + diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in new file mode 100644 index 0000000..71f4d67 --- /dev/null +++ b/interface-definitions/nat_cgnat.xml.in @@ -0,0 +1,204 @@ + + + + + + + Carrier-grade NAT (CGNAT) parameters + 221 + + + + + Log IP address and port allocation + + + + + + External and internal pool parameters + + + + + External pool name + + txt + External pool name + + + #include + + Name of pool can only contain alpha-numeric letters, hyphen and underscores + + + + + Port range + + range + Numbered port range (e.g., 1001-1005) + + + + + + 1024-65535 + + + + Per user limits for the pool + + + + + Ports per user + + u32:1-65535 + Numeric IP port + + + + + + 2000 + + + + + + Range of IP addresses + + ipv4net + IPv4 prefix + + + ipv4range + IPv4 address range + + + + + + + + + + + Sequence + + u32:1-999999 + Sequence number + + + + + Sequence number must be between 1 and 999999 + + + + + + + + + Internal pool name + + txt + Internal pool name + + + #include + + Name of pool can only contain alpha-numeric letters, hyphen and underscores + + + + + Range of IP addresses + + ipv4net + IPv4 prefix + + + ipv4range + IPv4 address range + + + + + + + + + + + + + + + + Rule + + u32:1-999999 + Number for this CGNAT rule + + + + + Rule number must be between 1 and 999999 + + + + + Source parameters + + + + + Source internal pool + + nat cgnat pool internal + + + txt + Source internal pool name + + + #include + + Name of pool can only contain alpha-numeric letters, hyphen and underscores + + + + + + + Translation parameters + + + + + Translation external pool + + nat cgnat pool external + + + txt + Translation external pool name + + + #include + + Name of pool can only contain alpha-numeric letters, hyphen and underscores + + + + + + + + + + + diff --git a/interface-definitions/netns.xml.in b/interface-definitions/netns.xml.in new file mode 100644 index 0000000..d5026bf --- /dev/null +++ b/interface-definitions/netns.xml.in @@ -0,0 +1,23 @@ + + + + + Network namespace + 10 + + + + + Network namespace name + + [a-zA-Z0-9-_]{1,100} + + Netns name must be alphanumeric and can contain hyphens and underscores. + + + #include + + + + + diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in new file mode 100644 index 0000000..b922771 --- /dev/null +++ b/interface-definitions/pki.xml.in @@ -0,0 +1,287 @@ + + + + + Public key infrastructure (PKI) + 300 + + + + + Certificate Authority + + #include + + + + #include + #include + + + CA private key in PEM format + + + #include + #include + + + + + Certificate revocation list in PEM format + + + + CRL is not base64-encoded + + + + #include + + + + + Certificate + + #include + + + + #include + + + Automatic Certificate Management Environment (ACME) request + + + #include + + https://acme-v02.api.letsencrypt.org/directory + + + + Domain Name + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_ + + + + + + Email address to associate with certificate + + #include + + + + #include + + + Size of the RSA key + + 2048 3072 4096 + + + 2048 + RSA key length 2048 bit + + + 3072 + RSA key length 3072 bit + + + 4096 + RSA key length 4096 bit + + + (2048|3072|4096) + + + 2048 + + + + #include + + + Certificate private key + + + #include + #include + + + #include + + + + + Diffie-Hellman parameters + + #include + + + + + + DH parameters in PEM format + + + + DH parameters are not base64-encoded + + + + + + + Public and private keys + + + + + Public key + + + #include + + + + + Private key + + + #include + #include + + + + + + + OpenSSH public and private keys + + + + + Public key + + + #include + + + SSH public key type + + ssh-rsa + + + ssh-rsa + Key pair based on RSA algorithm + + + (ssh-rsa) + + + + + + + + Private key + + + #include + #include + + + + + + + OpenSSH public and private keys + + + + + Public key + + + #include + + + + + Private key + + + #include + #include + + + + + + + OpenVPN keys + + + + + OpenVPN shared secret key + + + + + OpenVPN shared secret key data + + + + + OpenVPN shared secret key version + + + + + + + + + X509 Settings + + + + + X509 Default Values + + + + + Default country + + GB + + + + Default state + + Some-State + + + + Default locality + + Some-City + + + + Default organization + + VyOS + + + + + + + + diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in new file mode 100644 index 0000000..eb907cb --- /dev/null +++ b/interface-definitions/policy.xml.in @@ -0,0 +1,1578 @@ + + + + + 200 + Routing policy + + + + + IP access-list filter + + u32:1-99 + IP standard access list + + + u32:100-199 + IP extended access list + + + u32:1300-1999 + IP standard access list (expanded range) + + + u32:2000-2699 + IP extended access list (expanded range) + + + + #include + + + Rule for this access-list + + u32:1-65535 + Access-list rule number + + + + + + + #include + #include + + + Destination network or address + + + + + Any IP address to match + + + + #include + #include + #include + + + + + Source network or address to match + + + + + Any IP address to match + + + + #include + #include + #include + + + + + + + + + IPv6 access-list filter + + txt + Name of IPv6 access-list + + + + #include + + + Rule for this access-list6 + + u32:1-65535 + Access-list6 rule number + + + + + + + #include + #include + + + Source IPv6 network to match + + + + + Any IP address to match + + + + + + Exact match of the network prefixes + + + + + + Network/netmask to match + + ipv6net + IPv6 address and prefix length + + + + + + + + + + + + + + + Add a BGP autonomous system path filter + + txt + AS path list name + + + + #include + + + Rule for this as-path-list + + u32:1-65535 + AS path list rule number + + + + + + + #include + #include + + + Regular expression to match against an AS path + + txt + AS path regular expression (ex: "64501 64502") + + + + + + + + + + Add a BGP community list entry + + txt + BGP community-list name + + + + #include + + + Rule for this BGP community list + + u32:1-65535 + Community-list rule number + + + + + + + #include + #include + + + Regular expression to match against a community-list + + local-AS no-advertise no-export internet additive + + + <aa:nn> + Community number in AA:NN format + + + local-AS + Well-known communities value NO_EXPORT_SUBCONFED 0xFFFFFF03 + + + no-advertise + Well-known communities value NO_ADVERTISE 0xFFFFFF02 + + + no-export + Well-known communities value NO_EXPORT 0xFFFFFF01 + + + internet + Well-known communities value 0 + + + additive + New value is appended to the existing value + + + + + + + + + + Add a BGP extended community list entry + + txt + BGP extended community-list name + + + #include + + Should be an alphanumeric name + + + #include + + + Rule for this BGP extended community list + + u32:1-65535 + Extended community-list rule number + + + + + + + #include + #include + + + Regular expression to match against an extended community list + + <aa:nn:nn> + Extended community list regular expression + + + <rt aa:nn:nn> + Route Target regular expression + + + <soo aa:nn:nn> + Site of Origin regular expression + + + + + + + + + + Add a BGP large community list entry + + txt + BGP large-community-list name + + + #include + + Should be an alphanumeric name + + + #include + + + Rule for this BGP extended community list + + u32:1-65535 + Large community-list rule number + + + + + + + #include + #include + + + Regular expression to match against a large community list + + ASN:NN:NN + BGP large-community-list filter + + + IP:NN:NN + BGP large-community-list filter (IPv4 address format) + + + + + Malformed large-community-list + + + + + + + + + IP prefix-list filter + + txt + Name of IPv4 prefix-list + + + #include + + Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores + + + #include + + + Rule for this prefix-list + + u32:1-65535 + Prefix-list rule number + + + + + + + #include + #include + + + Prefix length to match a netmask greater than or equal to it + + u32:0-32 + Netmask greater than length + + + + + + + + + Prefix length to match a netmask less than or equal to it + + u32:0-32 + Netmask less than length + + + + + + + + + Prefix to match + + ipv4net + Prefix to match against + + + + + + + + + + + + + IPv6 prefix-list filter + + txt + Name of IPv6 prefix-list + + + #include + + Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores + + + #include + + + Rule for this prefix-list6 + + u32:1-65535 + Prefix-list rule number + + + + + + + #include + #include + + + Prefix length to match a netmask greater than or equal to it + + u32:0-128 + Netmask greater than length + + + + + + + + + Prefix length to match a netmask less than or equal to it + + u32:0-128 + Netmask less than length + + + + + + + + + Prefix to match + + ipv6net + IPv6 prefix + + + + + + + + + + + + + IP route-map + + txt + Route map name + + + #include + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + #include + + + Rule for this route-map + + u32:1-65535 + Route-map rule number + + + + + + + #include + + + Call another route-map on match + + txt + Route map name + + + policy route-map + + + + + + Jump to a different rule in this route-map on a match + + u32:1-65535 + Rule number + + + + #include + + + Route parameters to match + + + + + BGP as-path-list to match + + policy as-path-list + + + + + + BGP community-list to match + + + + + BGP community-list to match + + policy community-list + + + + + + Community-list to exactly match + + + + + + + + Ethernet Virtual Private Network + + + + + Default EVPN type-5 route + + + + #include + + + Match route-type + + macip multicast prefix + + + macip + mac-ip route + + + multicast + IMET route + + + prefix + Prefix route + + + (macip|multicast|prefix) + + + + #include + + + + + BGP extended community to match + + policy extcommunity-list + + + + #include + + + IP prefix parameters to match + + + + + IP address of route to match + + + + + IP access-list to match + + u32:1-99 + IP standard access list + + + u32:100-199 + IP extended access list + + + u32:1300-1999 + IP standard access list (expanded range) + + + u32:2000-2699 + IP extended access list (expanded range) + + + + + + IP prefix-list to match + + policy prefix-list + + + + + + IP prefix-length to match (can be used for kernel routes only) + + u32:0-32 + Prefix length + + + + + + + + + + + + IP next-hop of route to match + + + + + IP address to match + + ipv4 + Nexthop IP address + + + + + + + + + IP access-list to match + + u32:1-99 + IP standard access list + + + u32:100-199 + IP extended access list + + + u32:1300-1999 + IP standard access list (expanded range) + + + u32:2000-2699 + IP extended access list (expanded range) + + + + + + IP prefix-length to match + + u32:0-32 + Prefix length + + + + + + + + + IP prefix-list to match + + policy prefix-list + + + + + + Match type + + blackhole + + + blackhole + Blackhole + + + (blackhole) + + + + + + + + Match advertising source address of route + + + + + IP access-list to match + + u32:1-99 + IP standard access list + + + u32:100-199 + IP extended access list + + + u32:1300-1999 + IP standard access list (expanded range) + + + u32:2000-2699 + IP extended access list (expanded range) + + + + + + IP prefix-list to match + + policy prefix-list + + + + + + + + + + IPv6 prefix parameters to match + + + + + IPv6 address of route to match + + + + + IPv6 access-list to match + + txt + IPV6 access list name + + + policy access-list6 + + + + + + IPv6 prefix-list to match + + policy prefix-list6 + + + + + + IPv6 prefix-length to match (can be used for kernel routes only) + + u32:0-128 + Prefix length + + + + + + + + + + + + IPv6 next-hop of route to match + + + + + IPv6 address of next-hop + + ipv6 + Nexthop IPv6 address + + + + + + + + + IPv6 access-list to match + + txt + IPV6 access list name + + + policy access-list6 + + + + + + IPv6 prefix-list to match + + policy prefix-list6 + + + + + + Match type + + blackhole + + + blackhole + Blackhole + + + (blackhole) + + + + + + + + + + Match BGP large communities + + + + + BGP large-community-list to match + + policy large-community-list + + + + + + + + Local Preference + + u32:0-4294967295 + Local Preference + + + + + + + + + Metric of route to match + + u32:1-65535 + Route metric + + + + + + + + + BGP origin code to match + + egp igp incomplete + + + egp + Exterior gateway protocol origin + + + igp + Interior gateway protocol origin + + + incomplete + Incomplete origin + + + (egp|igp|incomplete) + + + + + + Peer address to match + + ipv4 + Peer IP address + + + ipv6 + Peer IPv6 address + + + + + + + + + Match protocol via which the route was learnt + + babel bgp connected isis kernel ospf ospfv3 rip ripng static table vnc + + + babel + Babel routing protocol (Babel) + + + bgp + Border Gateway Protocol (BGP) + + + connected + Connected routes (directly attached subnet or host) + + + isis + Intermediate System to Intermediate System (IS-IS) + + + kernel + Kernel routes + + + ospf + Open Shortest Path First (OSPFv2) + + + ospfv3 + Open Shortest Path First (IPv6) (OSPFv3) + + + rip + Routing Information Protocol (RIP) + + + ripng + Routing Information Protocol next-generation (IPv6) (RIPng) + + + static + Statically configured routes + + + table + Non-main Kernel Routing Table + + + vnc + Virtual Network Control (VNC) + + + (babel|bgp|connected|isis|kernel|ospf|ospfv3|rip|ripng|static|table|vnc) + + + + + + Match RPKI validation result + + invalid notfound valid + + + invalid + Match invalid entries + + + notfound + Match notfound entries + + + valid + Match valid entries + + + (invalid|notfound|valid) + + + + #include + + + + + Exit policy on matches + + + + + Rule number to goto on match + + u32:1-65535 + Rule number + + + + + + + + + Next sequence number to goto on match + + + + + + + + Route parameters + + + + + BGP aggregator attribute + + + + + AS number of an aggregation + + u32:1-4294967295 + Rule number + + + + + + + + + IP address of an aggregation + + ipv4 + IP address + + + + + + + + + + + Transform BGP AS_PATH attribute + + + + + Remove/exclude from the as-path attribute + + all + + + u32:1-4294967295 + AS number + + + all + Exclude all AS numbers from the as-path + + + + (all) + + + + + + Prepend to the as-path + + u32:1-4294967295 + AS number + + + + + + + + + Use the last AS-number in the as-path + + u32:1-10 + Number of times to insert + + + + + + + + + + + BGP atomic aggregate attribute + + + + + + BGP community attribute + + + + + Add communities to a prefix + #include + + + + + Set communities for a prefix + #include + + + #include + + + Remove communities defined in a list from a prefix + + policy community-list + + + Community-list + txt + + + + + + + + BGP large community attribute + + + + + Add large communities to a prefix ; + #include + + + + + Set large communities for a prefix + #include + + + #include + + + Remove communities defined in a list from a prefix + + policy large-community-list + + + Community-list + txt + + + + + + + + BGP extended community attribute + + + + + Bandwidth value in Mbps + + cumulative num-multipaths + + + u32:1-25600 + Bandwidth value in Mbps + + + cumulative + Cumulative bandwidth of all multipaths (outbound-only) + + + num-multipaths + Internally computed bandwidth based on number of multipaths (outbound-only) + + + + (cumulative|num-multipaths) + + + + + + The link bandwidth extended community is encoded as non-transitive + + + + + + Set route target value + #include + + + + + Set Site of Origin value + #include + + + #include + + + + + Locally significant administrative distance + + u32:0-255 + Distance value + + + + + + + + + Ethernet Virtual Private Network + + + + + Set gateway IP for prefix advertisement route + + + + + Set gateway IPv4 address + + ipv4 + Gateway IPv4 address + + + + + + + + + Set gateway IPv6 address + + ipv6 + Gateway IPv6 address + + + + + + + + + + + + + Nexthop IP address + + + unchanged peer-address + + + ipv4 + IP address + + + unchanged + Set the BGP nexthop address as unchanged + + + peer-address + Set the BGP nexthop address to the address of the peer + + + + (unchanged|peer-address) + + + + + + Nexthop IPv6 address + + + + + Nexthop IPv6 global address + + + + + ipv6 + IPv6 address and prefix length + + + + + + + + + Nexthop IPv6 local address + + + + + ipv6 + IPv6 address and prefix length + + + + + + + + + Use peer address (for BGP only) + + + + + + Prefer global address as the nexthop + + + + + + + + Next hop Information + + + + + Encapsulation options (for BGP only) + + + + + Accept L3VPN traffic over GRE encapsulation + + + + + + + + + + BGP local preference attribute + + u32:0-4294967295 + Local preference value + + + + + + + + + Destination routing protocol metric + + <+/-metric> + Add or subtract metric + + + u32:0-4294967295 + Metric value + + + <+/-rtt> + Add or subtract round trip time + + + <rtt> + Round trip time + + + + + ^[+|-]?rtt$ + + + + + + Open Shortest Path First (OSPF) external metric-type + + type-1 type-2 + + + type-1 + OSPF external type 1 metric + + + type-2 + OSPF external type 2 metric + + + (type-1|type-2) + + + + + + Border Gateway Protocl (BGP) origin code + + igp egp incomplete + + + igp + Interior gateway protocol origin + + + egp + Exterior gateway protocol origin + + + incomplete + Incomplete origin + + + (igp|egp|incomplete) + + + + + + BGP originator ID attribute + + ipv4 + Orignator IP address + + + + + + + + + Source address for route + + + + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + Set prefixes to table + + u32:1-4294967295 + Table value + + + + + + + #include + + + BGP weight attribute + + u32:0-4294967295 + BGP weight + + + + + + + + + + + + + + + diff --git a/interface-definitions/policy_local-route.xml.in b/interface-definitions/policy_local-route.xml.in new file mode 100644 index 0000000..7a01915 --- /dev/null +++ b/interface-definitions/policy_local-route.xml.in @@ -0,0 +1,156 @@ + + + + + + + + IPv4 policy route of local traffic + 500 + + + + + Policy local-route rule set number + + + u32:1-32765 + Local-route rule number (1-32765) + + + + + + + + + Packet modifications + + + + + Routing table to forward packet with + + u32:1-200 + Table number + + + main + + + + + + + + Match fwmark value + + u32:1-2147483647 + Address to match against + + + + + + + #include + + + Source parameters + + + #include + #include + + + + + Destination parameters + + + #include + #include + + + #include + + + + + + + IPv6 policy route of local traffic + 500 + + + + + IPv6 policy local-route rule set number + + + u32:1-32765 + Local-route rule number (1-32765) + + + + + + + + + Packet modifications + + + + + Routing table to forward packet with + + u32:1-200 + Table number + + + main + + + + + + + + Match fwmark value + + u32:1-2147483647 + Address to match against + + + + + + + #include + + + Source parameters + + + #include + #include + + + + + Destination parameters + + + #include + #include + + + #include + + + + + + + diff --git a/interface-definitions/policy_route.xml.in b/interface-definitions/policy_route.xml.in new file mode 100644 index 0000000..9cc2254 --- /dev/null +++ b/interface-definitions/policy_route.xml.in @@ -0,0 +1,117 @@ + + + + + + + Policy route rule set name for IPv6 + + [a-zA-Z0-9][\w\-\.]* + + 201 + + + #include + #include + #include + + + Policy rule number + + u32:1-999999 + Number of policy rule + + + + + Policy rule number must be between 1 and 999999 + + + + + Destination parameters + + + #include + #include + #include + + + + + Source parameters + + + #include + #include + #include + + + #include + #include + #include + #include + #include + #include + + + + + + + Policy route rule set name for IPv4 + + [a-zA-Z0-9][\w\-\.]* + + 201 + + + #include + #include + #include + + + Policy rule number + + u32:1-999999 + Number of policy rule + + + + + Policy rule number must be between 1 and 999999 + + + + + Destination parameters + + + #include + #include + #include + + + + + Source parameters + + + #include + #include + #include + + + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/protocols_babel.xml.in b/interface-definitions/protocols_babel.xml.in new file mode 100644 index 0000000..49fffe2 --- /dev/null +++ b/interface-definitions/protocols_babel.xml.in @@ -0,0 +1,254 @@ + + + + + + + Babel Routing Protocol + 650 + + + + + Babel-specific parameters + + + + + Enable diversity-aware routing + + + + + + Multiplicative factor used for diversity routing + + u32:1-256 + Multiplicative factor, in units of 1/256 + + + + + + 256 + + + + Time before resending a message + + u32:20-655340 + Milliseconds + + + + + + 2000 + + + + Smoothing half-life + + u32:0-65534 + Seconds + + + + + + 4 + + + + #include + + + Redistribute information from another routing protocol + + + + + Redistribute IPv4 routes + + + + + Redistribute BGP routes + + + + + + Redistribute connected routes + + + + + + Redistribute EIGRP routes + + + + + + Redistribute IS-IS routes + + + + + + Redistribute kernel routes + + + + + + Redistribute NHRP routes + + + + + + Redistribute OSPF routes + + + + + + Redistribute RIP routes + + + + + + Redistribute static routes + + + + + + + + Redistribute IPv6 routes + + + + + Redistribute BGP routes + + + + + + Redistribute connected routes + + + + + + Redistribute IS-IS routes + + + + + + Redistribute kernel routes + + + + + + Redistribute NHRP routes + + + + + + Redistribute OSPFv3 routes + + + + + + Redistribute RIPng routes + + + + + + Redistribute static routes + + + + + + + + + + Filter networks in routing updates + + + + + Filter IPv4 routes + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + + + Filter IPv6 routes + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + + + + + + + diff --git a/interface-definitions/protocols_bfd.xml.in b/interface-definitions/protocols_bfd.xml.in new file mode 100644 index 0000000..9048cf5 --- /dev/null +++ b/interface-definitions/protocols_bfd.xml.in @@ -0,0 +1,85 @@ + + + + + + + + Bidirectional Forwarding Detection (BFD) + 820 + + + + + Configures BFD peer to listen and talk to + + ipv4 + BFD peer IPv4 address + + + ipv6 + BFD peer IPv6 address + + + + + + + #include + + + Bind listener to specified interface/address, mandatory for IPv6 + + + #include + + + Local address to bind our peer listener to + + + + + ipv4 + Local IPv4 address used to connect to the peer + + + ipv6 + Local IPv6 address used to connect to the peer + + + + + + + + + #include + + + Allow this BFD peer to not be directly connected + + + + #include + + + + + Configure BFD profile used by individual peer + + txt + Name of BFD profile + + + [-_a-zA-Z0-9]{1,32} + + + + #include + + + + + + + diff --git a/interface-definitions/protocols_bgp.xml.in b/interface-definitions/protocols_bgp.xml.in new file mode 100644 index 0000000..e1a8229 --- /dev/null +++ b/interface-definitions/protocols_bgp.xml.in @@ -0,0 +1,16 @@ + + + + + + + Border Gateway Protocol (BGP) + 820 + + + #include + + + + + diff --git a/interface-definitions/protocols_eigrp.xml.in b/interface-definitions/protocols_eigrp.xml.in new file mode 100644 index 0000000..88a881a --- /dev/null +++ b/interface-definitions/protocols_eigrp.xml.in @@ -0,0 +1,17 @@ + + + + + + + + Enhanced Interior Gateway Routing Protocol (EIGRP) + 820 + + + #include + + + + + diff --git a/interface-definitions/protocols_failover.xml.in b/interface-definitions/protocols_failover.xml.in new file mode 100644 index 0000000..f709759 --- /dev/null +++ b/interface-definitions/protocols_failover.xml.in @@ -0,0 +1,141 @@ + + + + + + + Failover Routing + 490 + + + + + Failover IPv4 route + + ipv4net + IPv4 failover route + + + + + + + + + Next-hop IPv4 router address + + ipv4 + Next-hop router address + + + + + + + + + Check target options + + + + + Policy for check targets + + any-available all-available + + + all-available + All targets must be alive + + + any-available + Any target must be alive + + + (all-available|any-available) + + + any-available + + #include + + + Check target address + + ipv4 + Address to check + + + + + + + + + + Timeout between checks + + u32:1-300 + Timeout in seconds between checks + + + + + + 10 + + + + Check type + + arp icmp tcp + + + arp + Check target by ARP + + + icmp + Check target by ICMP + + + tcp + Check target by TCP + + + (arp|icmp|tcp) + + + icmp + + + + #include + + + Route metric for this gateway + + u32:1-255 + Route metric + + + + + + 1 + + + + The next hop is directly connected to the interface, even if it does not match interface prefix + + + + + + + + + + + + diff --git a/interface-definitions/protocols_igmp-proxy.xml.in b/interface-definitions/protocols_igmp-proxy.xml.in new file mode 100644 index 0000000..5cde484 --- /dev/null +++ b/interface-definitions/protocols_igmp-proxy.xml.in @@ -0,0 +1,97 @@ + + + + + + + + Internet Group Management Protocol (IGMP) proxy parameters + 740 + + + #include + + + Option to disable "quickleave" + + + + + + Interface for IGMP proxy + + + + + + + + Unicast source networks allowed for multicast traffic to be proxyed + + ipv4net + IPv4 network + + + + + + + + + + IGMP interface role + + upstream downstream disabled + + + upstream + Upstream interface (only 1 allowed) + + + downstream + Downstream interface(s) + + + disabled + Disabled interface + + + (upstream|downstream|disabled) + + + downstream + + + + TTL threshold + + u32:1-255 + TTL threshold for the interfaces + + + + + Threshold must be between 1 and 255 + + 1 + + + + Group to whitelist + + ipv4net + IPv4 network + + + + + + + + + + + + + + diff --git a/interface-definitions/protocols_isis.xml.in b/interface-definitions/protocols_isis.xml.in new file mode 100644 index 0000000..e0bc47b --- /dev/null +++ b/interface-definitions/protocols_isis.xml.in @@ -0,0 +1,16 @@ + + + + + + + Intermediate System to Intermediate System (IS-IS) + 610 + + + #include + + + + + diff --git a/interface-definitions/protocols_mpls.xml.in b/interface-definitions/protocols_mpls.xml.in new file mode 100644 index 0000000..831601f --- /dev/null +++ b/interface-definitions/protocols_mpls.xml.in @@ -0,0 +1,560 @@ + + + + + + + + Multiprotocol Label Switching (MPLS) + 490 + + + + + Label Distribution Protocol (LDP) + + + #include + + + Forwarding equivalence class allocation from local routes + + + + + IPv4 routes + + + + + Access-list number + + u32:1-2699 + Access list number + + + + + + + + + + + IPv6 routes + + + + + Access-list6 number + + u32:1-2699 + Access list number + + + + + + + + + + + + + LDP neighbor parameters + + ipv4 + Neighbor IPv4 address + + + + + + + + + Neighbor password + + + + + Neighbor TTL security + + disable + + + u32:1-254 + TTL + + + disable + Disable neighbor TTL security + + + + + + Session IPv4 hold time + + u32:15-65535 + Time in seconds + + + + + + + + + + + Discovery parameters + + ipv4 + Discovery parameters + + + + + + Hello IPv4 hold time + + u32:1-65535 + Time in seconds + + + + + + + + + Hello IPv4 interval + + u32:1-65535 + Time in seconds + + + + + + + + + Hello IPv6 hold time + + u32:1-65535 + Time in seconds + + + + + + + + + Hello IPv6 interval + + u32:1-65535 + Time in seconds + + + + + + + + + Session IPv4 hold time + + u32:15-65535 + Time in seconds + + + + + + + + + Session IPv6 hold time + + u32:15-65535 + Time in seconds + + + + + + + + + Transport IPv4 address + + ipv4 + IPv4 bind as transport + + + + + + + + + Transport IPv6 address + + ipv6 + IPv6 bind as transport + + + + + + + + + + + Targeted LDP neighbor/session parameters + + + + + Targeted IPv4 neighbor/session parameters + + + + + Neighbor/session address + + ipv4 + Neighbor/session address + + + + + + + + + + Accept and respond to targeted hellos + + + + + + Hello interval + + u32:1-65535 + Time in seconds + + + + + + + + + Hello hold time + + u32:1-65535 + Time in seconds + + + + + + + + + + + Targeted IPv6 neighbor/session parameters + + + + + Neighbor/session address + + ipv6 + Neighbor/session address + + + + + + + + + + Accept and respond to targeted hellos + + + + + + Hello interval + + u32:1-65535 + Time in seconds + + + + + + + + + Hello hold time + + u32:1-65535 + Time in seconds + + + + + + + + + + + + + Label Distribution Protocol miscellaneous parameters + + + + + Enable Cisco non-compliant format capability TLV + + + + + + Prefer IPv4 for TCP peer transport connection + + + + + + Enable LDP ordered label distribution control mode + + + + + + + + Export parameters + + + + + IPv4 parameters + + + + + Explicit-Null Label + + + + + + Forwarding equivalence class export filter + + + + + Access-list number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list number for IPv4 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + IPv6 parameters + + + + + Explicit-Null Label + + + + + + Forwarding equivalence class export filter + + + + + Access-list6 number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list6 number for IPv6 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + + + Import parameters + + + + + IPv4 parameters + + + + + Forwarding equivalence class import filter + + + + + Access-list number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list number for IPv4 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + IPv6 parameters + + + + + Forwarding equivalence class import filter + + + + + Access-list6 number to apply FEC filtering + + u32:1-2699 + Access list number + + + + + + + + + Access-list6 number for IPv6 neighbor selection to apply filtering + + u32:1-2699 + Access list number + + + + + + + + + + + + + #include + + + + + Multiprotocol Label Switching miscellaneous parameters + + + + + Disable copy of IP TTL to MPLS TTL + + + + + + Maximum TTL for MPLS packets + + u32:1-255 + Maximum hops allowed + + + + + + + + + #include + + + + + diff --git a/interface-definitions/protocols_nhrp.xml.in b/interface-definitions/protocols_nhrp.xml.in new file mode 100644 index 0000000..d7663c0 --- /dev/null +++ b/interface-definitions/protocols_nhrp.xml.in @@ -0,0 +1,138 @@ + + + + + + + Next Hop Resolution Protocol (NHRP) parameters + 680 + + + + + Tunnel for NHRP + + tun[0-9]+ + + + tunN + NHRP tunnel name + + + + + + Pass phrase for cisco authentication + + txt + Pass phrase for cisco authentication + + + [^[:space:]]{1,8} + + Password should contain up to eight non-whitespace characters + + + + + Set an HUB tunnel address + + ipv4net + Set the IP address and prefix length + + + + + + Set HUB fqdn (nbma-address - fqdn) + + <fqdn> + Set the external HUB fqdn + + + + + + + + Holding time in seconds + + + + + Set an HUB tunnel address + + + + + If the statically mapped peer is running Cisco IOS, specify this + + + + + + Set HUB address (nbma-address - external hub address or fqdn) + + + + + Specifies that Registration Request should be sent to this peer on startup + + + + + + + + Set multicast for NHRP + + dynamic nhs + + + (dynamic|nhs) + + + + + + This can be used to reduce memory consumption on big NBMA subnets + + + + + + Enable sending of Cisco style NHRP Traffic Indication packets + + + + + + This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destined to addresses in this interface + + + + + + Defines an off-NBMA network prefix for which the GRE interface will act as a gateway + + + + + Holding time in seconds + + + + + + + Enable creation of shortcut routes. A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route + + + + + + + + + + diff --git a/interface-definitions/protocols_openfabric.xml.in b/interface-definitions/protocols_openfabric.xml.in new file mode 100644 index 0000000..8120036 --- /dev/null +++ b/interface-definitions/protocols_openfabric.xml.in @@ -0,0 +1,218 @@ + + + + + + + OpenFabric protocol + 680 + + + #include + + + OpenFabric process name + + txt + Domain name + + + + + + Interface params + + + + + txt + Interface name + + + #include + + + + + + Openfabric address family + + + + + IPv4 OpenFabric + + + + + + IPv6 OpenFabric + + + + + + + + Complete Sequence Number Packets (CSNP) interval + + u32:1-600 + CSNP interval in seconds + + + + + + + + + Hello interval + + u32:1-600 + Hello interval in seconds + + + + + + + + + Multiplier for Hello holding time + + u32:2-100 + Multiplier for Hello holding time + + + + + + + + + Interface metric value + + u32:0-16777215 + Interface metric value + + + + + + + + + Do not initiate adjacencies to the interface + + + + + + Authentication password for the interface + + + #include + + + + + Partial Sequence Number Packets (PSNP) interval + + u32:0-120 + PSNP interval in seconds + + + + + + + + + + + Authentication password for a routing domain + + + #include + + + #include + + + Overload bit to avoid any transit traffic + + + + + + RFC 6232 purge originator identification + + + + + + Static tier number to advertise as location in the fabric + + u32:0-14 + Static tier number + + + + + + + + + Minimum interval between regenerating same link-state packet (LSP) + + u32:1-120 + Minimum interval in seconds + + + + + + + + + Link-state packet (LSP) refresh interval + + u32:1-65235 + LSP refresh interval in seconds + + + + + + + + + Maximum link-state packet lifetime + + u32:360-65535 + Maximum LSP lifetime in seconds + + + + + + + + + Minimum interval between SPF calculations + + u32:1-120 + Interval in seconds + + + + + + + + + + + + + diff --git a/interface-definitions/protocols_ospf.xml.in b/interface-definitions/protocols_ospf.xml.in new file mode 100644 index 0000000..b3c063d --- /dev/null +++ b/interface-definitions/protocols_ospf.xml.in @@ -0,0 +1,16 @@ + + + + + + + Open Shortest Path First (OSPF) + 620 + + + #include + + + + + diff --git a/interface-definitions/protocols_ospfv3.xml.in b/interface-definitions/protocols_ospfv3.xml.in new file mode 100644 index 0000000..2b98ffa --- /dev/null +++ b/interface-definitions/protocols_ospfv3.xml.in @@ -0,0 +1,16 @@ + + + + + + + Open Shortest Path First (OSPF) for IPv6 + 620 + + + #include + + + + + diff --git a/interface-definitions/protocols_pim.xml.in b/interface-definitions/protocols_pim.xml.in new file mode 100644 index 0000000..4a20c0d --- /dev/null +++ b/interface-definitions/protocols_pim.xml.in @@ -0,0 +1,210 @@ + + + + + + + + Protocol Independent Multicast (PIM) and IGMP + 400 + + + + + PIM interface + + + + + #include + + + + #include + #include + #include + #include + #include + #include + + + Internet Group Management Protocol (IGMP) options + + + #include + + + IGMP join multicast group + + ipv4 + Multicast group address + + + + + + + #include + + + + + IGMP host query interval + + u32:1-1800 + Query interval in seconds + + + + + + + + + IGMP max query response time + + u32:10-250 + Query response value in deci-seconds + + + + + + + + + Interface IGMP version + + 2 3 + + + 2 + IGMP version 2 + + + 3 + IGMP version 3 + + + + + + 3 + + + + + + + + Enable PIM ECMP + + + + + Enable PIM ECMP Rebalance + + + + + + + + Internet Group Management Protocol (IGMP) options + + + + + Configure group limit for watermark warning + + u32:1-65535 + Group count to generate watermark warning + + + + + + + + + #include + #include + #include + #include + + + Only accept registers from a specific source prefix list + + + #include + + + + + Rendezvous Point + + + + + Rendezvous Point address + + ipv4 + Rendezvous Point address + + + + + + + + + Group Address range + + ipv4net + Group Address range RFC 3171 + + + + + + + + + + #include + + + + + Disable IPv6 secondary address in hello packets + + + + + + Shortest-path tree (SPT) switchover + + + + + Never switch to SPT Tree + + + #include + + + + + + + Source-Specific Multicast + + + #include + + + + + + + diff --git a/interface-definitions/protocols_pim6.xml.in b/interface-definitions/protocols_pim6.xml.in new file mode 100644 index 0000000..8bd3f3f --- /dev/null +++ b/interface-definitions/protocols_pim6.xml.in @@ -0,0 +1,179 @@ + + + + + + + + Protocol Independent Multicast for IPv6 (PIMv6) and MLD + 400 + + + + + PIMv6 interface + + + + + #include + + + + #include + #include + #include + #include + + + Multicast Listener Discovery (MLD) + + + #include + + + MLD join multicast group + + ipv6 + Multicast group address + + + + + + + + + Source address + + ipv6 + Source address + + + + + + + + + + + + + + + Last member query count + + u32:1-255 + Count + + + + + + + + + Last member query interval + + u32:100-6553500 + Last member query interval in milliseconds + + + + + + + + + Query interval + + u32:1-65535 + Query interval in seconds + + + + + + + + + Max query response time + + u32:100-6553500 + Query response value in milliseconds + + + + + + + + + MLD version + + 1 2 + + + 1 + MLD version 1 + + + 2 + MLD version 2 + + + + + + 2 + + + + + + #include + #include + #include + #include + + + Rendezvous Point + + + + + Rendezvous Point address + + ipv6 + Rendezvous Point address + + + + + + + + + Group Address range + + ipv6net + Group Address range + + + + + + + + #include + + + #include + + + + + + + diff --git a/interface-definitions/protocols_rip.xml.in b/interface-definitions/protocols_rip.xml.in new file mode 100644 index 0000000..0edd8f2 --- /dev/null +++ b/interface-definitions/protocols_rip.xml.in @@ -0,0 +1,258 @@ + + + + + + + Routing Information Protocol (RIP) parameters + 650 + + + + + Administrative distance + + u32:1-255 + Administrative distance + + + + + + + #include + #include + + + Filter networks in routing updates + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + #include + + + + + Authentication + + + + + MD5 key id + + u32:1-255 + OSPF key id + + + + + + + + + Authentication password + + txt + MD5 Key (16 characters or less) + + + [^[:space:]]{1,16} + + Password must be 16 characters or less + + + + + + + Plain text password + + txt + Plain text password (16 characters or less) + + + [^[:space:]]{1,16} + + Password must be 16 characters or less + + + + + + + Advertisement reception + + + #include + + + + + Advertisement transmission + + + #include + + + + + + + Neighbor router + + ipv4 + Neighbor router + + + + + + + + + + RIP network + + ipv4net + RIP network + + + + + + + + + + Source network + + ipv4net + Source network + + + + + + + + + Access list + + txt + Access list + + + policy access-list + + + + #include + + + #include + + + Redistribute information from another routing protocol + + + + + Redistribute BGP routes + + + #include + + + + + Redistribute connected routes + + + #include + + + + + Redistribute IS-IS routes + + + #include + + + + + Redistribute kernel routes + + + #include + + + + + Redistribute OSPF routes + + + #include + + + + + Redistribute static routes + + + #include + + + + + Redistribute Babel routes + + + #include + + + + + + + RIP static route + + ipv4net + RIP static route + + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/protocols_ripng.xml.in b/interface-definitions/protocols_ripng.xml.in new file mode 100644 index 0000000..9d4d874 --- /dev/null +++ b/interface-definitions/protocols_ripng.xml.in @@ -0,0 +1,155 @@ + + + + + + + Routing Information Protocol (RIPng) parameters + 660 + + + + + Aggregate RIPng route announcement + + ipv6net + Aggregate RIPng route announcement + + + + + + + + #include + #include + + + Filter networks in routing updates + + + #include + + + Apply filtering to an interface + + txt + Apply filtering to an interface + + + + + + #include + + + + #include + #include + + + #include + + + #include + + + RIPng network + + ipv6net + RIPng network + + + + + + + + + + Passive interface + + txt + Suppress routing updates on interface + + + + + + + + + + Redistribute information from another routing protocol + + + + + Redistribute BGP routes + + + #include + + + + + Redistribute connected routes + + + #include + + + + + Redistribute kernel routes + + + #include + + + + + Redistribute OSPFv3 routes + + + #include + + + + + Redistribute static routes + + + #include + + + + + Redistribute Babel routes + + + #include + + + + + + + RIPng static route + + ipv6net + RIPng static route + + + + + + + + #include + #include + + + + + diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in new file mode 100644 index 0000000..54d69ea --- /dev/null +++ b/interface-definitions/protocols_rpki.xml.in @@ -0,0 +1,99 @@ + + + + + + + Resource Public Key Infrastructure (RPKI) + 819 + + + + + RPKI cache server address + + ipv4 + IP address of RPKI server + + + ipv6 + IPv6 address of RPKI server + + + hostname + Fully qualified domain name of RPKI server + + + + + + + + #include + + + Preference of the cache server + + u32:1-255 + Preference of the cache server + + + + + + + + + RPKI SSH connection settings + + + #include + #include + + + + + + + Interval to wait before expiring the cache + + u32:600-172800 + Interval in seconds + + + + + + 7200 + + + + Cache polling interval + + u32:1-86400 + Interval in seconds + + + + + + 300 + + + + Retry interval to connect to the cache server + + u32:1-7200 + Interval in seconds + + + + + + 600 + + + + + + diff --git a/interface-definitions/protocols_segment-routing.xml.in b/interface-definitions/protocols_segment-routing.xml.in new file mode 100644 index 0000000..c299f62 --- /dev/null +++ b/interface-definitions/protocols_segment-routing.xml.in @@ -0,0 +1,137 @@ + + + + + + + Segment Routing + 900 + + + + + Interface specific Segment Routing options + + + + + txt + Interface name + + + #include + + + + + + Accept SR-enabled IPv6 packets on this interface + + + + + Define HMAC policy for ingress SR-enabled packets on this interface + + accept drop ignore + + + accept + Accept packets without HMAC, validate packets with HMAC + + + drop + Drop packets without HMAC, validate packets with HMAC + + + ignore + Ignore HMAC field. + + + (accept|drop|ignore) + + + accept + + + + + + + + Segment-Routing SRv6 configuration + + + + + Segment Routing SRv6 locator + + #include + + + + + + Set SRv6 behavior uSID + + + + + + SRv6 locator prefix + + ipv6net + SRv6 locator prefix + + + + + + + + + Configure SRv6 locator block length in bits + + u32:16-64 + Specify SRv6 locator block length in bits + + + + + + 40 + + + + Configure SRv6 locator function length in bits + + u32:0-64 + Specify SRv6 locator function length in bits + + + + + + 16 + + + + Configure SRv6 locator node length in bits + + u32:16-64 + Configure SRv6 locator node length in bits + + + + + + 24 + + + + + + + + + + diff --git a/interface-definitions/protocols_static.xml.in b/interface-definitions/protocols_static.xml.in new file mode 100644 index 0000000..ca4ca2d --- /dev/null +++ b/interface-definitions/protocols_static.xml.in @@ -0,0 +1,44 @@ + + + + + Routing protocols + + + + + Static Routing + 480 + + + #include + #include + #include + + + Policy route table number + + u32:1-200 + Policy route table number + + + + + + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/protocols_static_arp.xml.in b/interface-definitions/protocols_static_arp.xml.in new file mode 100644 index 0000000..0c5d6e4 --- /dev/null +++ b/interface-definitions/protocols_static_arp.xml.in @@ -0,0 +1,52 @@ + + + + + + + + + Static ARP translation + 481 + + + + + Interface configuration + + + + + txt + Interface name + + + #include + + + + + + IP address for static ARP entry + + ipv4 + IPv4 destination address + + + + + + + #include + #include + + + + + + + + + + + diff --git a/interface-definitions/protocols_static_multicast.xml.in b/interface-definitions/protocols_static_multicast.xml.in new file mode 100644 index 0000000..caf95ed --- /dev/null +++ b/interface-definitions/protocols_static_multicast.xml.in @@ -0,0 +1,95 @@ + + + + + + + + + Multicast static route + 481 + + + + + Configure static unicast route into MRIB for multicast RPF lookup + + ipv4net + Network + + + + + + + + + Nexthop IPv4 address + + ipv4 + Nexthop IPv4 address + + + + + + + + + Distance value for this route + + u32:1-255 + Distance for this route + + + + + + + + + + + + + Multicast interface based route + + ipv4net + Network + + + + + + + + + Next-hop interface + + + + + + + + Distance value for this route + + u32:1-255 + Distance for this route + + + + + + + + + + + + + + + + + diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in new file mode 100644 index 0000000..7347976 --- /dev/null +++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in @@ -0,0 +1,49 @@ + + + + + + + + + Neighbor proxy parameters + 481 + + + + + IP address for selective ARP proxy + + ipv4 + IPv4 destination address allowed for proxy-arp + + + + + + + #include + + + + + IPv6 address for selective NDP proxy + + ipv6 + IPv6 destination address + + + + + + + #include + + + + + + + + + diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in new file mode 100644 index 0000000..927594c --- /dev/null +++ b/interface-definitions/qos.xml.in @@ -0,0 +1,874 @@ + + + + + Quality of Service (QoS) + 900 + + + + + Interface to apply QoS policy + + + + + txt + Interface name + + + #include + + + + + + Interface ingress traffic policy + + qos policy limiter + + + txt + QoS policy to use + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + + + Interface egress traffic policy + + qos policy cake + qos policy drop-tail + qos policy fair-queue + qos policy fq-codel + qos policy network-emulator + qos policy priority-queue + qos policy random-detect + qos policy rate-control + qos policy round-robin + qos policy shaper + qos policy shaper-hfsc + + + txt + QoS policy to use + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + + + + + Service Policy definitions + + + + + Common Applications Kept Enhanced (CAKE) + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + + + Flow isolation settings + + + + + Disables flow isolation, all traffic passes through a single queue + + + + + + Flows are defined only by source address + + + + + + Flows are defined only by destination address + + + + + + Flows are defined by source-destination host pairs + + + + + + Flows are defined by the entire 5-tuple + + + + + + Flows are defined by the 5-tuple, fairness is applied first over source addresses, then over individual flows + + + + + + Flows are defined by the 5-tuple, fairness is applied first over destination addresses, then over individual flows + + + + + + Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows (default) + + + + + + Perform NAT lookup before applying flow-isolation rules + + + + + + + + Round-Trip-Time for Active Queue Management (AQM) + + u32:1-3600000 + RTT in ms + + + + + RTT must be in range 1 to 3600000 milli-seconds + + 100 + + + + + + Packet limited First In, First Out queue + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + + + + + Stochastic Fairness Queueing + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + + + Interval in seconds for queue algorithm perturbation + + u32:0 + No perturbation + + + u32:1-127 + Interval in seconds for queue algorithm perturbation (advised: 10) + + + + + Interval must be in range 0 to 127 + + 0 + + + + Upper limit of the SFQ + + u32:1-127 + Queue size in packets + + + + + Queue limit must be in range 1 to 127 + + 127 + + + + + + Fair Queuing (FQ) with Controlled Delay (CoDel) + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + #include + #include + #include + #include + + + + + Traffic input limiting policy + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + + + Class ID + + u32:1-4090 + Class Identifier + + + + + Class identifier must be between 1 and 4090 + + + #include + #include + #include + #include + #include + #include + #include + #include + + 20 + + + + + + Default policy + + + #include + #include + #include + #include + + + + + + + Network emulator policy + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + + + Adds delay to packets outgoing to chosen network interface + + <number> + Time in milliseconds + + + + + Priority must be between 0 and 65535 + + + + + Introducing error in a random position for chosen percent of packets + + <number> + Percentage of packets affected + + + + + Priority must be between 0 and 100 + + + + + Cosen percent of packets is duplicated before queuing them + + <number> + Percentage of packets affected + + + + + Priority must be between 0 and 100 + + + + + Add independent loss probability to the packets outgoing to chosen network interface + + <number> + Percentage of packets affected + + + + + Must be between 0 and 100 + + + + + Emulated packet reordering percentage + + <number> + Percentage of packets affected + + + + + Must be between 0 and 100 + + + #include + + + + + Priority queuing based policy + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + + + Class Handle + + u32:1-7 + Priority + + + + + Class handle must be between 1 and 7 + + + #include + #include + #include + #include + #include + #include + #include + #include + + drop-tail + + #include + + + + + Default policy + + + #include + #include + #include + #include + #include + + drop-tail + + #include + + + + + + + Weighted Random Early Detect policy + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + + + IP precedence + + u32:0-7 + IP precedence value + + + + + IP precedence value must be between 0 and 7 + + + #include + #include + #include + #include + #include + + + + + + + Rate limiting policy (Token Bucket Filter) + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + #include + + + Maximum latency + + <number> + Time in milliseconds + + + + + Threshold must be between 0 and 4096 + + 50 + + + + + + Deficit Round Robin Scheduler + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + + + Class ID + + u32:1-4095 + Class Identifier + + + + + Class identifier must be between 1 and 4095 + + + #include + #include + #include + #include + #include + #include + + + + Packet scheduling quantum + + u32:1-4294967295 + Packet scheduling quantum (bytes) + + + + + Quantum must be in range 1 to 4294967295 + + + #include + #include + + drop-tail + + #include + + + + + Default policy + + + #include + #include + #include + #include + #include + + fair-queue + + #include + + + + + + + Traffic shaping based policy (Hierarchy Token Bucket) + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + + + Class ID + + u32:2-4095 + Class Identifier + + + + + Class identifier must be between 2 and 4095 + + + #include + #include + #include + + + Bandwidth limit for this class + + <number> + Rate in kbit (kilobit per second) + + + <number>%% + Percentage of overall rate + + + <number>bit + bit(1), kbit(10^3), mbit(10^6), gbit, tbit + + + <number>ibit + kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4) + + + <number>ibps + kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec + + + <number>bps + bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + fq-codel + + #include + #include + + + + + Default policy + + + #include + #include + + + Bandwidth limit for this class + + <number> + Rate in kbit (kilobit per second) + + + <number>%% + Percentage of overall rate + + + <number>bit + bit(1), kbit(10^3), mbit(10^6), gbit, tbit + + + <number>ibit + kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4) + + + <number>ibps + kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec + + + <number>bps + bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec + + + + #include + #include + #include + + + Priority for usage of excess bandwidth + + u32:0-7 + Priority order for bandwidth pool + + + + + Priority must be between 0 and 7 + + 20 + + #include + #include + #include + #include + #include + #include + + fq-codel + + #include + #include + + + + + + + Hierarchical Fair Service Curve's policy + + txt + Policy name + + + [[:alnum:]][-_[:alnum:]]* + + Only alpha-numeric policy name allowed + + + #include + #include + + + Class ID + + u32:1-4095 + Class Identifier + + + + + Class identifier must be between 1 and 4095 + + + #include + + + Linkshare class settings + + + #include + #include + #include + + + #include + #include + + + Realtime class settings + + + #include + #include + #include + + + + + Upperlimit class settings + + + #include + #include + #include + + + + + + + Default policy + + + + + Linkshare class settings + + + #include + #include + #include + + + + + Realtime class settings + + + #include + #include + #include + + + + + Upperlimit class settings + + + #include + #include + #include + + + + + + + + + + + Filter group for QoS policy + + txt + Match group name + + + [^-].* + + Match group name cannot start with hyphen + + + #include + + + Class matching rule name + + [^-].* + + Match queue name cannot start with hyphen + + + #include + #include + #include + #include + #include + + + #include + + + + + diff --git a/interface-definitions/service_aws_glb.xml.in b/interface-definitions/service_aws_glb.xml.in new file mode 100644 index 0000000..71de1f0 --- /dev/null +++ b/interface-definitions/service_aws_glb.xml.in @@ -0,0 +1,127 @@ + + + + + + + Amazon Web Service + + + + + Gateway load-balancer tunnel handler + 1280 + + + + + Script executed on create or destroy tunnel + + + + + Script to run when interface is created + + + + + + + + Script to run when interface is destroyed + + + + + + + + + + Status + + + + + Statistic format + + simple full + + + simple + Simple format + + + full + Full format + + + (simple|full) + + + + #include + + + + + Threads settings + + + + + Number of threads for each tunnel processor + + u32:1-256 + Number of threads + + + + + + + + + List of cores worker threads + + <idN>-<idM> + CPU core id range (use '-' as delimiter) + + + + + + + + + Number of threads for UDP receiver + + u32:1-256 + Number of threads + + + + + + + + + List of cores worker threads + + <idN>-<idM> + CPU core id range (use '-' as delimiter) + + + + + + + + + + + + + + + diff --git a/interface-definitions/service_broadcast-relay.xml.in b/interface-definitions/service_broadcast-relay.xml.in new file mode 100644 index 0000000..2e4330e --- /dev/null +++ b/interface-definitions/service_broadcast-relay.xml.in @@ -0,0 +1,46 @@ + + + + + + + UDP broadcast relay service + 990 + + + #include + + + Unique ID for each UDP port to forward + + u32:1-99 + Broadcast relay instance ID + + + + + + + #include + + + Set source IP of forwarded packets, otherwise original senders address is used + + ipv4 + Optional source address for forwarded packets + + + + + + + #include + #include + #include + + + + + + + diff --git a/interface-definitions/service_config-sync.xml.in b/interface-definitions/service_config-sync.xml.in new file mode 100644 index 0000000..af4e8ed --- /dev/null +++ b/interface-definitions/service_config-sync.xml.in @@ -0,0 +1,529 @@ + + + + + + + Configuration synchronization + 10000 + + + + + Secondary server parameters + + + + + IP address + + ipv4 + IPv4 address to match + + + ipv6 + IPv6 address to match + + + hostname + FQDN address to match + + + + + + + + + #include + + 443 + + + + Connection API timeout + + u32:1-3600 + Connection API timeout + + + + + + 60 + + + + HTTP API key + + + + + + + Synchronization mode + + load set + + + load + Load and replace configuration section + + + set + Set configuration section + + + (load|set) + + + + + + Section for synchronization + + + + + Firewall + + + + + + Interfaces + + + + + Bonding interface + + + + + + Bridge interface + + + + + + Dummy interface + + + + + + Ethernet interface + + + + + + GENEVE interface + + + + + + Input interface + + + + + + L2TPv3 interface + + + + + + Loopback interface + + + + + + MACsec interface + + + + + + OpenVPN interface + + + + + + PPPoE interface + + + + + + Pseudo-Ethernet interface + + + + + + SSTP client interface + + + + + + Tunnel interface + + + + + + Virtual Ethernet interface + + + + + + Virtual tunnel interface + + + + + + VXLAN interface + + + + + + Wireguard interface + + + + + + Wireless interface + + + + + + WWAN interface + + + + + + + + NAT + + + + + + NAT66 + + + + + + Public key infrastructure (PKI) + + + + + + Routing policy + + + + + + Routing protocols + + + + + Babel Routing Protocol + + + + + + Bidirectional Forwarding Detection (BFD) + + + + + + Border Gateway Protocol (BGP) + + + + + + Failover route + + + + + + Internet Group Management Protocol (IGMP) proxy + + + + + + Intermediate System to Intermediate System (IS-IS) + + + + + + Multiprotocol Label Switching (MPLS) + + + + + + Next Hop Resolution Protocol (NHRP) parameters + + + + + + Open Shortest Path First (OSPF) + + + + + + Open Shortest Path First (OSPF) for IPv6 + + + + + + Protocol Independent Multicast (PIM) and IGMP + + + + + + Protocol Independent Multicast for IPv6 (PIMv6) and MLD + + + + + + Routing Information Protocol (RIP) parameters + + + + + + Routing Information Protocol (RIPng) parameters + + + + + + Resource Public Key Infrastructure (RPKI) + + + + + + Segment Routing + + + + + + Static Routing + + + + + + + + Quality of Service (QoS) + + + + + Interface to apply QoS policy + + + + + + Service Policy definitions + + + + + + + + System services + + + + + Serial Console Server + + + + + + Host Configuration Protocol (DHCP) relay agent + + + + + + Dynamic Host Configuration Protocol (DHCP) for DHCP server + + + + + + DHCPv6 Relay Agent parameters + + + + + + DHCP for IPv6 (DHCPv6) server + + + + + + Domain Name System (DNS) related services + + + + + + LLDP settings + + + + + + Multicast DNS (mDNS) parameters + + + + + + Monitoring services + + + + + + Neighbor Discovery Protocol (NDP) Proxy + + + + + + Network Time Protocol (NTP) configuration + + + + + + Simple Network Management Protocol (SNMP) + + + + + + Trivial File Transfer Protocol (TFTP) server + + + + + + Webproxy service settings + + + + + + + + System parameters + + + + + Connection Tracking + + + + + + Flow accounting + + + + + + System Options + + + + + + sFlow + + + + + + Map host names to addresses + + + + + + Configure kernel parameters at runtime + + + + + + Local time zone + + + + + + + + Virtual Private Network (VPN) + + + + + + Virtual Routing and Forwarding + + + + + + + + + + diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in new file mode 100644 index 0000000..631c830 --- /dev/null +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -0,0 +1,185 @@ + + + + + + + Connection tracking synchronization + + 799 + + + + + Protocols for which local conntrack entries will be synced + + tcp udp icmp icmp6 sctp dccp + + + tcp + Sync Transmission Control Protocol entries + + + udp + Sync User Datagram Protocol entries + + + icmp + Sync Internet Control Message Protocol entries + + + icmp6 + Sync IPv6 Internet Control Message Protocol entries + + + sctp + Sync Stream Control Transmission Protocol entries + + + dccp + Sync Datagram Congestion Control Protocol entries + + + (tcp|udp|icmp|icmp6|sctp|dccp) + + Allowed protocols: tcp udp icmp or sctp + + + + + + Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall. + + + + + + Disable connection logging via Syslog + + + + + + Queue size for local conntrack events + + u32 + Queue size in MB + + + 8 + + + + Protocol for which expect entries need to be synchronized + + all ftp sip h323 nfs sqlnet + + + (all|ftp|sip|h323|nfs|sqlnet) + + Invalid protocol + + + + + + Order conntrackd to request a complete conntrack table resync against the other node at startup + + + + + + Failover mechanism to use for conntrack-sync + + + + + VRRP as failover-mechanism to use for conntrack-sync + + + + + VRRP sync group + + high-availability vrrp sync-group + + + + + + + + + + IP addresses for which local conntrack entries will not be synced + + ipv4 + IPv4 address to ignore + + + ipv4net + IPv4 prefix to ignore + + + ipv6 + IPv6 address to ignore + + + ipv6net + IPv6 prefix to ignore + + + + + + + + + + + Interface to use for syncing conntrack entries + + + + + + + + IP address of the peer to send the UDP conntrack info too. This disable multicast. + + ipv4 + IP address to listen for incoming connections + + + + + + + #include + + + #include + + + Multicast group to use for syncing conntrack entries + + + + + 225.0.0.50 + + + + Queue size for syncing conntrack entries + + u32 + Queue size in MB + + + 1 + + + + + + diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in new file mode 100644 index 0000000..68835da --- /dev/null +++ b/interface-definitions/service_console-server.xml.in @@ -0,0 +1,101 @@ + + + + + + + Serial Console Server + 2 + + + + + System serial interface name (ttyS or ttyUSB) + + + + + + ttySxxx + Regular serial interface + + + usbxbxpx + USB based serial interface + + + (ttyS\d+|usb\d+b.*p.*) + + + + #include + + + Human-readable name for this console + + [-_a-zA-Z0-9.]{1,128} + + + + + + Serial port baud rate + + 300 1200 2400 4800 9600 19200 38400 57600 115200 + + + (300|1200|2400|4800|9600|19200|38400|57600|115200) + + + + + + Serial port data bits + + 7 8 + + + + + + 8 + + + + Serial port stop bits + + 1 2 + + + + + + 1 + + + + Parity setting + + even odd none + + + (even|odd|none) + + + none + + + + SSH remote access to this console + + + #include + + + + + + + + + diff --git a/interface-definitions/service_dhcp-relay.xml.in b/interface-definitions/service_dhcp-relay.xml.in new file mode 100644 index 0000000..9fdd958 --- /dev/null +++ b/interface-definitions/service_dhcp-relay.xml.in @@ -0,0 +1,126 @@ + + + + + + + + Host Configuration Protocol (DHCP) relay agent + 910 + + + #include + #include + + + Interface for DHCP Relay Agent to listen for requests + + + + + txt + Interface name + + + #include + + + + + + + Interface for DHCP Relay Agent forward requests out + + + + + txt + Interface name + + + #include + + + + + + + Relay options + + + + + Policy to discard packets that have reached specified hop-count + + u32:1-255 + Hop count + + + + + hop-count must be a value between 1 and 255 + + 10 + + + + Maximum packet size to send to a DHCPv4/BOOTP server + + u32:64-1400 + Maximum packet size + + + + + max-size must be a value between 64 and 1400 + + 576 + + + + Policy to handle incoming DHCPv4 packets which already contain relay agent options + + append replace forward discard + + + append + append own relay options to packet + + + replace + replace existing agent option field + + + forward + forward packet unchanged + + + discard + discard packet (default action if giaddr not set in packet) + + + (append|replace|forward|discard) + + + forward + + + + + + DHCP server address + + ipv4 + DHCP server IPv4 address + + + + + + + + + + + + diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in new file mode 100644 index 0000000..cb5f9a8 --- /dev/null +++ b/interface-definitions/service_dhcp-server.xml.in @@ -0,0 +1,250 @@ + + + + + + + + Dynamic Host Configuration Protocol (DHCP) for DHCP server + 911 + + + #include + + + Dynamically update Domain Name System (RFC4702) + + + + + + DHCP high availability configuration + + + #include + + + Configure high availability mode + + active-active active-passive + + + active-active + Both server attend DHCP requests + + + active-passive + Only primary server attends DHCP requests + + + (active-active|active-passive) + + Invalid DHCP high availability mode + + active-active + + + + IPv4 remote address used for connection + + ipv4 + IPv4 address of high availability peer + + + + + + + + + Peer name used to identify connection + + #include + + Invalid failover peer name. May only contain letters, numbers and .-_ + + + + + High availability hierarchy + + primary secondary + + + primary + Configure this server to be the primary node + + + secondary + Configure this server to be the secondary node + + + (primary|secondary) + + Invalid DHCP high availability peer status + + + #include + #include + + + + + Updating /etc/hosts file (per client lease) + + + + #include + #include + + + Name of DHCP shared network + + #include + + Invalid shared network name. May only contain letters, numbers and .-_ + + + + + Option to make DHCP server authoritative for this physical network + + + + #include + #include + #include + + + DHCP subnet for shared network + + ipv4net + IPv4 address and prefix length + + + + + Invalid IPv4 subnet definition + + + #include + #include + #include + + + IP address to exclude from DHCP lease range + + ipv4 + IPv4 address to exclude from lease range + + + + + + + + + + Ignore client identifier for lease lookups + + + + + + Lease timeout in seconds + + u32 + DHCP lease time in seconds + + + + + DHCP lease time must be between 0 and 4294967295 (49 days) + + 86400 + + + + DHCP lease range + + #include + + Invalid range name, may only be alphanumeric, dot and hyphen + + + #include + + + First IP address for DHCP lease range + + ipv4 + IPv4 start address of pool + + + + + + + + + Last IP address for DHCP lease range + + ipv4 + IPv4 end address of pool + + + + + + + + + + + Hostname for static mapping reservation + + + + Invalid static mapping hostname + + + #include + #include + #include + + + Fixed IP address of static mapping + + ipv4 + IPv4 address used in static mapping + + + + + + + #include + #include + + + + + Unique ID mapped to leases in the lease file + + u32 + Unique subnet ID + + + + + + + + + + + + + + + diff --git a/interface-definitions/service_dhcpv6-relay.xml.in b/interface-definitions/service_dhcpv6-relay.xml.in new file mode 100644 index 0000000..40679d1 --- /dev/null +++ b/interface-definitions/service_dhcpv6-relay.xml.in @@ -0,0 +1,82 @@ + + + + + + + + DHCPv6 Relay Agent parameters + 900 + + + #include + + + Interface for DHCPv6 Relay Agent to listen for requests + + + + + + + + IPv6 address on listen-interface listen for requests on + + ipv6 + IPv6 address on listen interface + + + + + + + + + + + Maximum hop count for which requests will be processed + + u32:1-255 + Hop count + + + + + max-hop-count must be a value between 1 and 255 + + 10 + + + + Interface for DHCPv6 Relay Agent forward requests out + + + + + + + + IPv6 address to forward requests to + + ipv6 + IPv6 address of the DHCP server + + + + + + + + + + + + Option to set DHCPv6 interface-ID option + + + + + + + + diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in new file mode 100644 index 0000000..cf14388 --- /dev/null +++ b/interface-definitions/service_dhcpv6-server.xml.in @@ -0,0 +1,317 @@ + + + + + + + DHCP for IPv6 (DHCPv6) server + 900 + + + #include + #include + + + Do not install routes for delegated prefixes + + + + + + Additional global parameters for DHCPv6 server + + + #include + + + + + Preference of this DHCPv6 server compared with others + + u32:0-255 + DHCPv6 server preference (0-255) + + + + + Preference must be between 0 and 255 + + + + + DHCPv6 shared network name + + #include + + Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_ + + + #include + #include + + + Optional interface for this shared network to accept requests from + + + + + txt + Interface name + + + #include + + + + #include + + + IPv6 DHCP subnet for this shared network + + ipv6net + IPv6 address and prefix length + + + + + + + #include + + + Optional interface for this subnet to accept requests from + + + + + txt + Interface name + + + #include + + + + + + Parameters setting ranges for assigning IPv6 addresses + + #include + + Invalid range name, may only be alphanumeric, dot and hyphen + + + #include + + + IPv6 prefix defining range of addresses to assign + + ipv6net + IPv6 address and prefix length + + + + + + + + + First in range of consecutive IPv6 addresses to assign + + ipv6 + IPv6 address + + + + + + + + + Last in range of consecutive IPv6 addresses + + ipv6 + IPv6 address + + + + + + + + + + + Parameters relating to the lease time + + + + + Default time (in seconds) that will be assigned to a lease + + u32:1-4294967295 + DHCPv6 valid lifetime + + + + + + + + + Maximum time (in seconds) that will be assigned to a lease + + u32:1-4294967295 + Maximum lease time in seconds + + + + + + + + + Minimum time (in seconds) that will be assigned to a lease + + u32:1-4294967295 + Minimum lease time in seconds + + + + + + + + + + + Parameters relating to IPv6 prefix delegation + + + + + IPv6 prefix to be used in prefix delegation + + ipv6 + IPv6 prefix used in prefix delegation + + + + + + + + + Length in bits of prefix + + u32:32-64 + Prefix length (32-64) + + + + + Prefix length must be between 32 and 64 + + + + + Length in bits of prefixes to be delegated + + u32:32-64 + Delegated prefix length (32-64) + + + + + Delegated prefix length must be between 32 and 96 + + + + + IPv6 prefix to be excluded from prefix delegation + + ipv6 + IPv6 prefix excluded from prefix delegation + + + + + + + + + Length in bits of excluded prefix + + u32:33-64 + Excluded prefix length (33-128) + + + + + Prefix length must be between 33 and 128 + + + + + + + + + Hostname for static mapping reservation + + + + Invalid static mapping hostname + + + #include + #include + #include + #include + + + Client IPv6 address for this static mapping + + ipv6 + IPv6 address for this static mapping + + + + + + + + + Client IPv6 prefix for this static mapping + + ipv6net + IPv6 prefix for this static mapping + + + + + + + + + + + Unique ID mapped to leases in the lease file + + u32 + Unique subnet ID + + + + + + + + + + + + + + + diff --git a/interface-definitions/service_dns_dynamic.xml.in b/interface-definitions/service_dns_dynamic.xml.in new file mode 100644 index 0000000..75e5520 --- /dev/null +++ b/interface-definitions/service_dns_dynamic.xml.in @@ -0,0 +1,200 @@ + + + + + + + Domain Name System (DNS) related services + + + + + Dynamic DNS + 990 + + + + + Dynamic DNS configuration + + txt + Dynamic DNS service name + + + #include + + Dynamic DNS service name must be alphanumeric and can contain hyphens and underscores + + + #include + + + ddclient protocol used for Dynamic DNS service + + + + + + + + + + + Obtain IP address to send Dynamic DNS update for + + + #include + + + HTTP(S) web request to use + + + #include + + + Pattern to skip from the HTTP(S) respose + + txt + Pattern to skip from the HTTP(S) respose to extract the external IP address + + + + + + + + + + IP address version to use + + _ipv4 + Use only IPv4 address + + + _ipv6 + Use only IPv6 address + + + both + Use both IPv4 and IPv6 address + + + ipv4 ipv6 both + + + (ipv[46]|both) + + IP Version must be literal 'ipv4', 'ipv6' or 'both' + + ipv4 + + + + Hostname to register with Dynamic DNS service + + #include + (\@|\*)[-.A-Za-z0-9]* + + Host-name must be alphanumeric, can contain hyphens and can be prefixed with '@' or '*' + + + + + + Remote Dynamic DNS server to send updates to + + ipv4 + IPv4 address of the remote server + + + ipv6 + IPv6 address of the remote server + + + hostname + Fully qualified domain name of the remote server + + + + + + Remote server must be IP address or fully qualified domain name + + + + + DNS zone to be updated + + txt + Name of DNS zone + + + + + + + #include + #include + + + File containing TSIG authentication key for RFC2136 nsupdate on remote DNS server + + filename + File in /config/auth directory + + + + + + + #include + + + Time in seconds to wait between update attempts + + u32:60-86400 + Time in seconds + + + + + Wait time must be between 60 and 86400 seconds + + + + + Time in seconds for the hostname to be marked expired in cache + + u32:300-2160000 + Time in seconds + + + + + Expiry time must be between 300 and 2160000 seconds + + + + + + + Interval in seconds to wait between Dynamic DNS updates + + u32:60-3600 + Time in seconds + + + + + Interval must be between 60 and 3600 seconds + + 300 + + #include + + + + + + + diff --git a/interface-definitions/service_dns_forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in new file mode 100644 index 0000000..d0bc2e6 --- /dev/null +++ b/interface-definitions/service_dns_forwarding.xml.in @@ -0,0 +1,975 @@ + + + + + + + + Domain Name System (DNS) related services + + + + + DNS forwarding + 918 + + + + + DNS forwarding cache size + + u32:0-2147483647 + DNS forwarding cache size + + + + + + 10000 + + + + Interfaces whose DHCP client nameservers to forward requests to + + + + + + + + + Help to communicate between IPv6-only client and IPv4-only server + + ipv6net + IPv6 address and /96 only prefix length + + + + + + + + + DNSSEC mode + + off process-no-validate process log-fail validate + + + off + No DNSSEC processing whatsoever! + + + process-no-validate + Respond with DNSSEC records to clients that ask for it. No validation done at all! + + + process + Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. + + + log-fail + Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. + + + validate + Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. + + + (off|process-no-validate|process|log-fail|validate) + + + process-no-validate + + + + Domain to forward to a custom DNS server + + txt + An absolute DNS domain name + + + + + + + #include + + + Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC) + + + + + + Set the "recursion desired" bit in requests to the upstream nameserver + + + + + + + + Domain to host authoritative records for + + txt + An absolute DNS domain name + + + ((?!-)[-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) + + + + + + DNS zone records + + + + + A record + + txt + A DNS name relative to the root record + + + @ + Root record + + + any + Wildcard record (any subdomain) + + + ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) + + + + + + IPv4 address + + ipv4 + IPv4 address + + + + + + + + #include + + 300 + + #include + + + + + AAAA record + + txt + A DNS name relative to the root record + + + @ + Root record + + + any + Wildcard record (any subdomain) + + + ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) + + + + + + IPv6 address + + ipv6 + IPv6 address + + + + + + + + #include + + 300 + + #include + + + + + CNAME record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + MX record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Mail server + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + Server priority + + u32:1-999 + Server priority (lower numbers are higher priority) + + + + + + 10 + + + + #include + + 300 + + #include + + + + + NS record + + txt + A DNS name relative to the root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS server authoritative for subdomain + + nsXX.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + #include + + 300 + + #include + + + + + PTR record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + TXT record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Record contents + + txt + Record contents + + + + + #include + + 300 + + #include + + + + + SPF record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Record contents + + txt + Record contents + + + + #include + + 300 + + #include + + + + + SRV record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Service entry + + u32:0-65535 + Entry number + + + + + + + + + Server hostname + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + Port number + + u32:0-65535 + TCP/UDP port number + + + + + + + + + Entry priority + + u32:0-65535 + Entry priority (lower numbers are higher priority) + + + + + + 10 + + + + Entry weight + + u32:0-65535 + Entry weight + + + + + + 0 + + + + #include + + 300 + + #include + + + + + NAPTR record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + NAPTR rule + + u32:0-65535 + Rule number + + + + + + + + + Rule order + + u32:0-65535 + Rule order (lower order is evaluated first) + + + + + + + + + Rule preference + + u32:0-65535 + Rule preference + + + + + + 0 + + + + S flag + + + + + + A flag + + + + + + U flag + + + + + + P flag + + + + + + Service type + + [a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})? + + + + + + Regular expression + + + + + Replacement DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + #include + + 300 + + #include + + + + + #include + + + + + Do not use local /etc/hosts file in name resolution + + + + + + Makes the server authoritatively not aware of RFC1918 addresses + + + + + + Networks allowed to query this server + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + #include + #include + + 53 + + + + Maximum amount of time negative entries are cached + + u32:0-7200 + Seconds to cache NXDOMAIN entries + + + + + + 3600 + + + + Number of times the expired TTL of a record is extended by 30 seconds when serving stale + + u32:0-65535 + Number of times to extend the TTL + + + + + + 0 + + + + Number of milliseconds to wait for a remote authoritative server to respond + + u32:10-60000 + Network timeout in milliseconds + + + + + + 1500 + + #include + #include + + 0.0.0.0 :: + + + + Use system name servers + + + + + + IP address or subnet + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv6 + IPv6 address + + + ipv6net + IPv6 address + + + + + + + + + + + + + DNS server options + + + + + Client netmask for which EDNS Client Subnet will be added + + ipv4net + IPv4 prefix to match + + + !ipv4net + Match everything except the specified IPv4 prefix + + + ipv6net + IPv6 prefix to match + + + !ipv6net + Match everything except the specified IPv6 prefix + + + + + + + + + + + + + Number of bits of IPv4 address to pass for EDNS Client Subnet + + u32:0-32 + Number of bits of IPv4 address + + + + + + + + + Netmask or domain that we should enable EDNS subnet for + + txt + Netmask or domain + + + + + + + + + Load a zone into the recursor cache + + txt + Domain name + + + + + + + + + Zone source + + + + + DNS server address + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + Source URL + + url + Zone file URL + + + + + + + + + + + Zone caching options + + + + + Zone retrieval timeout + + u32:1-3600 + Request timeout in seconds + + + + + + 20 + + + + Zone caching options + + + + + Retrieval zone only at startup and on reload + + + + + + Periodic zone retrieval interval + + u32:0-31536000 + Retrieval interval in seconds + + + + + + 86400 + + + + + + Retry interval after zone retrieval errors + + u32:1-86400 + Retry period in seconds + + + + + + 60 + + + + Maximum zone size in megabytes + + u32:0 + No restriction + + + u32:1-1024 + Size in megabytes + + + + + + 0 + + + + Message Digest for DNS Zones (RFC 8976) + + ignore validate require + + + ignore + Ignore ZONEMD records + + + validate + Validate ZONEMD if present + + + require + Require valid ZONEMD record to be present + + + (ignore|validate|require) + + + validate + + + + DNSSEC mode + + ignore validate require + + + ignore + Do not do DNSSEC validation + + + validate + Reject zones with incorrect signatures but accept unsigned zones + + + require + Require DNSSEC validation + + + (ignore|validate|require) + + + validate + + + + + + + + + + + + diff --git a/interface-definitions/service_event-handler.xml.in b/interface-definitions/service_event-handler.xml.in new file mode 100644 index 0000000..4154081 --- /dev/null +++ b/interface-definitions/service_event-handler.xml.in @@ -0,0 +1,71 @@ + + + + + + + Service event handler + 2 + + + + + Event handler name + + + + + Logs filter settings + + + + + Match pattern (regex) + + + + + Identifier of a process in syslog (string) + + + + + + + Event handler script file + + + + + Script arguments + + + + + Script environment arguments + + + + + Environment value + + + + + + + Path to the script + + + + + + + + + + + + + + diff --git a/interface-definitions/service_https.xml.in b/interface-definitions/service_https.xml.in new file mode 100644 index 0000000..afe430c --- /dev/null +++ b/interface-definitions/service_https.xml.in @@ -0,0 +1,190 @@ + + + + + + + HTTPS configuration + 1001 + + + + + VyOS HTTP API configuration + + + + + HTTP API keys + + + + + HTTP API id + + + + + HTTP API plaintext key + + + + + + + + + Enforce strict path checking + + + + + + Debug + + + + + + + GraphQL support + + + + + Schema introspection + + + + + + GraphQL authentication + + + + + Authentication type + + key token + + + key + Use API keys + + + token + Use JWT token + + + (key|token) + + + key + + + + Token time to expire in seconds + + u32:60-31536000 + Token lifetime in seconds + + + + + + 3600 + + + + Length of shared secret in bytes + + u32:16-65535 + Byte length of generated shared secret + + + + + + 32 + + + + + + + + Set CORS options + + + + + Allow resource request from origin + + + + + + + + #include + + + Enable HTTP to HTTPS redirect + + + + #include + #include + + 443 + + + + Maximum request body size in megabytes + + u32:1-256 + Request body size in megabytes + + + + + + 1 + + + + TLS certificates + + + #include + #include + #include + + + + + Specify available TLS version(s) + + 1.2 1.3 + + + 1.2 + TLSv1.2 + + + 1.3 + TLSv1.3 + + + (1.2|1.3) + + + + 1.2 1.3 + + #include + + + + + diff --git a/interface-definitions/service_ids_ddos-protection.xml.in b/interface-definitions/service_ids_ddos-protection.xml.in new file mode 100644 index 0000000..3ef2640 --- /dev/null +++ b/interface-definitions/service_ids_ddos-protection.xml.in @@ -0,0 +1,167 @@ + + + + + + + Intrusion Detection System + + + + + FastNetMon detection and protection parameters + 731 + + + + + Path to fastnetmon alert script + + + + + How long we should keep an IP in blocked state + + u32:1-4294967294 + Time in seconds + + + + + + 1900 + + + + Direction for processing traffic + + in out + + + (in|out) + + + + + + + Specify IPv4 and IPv6 networks which are going to be excluded from protection + + ipv4net + IPv4 prefix(es) to exclude + + + ipv6net + IPv6 prefix(es) to exclude + + + + + + + + + + + Listen interface for mirroring traffic + + + + + + + + + Traffic capture mode + + mirror sflow + + + mirror + Listen to mirrored traffic + + + sflow + Capture sFlow flows + + + (mirror|sflow) + + + + + + Sflow settings + + + #include + #include + + 6343 + + + + + + Specify IPv4 and IPv6 networks which belong to you + + ipv4net + Your IPv4 prefix(es) + + + ipv6net + Your IPv6 prefix(es) + + + + + + + + + + + Attack limits thresholds + + + + + General threshold + + + #include + + + + + TCP threshold + + + #include + + + + + UDP threshold + + + #include + + + + + ICMP threshold + + + #include + + + + + + + + + + + diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in new file mode 100644 index 0000000..25bc43c --- /dev/null +++ b/interface-definitions/service_ipoe-server.xml.in @@ -0,0 +1,198 @@ + + + + + + + Internet Protocol over Ethernet (IPoE) Server + 900 + + + + + Client authentication methods + + + #include + + + Network interface for client MAC addresses + + + + + + + + Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + VLAN monitor for automatic creation of VLAN interfaces + + u32:1-4094 + Client VLAN id + + + + + VLAN IDs need to be in range 1-4094 + + + + + + + #include + #include + + + #include + + + + + + + Interface to listen dhcp or unclassified packets + + + + + + + + Client connectivity mode + + l2 l3 + + + l2 + Client located on same interface as server + + + l3 + Client located behind a router + + + (l2|l3) + + + l2 + + + + Enables clients to share the same network or each client has its own vlan + + shared vlan + + + (shared|vlan) + + + shared + Multiple clients share the same network + + + vlan + One VLAN per client + + + shared + + + + Client address pool + + ipv4net + IPv4 address and prefix length + + + + + + + + + DHCP requests will be forwarded + + + + + DHCP Server the request will be redirected to. + + ipv4 + IPv4 address of the DHCP Server + + + + + + + + + Relay Agent IPv4 Address + + ipv4 + Gateway IP address + + + + + + + + + #include + #include + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/service_lldp.xml.in b/interface-definitions/service_lldp.xml.in new file mode 100644 index 0000000..51a9f9c --- /dev/null +++ b/interface-definitions/service_lldp.xml.in @@ -0,0 +1,192 @@ + + + + + + + LLDP settings + 985 + + + + + Location data for interface + + all + Location data all interfaces + + + txt + Location data for a specific interface + + + + all + + + #include + all + + + + #include + + + LLDP-MED location data + + + + + Coordinate based location + + + + + Altitude in meters + + 0 + No altitude + + + [+-]<meters> + Altitude in meters + + Altitude should be a positive or negative number + + + + + 0 + + + + Coordinate datum type + + WGS84 + WGS84 + + + NAD83 + NAD83 + + + MLLW + NAD83/MLLW + + + WGS84 NAD83 MLLW + + Datum should be WGS84, NAD83, or MLLW + + (WGS84|NAD83|MLLW) + + + WGS84 + + + + Latitude + + <latitude> + Latitude (example "37.524449N") + + Latitude should be a number followed by S or N + + (\d+)(\.\d+)?[nNsS] + + + + + + Longitude + + <longitude> + Longitude (example "122.267255W") + + Longiture should be a number followed by E or W + + (\d+)(\.\d+)?[eEwW] + + + + + + + + ECS ELIN (Emergency location identifier number) + + u32:0-9999999999 + Emergency Call Service ELIN number (between 10-25 numbers) + + + [0-9]{10,25} + + ELIN number must be between 10-25 numbers + + + + + + + + + Legacy (vendor specific) protocols + + + + + Listen for CDP for Cisco routers/switches + + + + + + Listen for EDP for Extreme routers/switches + + + + + + Listen for FDP for Foundry routers/switches + + + + + + Listen for SONMP for Nortel routers/switches + + + + + + + + Management IP Address + + + + + ipv4 + IPv4 Management Address + + + ipv6 + IPv6 Management Address + + + + + + + + + + Enable SNMP queries of the LLDP database + + + + + + + + diff --git a/interface-definitions/service_mdns_repeater.xml.in b/interface-definitions/service_mdns_repeater.xml.in new file mode 100644 index 0000000..5d6f61d --- /dev/null +++ b/interface-definitions/service_mdns_repeater.xml.in @@ -0,0 +1,82 @@ + + + + + + + Multicast DNS (mDNS) parameters + + + + + mDNS repeater configuration + 990 + + + #include + #include + + + IP address version to use + + _ipv4 + Use only IPv4 address + + + _ipv6 + Use only IPv6 address + + + both + Use both IPv4 and IPv6 address + + + ipv4 ipv6 both + + + (ipv[46]|both) + + IP Version must be literal 'ipv4', 'ipv6' or 'both' + + both + + + + mDNS browsing domains in addition to the default one + + txt + mDNS browsing domain + + + + + + + + + + Allowed mDNS services to be repeated + + txt + mDNS service + + + [-_.a-zA-Z0-9]+ + + Service name must be alphanumeric and can contain hyphens and underscores + + + + + + Disables mDNS repeater on VRRP interfaces not in MASTER state + + + + + + + + + + diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in new file mode 100644 index 0000000..2ac0d94 --- /dev/null +++ b/interface-definitions/service_monitoring_telegraf.xml.in @@ -0,0 +1,317 @@ + + + + + + + Monitoring services + + + + + Telegraf metric collector + 1280 + + + + + Output plugin InfluxDB + + + + + Authentication parameters + + + + + Authentication organization for InfluxDB v2 + + [a-zA-Z][1-9a-zA-Z@_\-.]{2,50} + + Organization name must be alphanumeric and can contain hyphens, underscores and at symbol. + + + + + Authentication token for InfluxDB v2 + + txt + Authentication token + + + [a-zA-Z0-9-_]{86}== + + Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters. + + + + + + + Remote bucket + + main + + #include + #include + + 8086 + + + + + + Output plugin Azure Data Explorer + + + + + Authentication parameters + + + + + Application client id + + #include + + Client-id is limited to alphanumerical characters and can contain hyphen and underscores + + + + + Application client secret + + #include + + Client-secret is limited to alphanumerical characters and can contain hyphen and underscores + + + + + Set tenant id + + #include + + Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores + + + + + + + Remote database name + + txt + Remote database name + + + #include + + Database is limited to alphanumerical characters and can contain hyphen and underscores + + + + + Type of metrics grouping when push to Azure Data Explorer + + single-table table-per-metric + + + single-table + Metrics stores in one table + + + table-per-metric + One table per gorups of metric by the metric name + + + (single-table|table-per-metric) + + + table-per-metric + + + + Name of the single table [Only if set group-metrics single-table] + + txt + Table name + + + #include + + Table is limited to alphanumerical characters and can contain hyphen and underscores + + + #include + + + + + Output plugin Loki + + + + + HTTP basic authentication parameters + + + #include + #include + + + + + Metric name label + + txt + Label to use for the metric name + + + #include + + + + #include + + 3100 + + #include + + + + + Source parameters for monitoring + + all hardware-utilization logs network system telegraf + + + all + All parameters + + + hardware-utilization + Hardware-utilization parameters (CPU, disk, memory) + + + logs + Logs parameters + + + network + Network parameters (net, netstat, nftables) + + + system + System parameters (system, processes, interrupts) + + + telegraf + Telegraf internal statistics + + + (all|hardware-utilization|logs|network|system|telegraf) + + + + all + + + + Output plugin Prometheus client + + + + + HTTP basic authentication parameters + + + + + Authentication username + + + + + Authentication password + + txt + Authentication password + + + + + + + + Networks allowed to query this server + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + #include + + + Metric version control mapping from Telegraf to Prometheus format + + u32:1-2 + Metric version (default: 2) + + + + + + 2 + + #include + + 9273 + + + + + + Output plugin Splunk + + + + + HTTP basic authentication parameters + + + + + Authorization token + + + + + Use TLS but skip host validation + + + + + + #include + + + #include + + + + + + + diff --git a/interface-definitions/service_monitoring_zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in new file mode 100644 index 0000000..e44b313 --- /dev/null +++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in @@ -0,0 +1,195 @@ + + + + + + + + + Zabbix-agent settings + 1280 + + + + + Folder containing individual Zabbix-agent configuration files + + + + + + + + Zabbix agent hostname + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + Limit settings + + + + + Do not keep data longer than N seconds in buffer + + u32:1-3600 + Seconds + + + + + buffer-flush-interval must be between 1 and 3600 seconds + + 5 + + + + Maximum number of values in a memory buffer + + u32:2-65535 + Maximum number of values in a memory buffer + + + + + Buffer-size must be between 2 and 65535 + + 100 + + + + + + Log settings + + + + + Debug level + + basic critical error warning debug extended-debug + + + basic + Basic information + + + critical + Critical information + + + error + Error information + + + warning + Warnings + + + debug + Debug information + + + extended-debug + Extended debug information + + + (basic|critical|error|warning|debug|extended-debug) + + + warning + + + + Enable logging of executed shell commands as warnings + + + + + + Log file size in megabytes + + u32:0-1024 + Megabytes + + + + + Size must be between 0 and 1024 Megabytes + + 0 + + + + #include + + 0.0.0.0 + + #include + + 10050 + + + + Remote server to connect to + + ipv4 + Server IPv4 address + + + ipv6 + Server IPv6 address + + + hostname + Server hostname/FQDN + + + + + + + Remote server address to get active checks from + + ipv4 + Server IPv4 address + + + ipv6 + Server IPv6 address + + + hostname + Server hostname/FQDN + + + + #include + + + + + Item processing timeout in seconds + + u32:1-30 + Item processing timeout + + + + + Timeout must be between 1 and 30 seconds + + 3 + + #include + + + + + + + diff --git a/interface-definitions/service_ndp-proxy.xml.in b/interface-definitions/service_ndp-proxy.xml.in new file mode 100644 index 0000000..aabba3f --- /dev/null +++ b/interface-definitions/service_ndp-proxy.xml.in @@ -0,0 +1,133 @@ + + + + + + + Neighbor Discovery Protocol (NDP) Proxy + 600 + + + + + Refresh interval for IPv6 routes + + u32:10000-120000 + Time in milliseconds + + + + + Route-refresh must be between 10000 and 120000 milliseconds + + 30000 + + + + NDP proxy listener interface + + + + + #include + + + + #include + + + Enable router bit in Neighbor Advertisement messages + + + + + + Timeout for Neighbor Advertisement after Neighbor Solicitation message + + u32:500-120000 + Timeout in milliseconds + + + + + Timeout must be between 500 and 120000 milliseconds + + 500 + + + + Proxy entry cache Time-To-Live + + u32:10000-120000 + Time in milliseconds + + + + + TTL must be between 10000 and 120000 milliseconds + + 30000 + + + + Prefix target addresses are matched against + + ipv6net + IPv6 network prefix + + + ipv6 + IPv6 address + + + + + + + + #include + + + Specify the running mode of the rule + + static auto interface + + + static + Immediately answer any Neighbor Solicitation Messages + + + auto + Check for a matching route in /proc/net/ipv6_route + + + interface + Forward Neighbor Solicitation message through specified interface + + + (static|auto|interface) + + Mode must be either one of: static, auto or interface + + static + + + + Interface to forward Neighbor Solicitation message through. Required for "iface" mode + + + + + #include + + + + + + + + + + + + diff --git a/interface-definitions/service_ntp.xml.in b/interface-definitions/service_ntp.xml.in new file mode 100644 index 0000000..5dc0cd2 --- /dev/null +++ b/interface-definitions/service_ntp.xml.in @@ -0,0 +1,175 @@ + + + + + + + + Network Time Protocol (NTP) configuration + 900 + + + #include + #include + #include + #include + + + Enable Precision Time Protocol (PTP) transport + + + #include + + 319 + + + + Enable timestamping of packets in the NIC hardware + + + + + Interface to enable timestamping on + + + all + + + all + Select all interfaces + + + txt + Interface name + + + #include + all + + + + + + Selects which inbound packets are timestamped by the NIC + + all ntp ptp none + + + all + All packets are timestamped + + + ntp + Only NTP packets are timestamped + + + ptp + Only PTP or NTP packets using the PTP transport are timestamped + + + none + No packet is timestamped + + + (all|ntp|ptp|none) + + + + + + + + + + + + Leap second behavior + + ignore smear system timezone + + + ignore + No correction is applied to the clock for the leap second + + + smear + Correct served time slowly be slewing instead of stepping + + + system + Kernel steps the system clock forward or backward + + + timezone + Use UTC timezone database to determine when will the next leap second occur + + + (ignore|smear|system|timezone) + + + timezone + + + + Network Time Protocol (NTP) server + + ipv4 + IP address of NTP server + + + ipv6 + IPv6 address of NTP server + + + hostname + Fully qualified domain name of NTP server + + + + + + + + + + Marks the server as unused + + + + + + Enable Network Time Security (NTS) for the server + + + + + + Associate with a number of remote servers + + + + + + Marks the server as preferred + + + + + + Use Precision Time Protocol (PTP) transport for the server + + + + + + Use the interleaved mode for the server + + + + + + + + + + diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in new file mode 100644 index 0000000..0c99fd2 --- /dev/null +++ b/interface-definitions/service_pppoe-server.xml.in @@ -0,0 +1,180 @@ + + + + + + + Point to Point over Ethernet (PPPoE) Server + 900 + + + #include + + vyos-ac + + + + Authentication for remote access PPPoE Server + + + #include + #include + #include + #include + #include + + + #include + + + Format of Called-Station-Id attribute + + ifname ifname:mac + + + (ifname|ifname:mac) + + Invalid Called-Station-Id format + + ifname + NAS-Port-Id - should contain root interface name (NAS-Port-Id=eth1) + + + ifname:mac + NAS-Port-Id - should contain root interface name and mac address (NAS-Port-Id=eth1:00:00:00:00:00:00) + + + + + + + + Authentication with any login + + + + + + + + interface(s) to listen on + + + + + + #include + #include + + + + + Service name + + [a-zA-Z0-9\-]{1,100} + + Service-name can contain aplhanumerical characters and dashes only (max. 100) + + + + + + Accept any service name in PPPoE Active Discovery Request (PADR) + + + + + + Accept blank service name in PADR + + + + + + PADO delays + + disable + Disable new connections + + + disable + + + u32:1-999999 + Number in ms + + + + disable + + Invalid PADO delay + + + + + Number of sessions + + u32:1-999999 + Number of sessions + + + + + Invalid number of delayed sessions + + + + + + + control sessions count + + (deny|disable|replace) + + Invalid value + + disable + Disables session control + + + deny + Deny second session authorization + + + replace + Terminate first session when second is authorized + + + deny disable replace + + + replace + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + + 1280 + + + + #include + #include + #include + #include + #include + #include + + + + + diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in new file mode 100644 index 0000000..3fd3354 --- /dev/null +++ b/interface-definitions/service_router-advert.xml.in @@ -0,0 +1,405 @@ + + + + + + + IPv6 Router Advertisements (RAs) service + 900 + + + + + Interface to send RA on + + + + + + + + Set Hop Count field of the IP header for outgoing packets + + u32:0 + Unspecified (by this router) + + + u32:1-255 + Value should represent current diameter of the Internet + + + + + Hop count must be between 0 and 255 + + 64 + + + + Lifetime associated with the default router in units of seconds + + u32:4-9000 + Router Lifetime in seconds + + + 0 + Not a default router + + + + + Default router livetime bust be 0 or between 4 and 9000 + + + + + Preference associated with the default router, + + low medium high + + + low + Default router has low preference + + + medium + Default router has medium preference + + + high + Default router has high preference + + + (low|medium|high) + + Default preference must be low, medium or high + + medium + + + + DNS search list + + + + + + Link MTU value placed in RAs, exluded in RAs if unset + + u32:1280-9000 + Link MTU value in RAs + + + + + Link MTU must be between 1280 and 9000 + + + + + Hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using SLAAC + + + + + + Set interval between unsolicited multicast RAs + + + + + Maximum interval between unsolicited multicast RAs + + u32:4-1800 + Maximum interval in seconds + + + + + Maximum interval must be between 4 and 1800 seconds + + 600 + + + + Minimum interval between unsolicited multicast RAs + + u32:3-1350 + Minimum interval in seconds + + + + + Minimum interval must be between 3 and 1350 seconds + + + + + #include + + + Maximum duration how long the RDNSS entries are used + + u32:0 + Name-servers should no longer be used + + + u32:1-7200 + Maximum interval in seconds + + + + + Maximum interval must be between 1 and 7200 seconds + + + + + Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information + + + + + + IPv6 route to be advertised in Router Advertisements (RAs) + + ipv6net + IPv6 route to be advertized + + + + + + + + + Time in seconds that the route will remain valid + + infinity + + + u32:1-4294967295 + Time in seconds that the route will remain valid + + + infinity + Route will remain preferred forever + + + + (infinity) + + + 1800 + + + + Preference associated with the route, + + low medium high + + + low + Route has low preference + + + medium + Route has medium preference + + + high + Route has high preference + + + (low|medium|high) + + Route preference must be low, medium or high + + medium + + + + Do not announce this route with a zero second lifetime upon shutdown + + + + + + + + NAT64 prefix included in the router advertisements + + ipv6net + IPv6 prefix to be advertized + + + + + + + + + Time in seconds that the prefix will remain valid + + infinity + + + u32:4-65528 + Time in seconds that the prefix will remain valid + + + + + + 65528 + + + + + + IPv6 prefix to be advertised in Router Advertisements (RAs) + + ipv6net + IPv6 prefix to be advertized + + + + + + + + + Prefix can not be used for stateless address auto-configuration + + + + + + Prefix can not be used for on-link determination + + + + + + Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA + + + + + + Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix + + + + + + Time in seconds that the prefix will remain preferred + + infinity + + + u32 + Time in seconds that the prefix will remain preferred + + + infinity + Prefix will remain preferred forever + + + + (infinity) + + + 14400 + + + + Time in seconds that the prefix will remain valid + + infinity + + + u32:1-4294967295 + Time in seconds that the prefix will remain valid + + + infinity + Prefix will remain preferred forever + + + + (infinity) + + + 2592000 + + + + + + Use IPv6 address as source address. Useful with VRRP. + + ipv6 + IPv6 address to be advertized (must be configured on interface) + + + + + + + + + + Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation + + u32:0 + Reachable Time unspecified by this router + + + u32:1-3600000 + Reachable Time value in RAs (in milliseconds) + + + + + Reachable time must be 0 or between 1 and 3600000 milliseconds + + 0 + + + + Time in milliseconds between retransmitted Neighbor Solicitation messages + + u32:0 + Time, in milliseconds, between retransmitted Neighbor Solicitation messages + + + u32:1-4294967295 + Minimum interval in milliseconds + + + + + Retransmit interval must be 0 or between 1 and 4294967295 milliseconds + + 0 + + + + Do not send router adverts + + + + + + Do not send Advertisement Interval option in RAs + + + + + + + + + + diff --git a/interface-definitions/service_salt-minion.xml.in b/interface-definitions/service_salt-minion.xml.in new file mode 100644 index 0000000..eaa2899 --- /dev/null +++ b/interface-definitions/service_salt-minion.xml.in @@ -0,0 +1,74 @@ + + + + + + + Salt Minion + 500 + + + + + Hash used when discovering file on master server (default: sha256) + + md5 sha1 sha224 sha256 sha384 sha512 + + + (md5|sha1|sha224|sha256|sha384|sha512) + + + sha256 + + + + Hostname or IP address of the Salt master server + + ipv4 + Salt server IPv4 address + + + ipv6 + Salt server IPv6 address + + + hostname + Salt server FQDN address + + + + + + Invalid FQDN or IP address + + + + + + Explicitly declare ID for this minion to use (default: hostname) + + + + + Interval in minutes between updates (default: 60) + + u32:1-1440 + Update interval in minutes + + + + + + 60 + + + + URL with signature of master for auth reply verification + + + #include + + + + + diff --git a/interface-definitions/service_sla.xml.in b/interface-definitions/service_sla.xml.in new file mode 100644 index 0000000..2cd6819 --- /dev/null +++ b/interface-definitions/service_sla.xml.in @@ -0,0 +1,37 @@ + + + + + + + Service level agreement (SLA) + 2 + + + + + One-way active measurement protocol (OWAMP) server + + + #include + + 861 + + + + + + Two-way active measurement protocol (TWAMP) server + + + #include + + 862 + + + + + + + + diff --git a/interface-definitions/service_snmp.xml.in b/interface-definitions/service_snmp.xml.in new file mode 100644 index 0000000..f23151e --- /dev/null +++ b/interface-definitions/service_snmp.xml.in @@ -0,0 +1,599 @@ + + + + + + + + Simple Network Management Protocol (SNMP) + 900 + + + + + Community name + + [[:alnum:]-_!@*#]{1,100} + + Community string is limited to alphanumerical characters, -, _, !, @, *, and # with a total lenght of 100 + + + + + Authorization type + + ro rw + + + ro + Read-Only + + + rw + Read-Write + + + (ro|rw) + + Authorization type must be either 'rw' or 'ro' + + ro + + + + IP address of SNMP client allowed to contact system + + + + + + + + + + Subnet of SNMP client(s) allowed to contact system + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + 0.0.0.0/0 ::/0 + + + + + + Contact information + + .{1,255} + + Contact information is limited to 255 characters or less + + + #include + + + Management information base (MIB) + + + + + Sets the maximum number of interfaces included in IF-MIB data collection + + u32:1-4294967295 + Sets the maximum number of interfaces included in IF-MIB data collection + + + + + + + + + Sets the interface name prefix to include in the IF-MIB data collection + + br bond dum eth gnv macsec peth sstpc tun veth vti vtun vxlan wg wlan wwan + + + br + Allow prefix for IF-MIB data collection + + + bond + Allow prefix for IF-MIB data collection + + + dum + Allow prefix for IF-MIB data collection + + + eth + Allow prefix for IF-MIB data collection + + + gnv + Allow prefix for IF-MIB data collection + + + macsec + Allow prefix for IF-MIB data collection + + + peth + Allow prefix for IF-MIB data collection + + + sstpc + Allow prefix for IF-MIB data collection + + + tun + Allow prefix for IF-MIB data collection + + + veth + Allow prefix for IF-MIB data collection + + + vti + Allow prefix for IF-MIB data collection + + + vtun + Allow prefix for IF-MIB data collection + + + vxlan + Allow prefix for IF-MIB data collection + + + wg + Allow prefix for IF-MIB data collection + + + wlan + Allow prefix for IF-MIB data collection + + + wwan + Allow prefix for IF-MIB data collection + + + (br|bond|dum|eth|gnv|macsec|peth|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan) + + + + + + + + + IP address to listen for incoming SNMP requests + + + + + ipv4 + IPv4 address to listen for incoming SNMP requests + + + ipv6 + IPv6 address to listen for incoming SNMP requests + + + + + + + #include + + 161 + + + + + + Location information + + .{1,255} + + Location is limited to 255 characters or less + + + + + Enable specific OIDs that by default are disable + + ip-forward ip-route-table ip-net-to-media-table ip-net-to-physical-phys-address + + + ip-forward + Enable ipForward: .1.3.6.1.2.1.4.24 + + + ip-route-table + Enable ipRouteTable: .1.3.6.1.2.1.4.21 + + + ip-net-to-media-table + Enable ipNetToMediaTable: .1.3.6.1.2.1.4.22 + + + ip-net-to-physical-phys-address + Enable ipNetToPhysicalPhysAddress: .1.3.6.1.2.1.4.35 + + + (ip-forward|ip-route-table|ip-net-to-media-table|ip-net-to-physical-phys-address) + + OID must be one of the liste options + + + + #include + + + Register a subtree for SMUX-based processing + + txt + SNMP Object Identifier + + + + + + + SNMP trap source address + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + Address of trap target + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + Community used when sending trap information + + + #include + + 162 + + + + + + Simple Network Management Protocol (SNMP) v3 + + + + + Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002) + + ([0-9a-f][0-9a-f]){1,18} + + ID must contain an even number (from 2 to 36) of hex digits + + + + + + Specifies the group with name groupname + + + #include + + + Security levels + + noauth auth priv + + + noauth + Messages not authenticated and not encrypted (noAuthNoPriv) + + + auth + Messages are authenticated but not encrypted (authNoPriv) + + + priv + Messages are authenticated and encrypted (authPriv) + + + (noauth|auth|priv) + + + auth + + + + Defines the name of view + + service snmp v3 view + + + + + + + + Defines SNMP target for inform or traps for IP + + ipv4 + IP address of trap target + + + ipv6 + IPv6 address of trap target + + + + + + + + + + Defines the privacy + + + + + Defines the encrypted key for authentication + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for authentication + + .{8,} + + Key must contain 8 or more characters + + + #include + + + #include + + 162 + + + + Defines the privacy + + + + + Defines the encrypted key for privacy protocol + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for privacy protocol + + .{8,} + + Key must contain 8 or more characters + + + #include + + + #include + + + Specifies the type of notification between inform and trap + + inform trap + + + inform + Use INFORM + + + trap + Use TRAP + + + (inform|trap) + + + inform + + + + Defines username for authentication + + service snmp v3 user + + + + + + + + Specifies the user with name username + + [^\(\)\|\-]+ + + Illegal characters in name + + + + + Specifies the auth + + + + + Defines the encrypted key for authentication + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for authentication + + .{8,} + + Key must contain 8 or more characters + + + #include + + + + + Specifies group for user name + + service snmp v3 group + + + + #include + + + Defines the privacy + + + + + Defines the encrypted key for privacy protocol + + [0-9a-f]* + + Encrypted key must only contain hex digits + + + + + Defines the clear text key for privacy protocol + + .{8,} + + Key must contain 8 or more characters + + + #include + + + + + + + Specifies the view with name viewname + + [^\(\)\|\-]+ + + Illegal characters in name + + + + + Specifies the oid + + [0-9]+(\.[0-9]+)* + + OID must start from a number + + + + + Exclude is an optional argument + + + + + + Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant + + [0-9a-f]{2}([\.:][0-9a-f]{2})* + + MASK is a list of hex octets, separated by '.' or ':' + + + + + + + + + + + SNMP script extensions + + + + + Extension name + + [a-z0-9\.\-\_]+ + + Script extension contains invalid characters + + + + + Script location and name + + + + + [a-z0-9\.\-\_\/]+ + + Script extension contains invalid characters + + + + + + + #include + + + + + diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in new file mode 100644 index 0000000..221e451 --- /dev/null +++ b/interface-definitions/service_ssh.xml.in @@ -0,0 +1,283 @@ + + + + + System services + + + + + Secure Shell (SSH) + 1000 + + + + + SSH user/group access controls + + + + + Allow user/group SSH access + + + #include + #include + + + + + Deny user/group SSH access + + + #include + #include + + + + + + + Allowed ciphers + + + 3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com + + + (3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|rijndael-cbc@lysator.liu.se|aes128-ctr|aes192-ctr|aes256-ctr|aes128-gcm@openssh.com|aes256-gcm@openssh.com|chacha20-poly1305@openssh.com) + + + + + + + Disable IP Address to Hostname lookup + + + + + + Disable password-based authentication + + + + + + Allow dynamic protection + + + + + Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 + + u32:1-65535 + Time interval in seconds for blocking + + + + + + 120 + + + + Remember source IP in seconds before reset their score + + u32:1-65535 + Time interval in seconds + + + + + + 1800 + + + + Block source IP when their cumulative attack score exceeds threshold + + u32:1-65535 + Threshold score + + + + + + 30 + + + + Always allow inbound connections from these systems + + ipv4 + Address to match against + + + ipv4net + IPv4 address and prefix length + + + ipv6 + IPv6 address to match against + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + + + + Allowed host key signature algorithms + + + ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp256@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-rsa-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com + + + + (ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ssh-rsa|rsa-sha2-256|rsa-sha2-512|ssh-dss|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|sk-ecdsa-sha2-nistp256@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512-cert-v01@openssh.com|ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com) + + + + + + Allowed pubkey signature algorithms + + + ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-dss ssh-dss-cert-v01@openssh.com ssh-rsa ssh-rsa-cert-v01@openssh.com rsa-sha2-256 rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512 rsa-sha2-512-cert-v01@openssh.com + + + + (ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ecdsa-sha2-nistp256|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-dss|ssh-dss-cert-v01@openssh.com|ssh-rsa|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512|rsa-sha2-512-cert-v01@openssh.com) + + + + + + Allowed key exchange (KEX) algorithms + + + diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256 curve25519-sha256@libssh.org + + + + (diffie-hellman-group1-sha1|diffie-hellman-group14-sha1|diffie-hellman-group14-sha256|diffie-hellman-group16-sha512|diffie-hellman-group18-sha512|diffie-hellman-group-exchange-sha1|diffie-hellman-group-exchange-sha256|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|curve25519-sha256|curve25519-sha256@libssh.org) + + + + #include + + + Log level + + quiet fatal error info verbose + + + quiet + stay silent + + + fatal + log fatals only + + + error + log errors and fatals only + + + info + default log level + + + verbose + enable logging of failed login attempts + + + (quiet|fatal|error|info|verbose) + + + info + + + + Allowed message authentication code (MAC) algorithms + + + hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com + + + (hmac-sha1|hmac-sha1-96|hmac-sha2-256|hmac-sha2-512|hmac-md5|hmac-md5-96|umac-64@openssh.com|umac-128@openssh.com|hmac-sha1-etm@openssh.com|hmac-sha1-96-etm@openssh.com|hmac-sha2-256-etm@openssh.com|hmac-sha2-512-etm@openssh.com|hmac-md5-etm@openssh.com|hmac-md5-96-etm@openssh.com|umac-64-etm@openssh.com|umac-128-etm@openssh.com) + + + + + + + Port for SSH service + + u32:1-65535 + Numeric IP port + + + + + + + 22 + + + + SSH session rekey limit + + + + + Threshold data in megabytes + + u32:1-65535 + Megabytes + + + + + + + + + Threshold time in minutes + + u32:1-65535 + Minutes + + + + + + + + + + + Enable transmission of keepalives from server to client + + u32:1-65535 + Time interval in seconds for keepalive message + + + + + + + #include + + + + + diff --git a/interface-definitions/service_stunnel.xml.in b/interface-definitions/service_stunnel.xml.in new file mode 100644 index 0000000..d88909b --- /dev/null +++ b/interface-definitions/service_stunnel.xml.in @@ -0,0 +1,130 @@ + + + + + System services + + + + + Stunnel TLS Proxy + 1000 + + + + + Stunnel server config + + + #include + #include + #include + #include + + + Application protocol to negotiate TLS + + cifs imap pgsql pop3 proxy smtp socks + + #include + #include + #include + #include + #include + #include + #include + + (cifs|imap|pgsql|pop3|proxy|smtp|socks) + + + + + + + + Stunnel client config + + + #include + #include + #include + #include + + + Application protocol to negotiate TLS + + cifs connect imap nntp pgsql pop3 proxy smtp socks + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + (cifs|connect|imap|nntp|pgsql|pop3|proxy|smtp|socks) + + + + #include + + + + + Service logging + + + + + Specifies log level. + + emerg alert crit err warning notice info debug + + + emerg + Emerg log level + + + alert + Alert log level + + + crit + Critical log level + + + err + Error log level + + + warning + Warning log level + + + notice + Notice log level + + + info + Info log level + + + debug + Debug log level + + + (emerg|alert|crit|err|warning|notice|info|debug) + + + notice + + + + + + + + diff --git a/interface-definitions/service_suricata.xml.in b/interface-definitions/service_suricata.xml.in new file mode 100644 index 0000000..e0159e2 --- /dev/null +++ b/interface-definitions/service_suricata.xml.in @@ -0,0 +1,238 @@ + + + + + + + Network IDS, IPS and Security Monitoring + 740 + + + #include + + + Address group name + + [a-z0-9-]+ + + + + + + IP address or subnet + + ipv4 + IPv4 address to match + + + ipv6 + IPv6 address to match + + + ipv4net + IPv4 prefix to match + + + ipv6net + IPv6 prefix to match + + + !ipv4 + Exclude the specified IPv4 address from matches + + + !ipv6 + Exclude the specified IPv6 address from matches + + + !ipv4net + Exclude the specified IPv6 prefix from matches + + + !ipv6net + Exclude the specified IPv6 prefix from matches + + + + + + + + + + + + + + + + + Address group + + service ids suricata address-group + + + txt + Address group to match + + + !txt + Exclude the specified address group from matches + + + !?[a-z0-9-]+ + + + + + + + + + Port group name + + [a-z0-9-]+ + + + + + + Port number + + u32:1-65535 + Numeric port to match + + + !u32:1-65535 + Numeric port to exclude from matches + + + start-end + Numbered port range (e.g. 1001-1005) to match + + + !start-end + Numbered port range (e.g. !1001-1005) to exclude from matches + + + + + + + + + + + Port group + + service ids suricata port-group + + + txt + Port group to match + + + !txt + Exclude the specified port group from matches + + + !?[a-z0-9-]+ + + + + + + + + + Suricata log outputs + + + + + Extensible Event Format (EVE) + + + + + EVE logging destination + + regular syslog + + + regular + Log to filename + + + syslog + Log to syslog + + + (regular|syslog) + + + regular + + + + Log file + + filename + File name in default Suricata log directory + + + /path + Absolute file path + + + eve.json + + + + Log types + + alert anomaly drop files http dns tls smtp dnp3 ftp rdp nfs smb tftp ikev2 dcerpc krb5 snmp rfb sip dhcp ssh mqtt http2 flow netflow + + + alert + Record events for rule matches + + + anomaly + Record unexpected conditions such as truncated packets, packets with invalid IP/UDP/TCP length values, and other events that render the packet invalid for further processing or describe unexpected behavior on an established stream + + + drop + Record events for dropped packets + + + file + Record file details (e.g., MD5) for files extracted from application protocols (e.g., HTTP) + + + application (http, dns, tls, ...) + Record application-level transactions + + + flow + Record bi-directional flows + + + netflow + Record uni-directional flows + + + (alert|anomaly|http|dns|tls|files|drop|smtp|dnp3|ftp|rdp|nfs|smb|tftp|ikev2|dcerpc|krb5|snmp|rfb|sip|dhcp|ssh|mqtt|http2|flow|netflow) + + + + + + + + + + + + + diff --git a/interface-definitions/service_tftp-server.xml.in b/interface-definitions/service_tftp-server.xml.in new file mode 100644 index 0000000..e48b5a3 --- /dev/null +++ b/interface-definitions/service_tftp-server.xml.in @@ -0,0 +1,32 @@ + + + + + + + + Trivial File Transfer Protocol (TFTP) server + 990 + + + + + Folder containing files served by TFTP + + + + + Allow TFTP file uploads + + + + #include + + 69 + + #include + + + + + diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in new file mode 100644 index 0000000..637d578 --- /dev/null +++ b/interface-definitions/service_webproxy.xml.in @@ -0,0 +1,654 @@ + + + + + + + Webproxy service settings + 500 + + + + + Safe port ACL + + u32:1-1024 + Port number. Ports included by default: 21,70,80,210,280,443,488,591,777,873,1025-65535 + + + + + + + + + + SSL safe port + + u32:1-65535 + Port number. Ports included by default: 443 + + + + + + + + + + Default domain name + + domain + Domain to use for urls that do not contain a '.' + + + [.][A-Za-z0-9][-.A-Za-z0-9]* + + Must start append-domain with a '.' + + + + + Proxy Authentication Settings + + + + + Number of authentication helper processes + + n + Number of authentication helper processes + + + + + + 5 + + + + Authenticated session time to live in minutes + + n + Authenticated session timeout + + + + + + 60 + + + + LDAP authentication settings + + + + + LDAP Base DN to search + + + + + LDAP DN used to bind to server + + + + + Filter expression to perform LDAP search with + + + + + LDAP password to bind with + + + + + Use persistent LDAP connection + + + + #include + + 389 + + + + LDAP server to use + + + + + Use SSL/TLS for LDAP connection + + + + + + LDAP username attribute + + + + + LDAP protocol version + + 2 3 + + + 2 + LDAP protocol version 2 + + + 3 + LDAP protocol version 2 + + + + + + 3 + + + + + + Authentication Method + + ldap + + + ldap + Lightweight Directory Access Protocol + + + (ldap) + + The only supported method currently is LDAP + + + + + Name of authentication realm (e.g. "My Company proxy server") + + + + + + + Specify other caches in a hierarchy + + hostname + Cache peers FQDN + + + + + + Hostname or IP address of peer + + ipv4 + Squid cache-peer IPv4 address + + + hostname + Squid cache-peer hostname + + + + + + Invalid FQDN or IP address + + + + + Default Proxy Port + + u32:1025-65535 + Default port number + + + + + + 3128 + + + + Cache peer ICP port + + u32:0 + Cache peer disabled + + + u32:1-65535 + Cache peer ICP port + + + + + + 0 + + + + Cache peer options + + txt + Cache peer options + + + no-query default + + + + Squid peer type (default parent) + + parent sibling multicast + + + parent + Peer is a parent + + + sibling + Peer is a sibling + + + multicast + Peer is a member of a multicast group + + + (parent|sibling|multicast) + + + parent + + + + + + Disk cache size in MB + + u32 + Disk cache size in MB + + + 0 + Disable disk caching + + + 100 + + + + Default Proxy Port + + u32:1025-65535 + Default port number + + + + + + 3128 + + + + Disable logging of HTTP accesses + + + + + + Domain name to block + + + + + + Domain name to access without caching + + + + + + IPv4 listen-address for WebProxy + + + + + ipv4 + IPv4 address listen on + + + + + + Default Proxy Port + + u32:1025-65535 + Default port number + + + + + + + + + + Disable transparent mode + + + + + + + + Maximum size of object to be stored in cache in kilobytes + + u32 + Object size in KB + + + + + + + + + Memory cache size in MB + + u32 + Memory cache size in MB + + + + + + 20 + + + + Maximum size of object to be stored in cache in kilobytes + + u32 + Object size in KB + + + + + + + + + Outgoing IP address for webproxy + + + + + MIME type to block + + image/gif www/mime application/macbinary application/oda application/octet-stream application/pdf application/postscript application/postscript application/postscript text/rtf application/octet-stream application/octet-stream application/x-tar application/x-csh application/x-dvi application/x-hdf application/x-latex text/plain application/x-netcdf application/x-netcdf application/x-sh application/x-tcl application/x-tex application/x-texinfo application/x-texinfo application/x-troff application/x-troff application/x-troff application/x-troff-man application/x-troff-me application/x-troff-ms application/x-wais-source application/zip application/x-bcpio application/x-cpio application/x-gtar application/x-rpm application/x-shar application/x-sv4cpio application/x-sv4crc application/x-tar application/x-ustar audio/basic audio/basic audio/mpeg audio/mpeg audio/mpeg audio/x-aiff audio/x-aiff audio/x-aiff audio/x-wav image/bmp image/ief image/jpeg image/jpeg image/jpeg image/tiff image/tiff image/x-cmu-raster image/x-portable-anymap image/x-portable-bitmap image/x-portable-graymap image/x-portable-pixmap image/x-rgb image/x-xbitmap image/x-xpixmap image/x-xwindowdump text/html text/html text/css application/x-javascript text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/plain text/richtext text/tab-separated-values text/x-setext video/mpeg video/mpeg video/mpeg video/quicktime video/quicktime video/x-msvideo video/x-sgi-movie application/mac-compactpro application/mac-binhex40 application/macwriteii application/msword application/msword application/vnd.ms-excel application/vnd.ms-powerpoint application/vnd.lotus-1-2-3 application/vnd.mif application/x-stuffit application/pict application/pict application/x-arj-compressed application/x-lha-compressed application/x-lha-compressed application/x-deflate text/plain application/octet-stream application/octet-stream image/png application/octet-stream application/x-xpinstall application/octet-stream text/plain application/x-director application/x-director application/x-director image/vnd.djvu image/vnd.djvu application/octet-stream application/octet-stream application/andrew-inset x-conference/x-cooltalk model/iges model/iges audio/midi audio/midi audio/midi model/mesh model/mesh video/vnd.mpegurl chemical/x-pdb application/x-chess-pgn audio/x-realaudio audio/x-pn-realaudio audio/x-pn-realaudio text/sgml text/sgml application/x-koan application/x-koan application/x-koan application/x-koan application/smil application/smil application/octet-stream application/x-futuresplash application/x-shockwave-flash application/x-cdlink model/vrml image/vnd.wap.wbmp application/vnd.wap.wbxml application/vnd.wap.wmlc application/vnd.wap.wmlscriptc application/vnd.wap.wmlscript application/xhtml application/xhtml text/xml text/xml chemical/x-xyz text/plain + + + (image/gif|www/mime|application/macbinary|application/oda|application/octet-stream|application/pdf|application/postscript|application/postscript|application/postscript|text/rtf|application/octet-stream|application/octet-stream|application/x-tar|application/x-csh|application/x-dvi|application/x-hdf|application/x-latex|text/plain|application/x-netcdf|application/x-netcdf|application/x-sh|application/x-tcl|application/x-tex|application/x-texinfo|application/x-texinfo|application/x-troff|application/x-troff|application/x-troff|application/x-troff-man|application/x-troff-me|application/x-troff-ms|application/x-wais-source|application/zip|application/x-bcpio|application/x-cpio|application/x-gtar|application/x-rpm|application/x-shar|application/x-sv4cpio|application/x-sv4crc|application/x-tar|application/x-ustar|audio/basic|audio/basic|audio/mpeg|audio/mpeg|audio/mpeg|audio/x-aiff|audio/x-aiff|audio/x-aiff|audio/x-wav|image/bmp|image/ief|image/jpeg|image/jpeg|image/jpeg|image/tiff|image/tiff|image/x-cmu-raster|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-xbitmap|image/x-xpixmap|image/x-xwindowdump|text/html|text/html|text/css|application/x-javascript|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/plain|text/richtext|text/tab-separated-values|text/x-setext|video/mpeg|video/mpeg|video/mpeg|video/quicktime|video/quicktime|video/x-msvideo|video/x-sgi-movie|application/mac-compactpro|application/mac-binhex40|application/macwriteii|application/msword|application/msword|application/vnd.ms-excel|application/vnd.ms-powerpoint|application/vnd.lotus-1-2-3|application/vnd.mif|application/x-stuffit|application/pict|application/pict|application/x-arj-compressed|application/x-lha-compressed|application/x-lha-compressed|application/x-deflate|text/plain|application/octet-stream|application/octet-stream|image/png|application/octet-stream|application/x-xpinstall|application/octet-stream|text/plain|application/x-director|application/x-director|application/x-director|image/vnd.djvu|image/vnd.djvu|application/octet-stream|application/octet-stream|application/andrew-inset|x-conference/x-cooltalk|model/iges|model/iges|audio/midi|audio/midi|audio/midi|model/mesh|model/mesh|video/vnd.mpegurl|chemical/x-pdb|application/x-chess-pgn|audio/x-realaudio|audio/x-pn-realaudio|audio/x-pn-realaudio|text/sgml|text/sgml|application/x-koan|application/x-koan|application/x-koan|application/x-koan|application/smil|application/smil|application/octet-stream|application/x-futuresplash|application/x-shockwave-flash|application/x-cdlink|model/vrml|image/vnd.wap.wbmp|application/vnd.wap.wbxml|application/vnd.wap.wmlc|application/vnd.wap.wmlscriptc|application/vnd.wap.wmlscript|application/xhtml|application/xhtml|text/xml|text/xml|chemical/x-xyz|text/plain) + + + + + + + Maximum reply body size in KB + + u32 + Reply size in KB + + + + + + + + + URL filtering settings + + + #include + + + URL filtering via squidGuard redirector + + + #include + + + Auto update settings + + + + + Hour of day for database update + + u32:0-23 + Hour for database update + + + + + + 0 + + + + + + Redirect URL for filtered websites + + url + URL for redirect + + + block.vyos.net + + + + URL filter rule for a source-group + + u32:1-1024 + Rule Number + + + + + SquidGuard rule must between 1-1024 + + + #include + + + Redirect URL for filtered websites + + url + URL for redirect + + + + + + Source-group for this rule + + group + Source group identifier for this rule + + + service webproxy url-filtering squidguard source-group + + + + + + Time-period for this rule + + period + Time period for this rule + + + service webproxy url-filtering squidguard time-period + + + + + + + + Source group name + + name + Name of source group + + + [^0-9][a-zA-Z_][a-zA-Z0-9][\w\-\.]* + + URL-filter source-group cannot start with a number! + + + + + Address for source-group + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + + + + + + + + #include + + + Domain for source-group + + domain + Domain name for the source-group + + + + + + + LDAP search expression for an IP address list + + + + + + LDAP search expression for a user group + + + + + + List of user names + + + + + + + Time period name + + + + + Time-period days + + Sun Mon Tue Wed Thu Fri Sat weekdays weekend all + + + Sun + Sunday + + + Mon + Monday + + + Tue + Tuesday + + + Wed + Wednesday + + + Thu + Thursday + + + Fri + Friday + + + Sat + Saturday + + + weekdays + Monday through Friday + + + weekend + Saturday and Sunday + + + all + All days of the week + + + (Sun|Mon|Tue|Wed|Thu|Fri|Sat|weekdays|weekend|all) + + + + + + Time for time-period + + <hh:mm - hh:mm> + Time range in 24hr time + + + + (\d\d:\d\d)-(\d\d:\d\d) + + Expected time format hh:mm - hh:mm in 24hr time + + + + + #include + + + + + + + + + + + diff --git a/interface-definitions/system_acceleration.xml.in b/interface-definitions/system_acceleration.xml.in new file mode 100644 index 0000000..fb5c9d4 --- /dev/null +++ b/interface-definitions/system_acceleration.xml.in @@ -0,0 +1,21 @@ + + + + + + + Acceleration components + 50 + + + + + Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration + + + + + + + + diff --git a/interface-definitions/system_config-management.xml.in b/interface-definitions/system_config-management.xml.in new file mode 100644 index 0000000..e666633 --- /dev/null +++ b/interface-definitions/system_config-management.xml.in @@ -0,0 +1,74 @@ + + + + + + + Configuration management settings + 400 + + + + + Commit archive settings + + + + + Commit archive location + + http://<user>:<passwd>@<host>/<path> + + + + https://<user>:<passwd>@<host>/<path> + + + + ftp://<user>:<passwd>@<host>/<path> + + + + sftp://<user>:<passwd>@<host>/<path> + + + + scp://<user>:<passwd>@<host>/<path> + + + + tftp://<host>/<path> + + + + git+https://<user>:<passwd>@<host>/<path> + + + + + (ssh|git|git\+(\w+)):\/\/.* + + + + + #include + + + + + Commit revisions + + u32:1-65535 + Number of config backups to keep + + + + + Number of revisions must be between 0 and 65535 + + + + + + + diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in new file mode 100644 index 0000000..cd59d13 --- /dev/null +++ b/interface-definitions/system_conntrack.xml.in @@ -0,0 +1,555 @@ + + + + + + + Connection Tracking Engine Options + + 218 + + + + + Enable connection tracking flow accounting + + + + + + Size of connection tracking expect table + + u32:1-50000000 + Number of entries allowed in connection tracking expect table + + + + + + 2048 + + + + Hash size for connection tracking table + + u32:1-50000000 + Size of hash to use for connection tracking table + + + + + + 32768 + + + + Customized rules to ignore selective connection tracking + + + + + IPv4 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack ignore rule + + + + + Ignore rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + #include + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + + + + Source parameters + + + #include + #include + #include + + + #include + + + + + + + IPv6 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack ignore rule + + + + + Ignore rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + #include + + + + + Interface to ignore connections tracking on + + any + + + + + #include + + + Protocol to match (protocol name, number, or "all") + + + all tcp_udp + + + all + All IP protocols + + + tcp_udp + Both TCP and UDP + + + u32:0-255 + IP protocol number + + + <protocol> + IP protocol name + + + !<protocol> + IP protocol name + + + + + + + + + Source parameters + + + #include + #include + #include + + + #include + + + + + + + + + + Log connection tracking + + + + + Event type and protocol + + + + + Log connection deletion + + + #include + + + + + Log connection creation + + + #include + + + + + Log connection updates + + + #include + + + + + + + Log connection tracking events include flow-based timestamp + + + + + + Internal message queue size + + u32:100-999999 + Queue size + + + + + Queue size must be between 100 and 999999 + + + + + Set log-level. Log must be enable. + + info debug + + + info + Info log level + + + debug + Debug log level + + + (info|debug) + + + + + + + + Connection tracking modules + + + + + FTP connection tracking + + + + + + H.323 connection tracking + + + + + + NFS connection tracking + + + + + + PPTP connection tracking + + + + + + RTSP connection tracking + + + + + + SIP connection tracking + + + + + + SQLnet connection tracking + + + + + + TFTP connection tracking + + + + + + + + Size of connection tracking table + + u32:1-50000000 + Number of entries allowed in connection tracking table + + + + + + 262144 + + + + TCP options + + + + + Maximum number of TCP half-open connections + + u32:1-2147483647 + Generic connection timeout in seconds + + + + + + 512 + + + + Policy to track previously established connections + + enable disable + + + enable + Allow tracking of previously established connections + + + disable + Do not allow tracking of previously established connections + + + (enable|disable) + + + enable + + + + Maximum number of packets that can be retransmitted without received an ACK + + u32:1-255 + Number of packets to be retransmitted + + + + + + 3 + + + + + + Connection timeout options + + + + + Define custom timeouts per connection + + + + + IPv4 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack rule + + + + + Timeout rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + + + + + Interface to apply custom connection timers on + + any + + + + + + + Customize protocol specific timers, one protocol configuration per rule + + + #include + + + + + Source parameters + + + #include + #include + + + + + + + + + IPv6 rules + + + + + Rule number + + u32:1-999999 + Number of conntrack rule + + + + + Timeout rule number must be between 1 and 999999 + + + #include + + + Destination parameters + + + #include + #include + + + + + Interface to apply custom connection timers on + + any + + + + + + + Customize protocol specific timers, one protocol configuration per rule + + + #include + + + + + Source parameters + + + #include + #include + + + + + + + + + + + + + + + diff --git a/interface-definitions/system_console.xml.in b/interface-definitions/system_console.xml.in new file mode 100644 index 0000000..5acd3e9 --- /dev/null +++ b/interface-definitions/system_console.xml.in @@ -0,0 +1,91 @@ + + + + + + + Serial console configuration + 100 + + + + + Serial console device name + + + + + + ttySN + TTY device name, regular serial port + + + usbNbXpY + TTY device name, USB based + + + hvcN + Xen console + + + (ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*) + + + + + + Console baud rate + + 1200 2400 4800 9600 19200 38400 57600 115200 + + + 1200 + 1200 bps + + + 2400 + 2400 bps + + + 4800 + 4800 bps + + + 9600 + 9600 bps + + + 19200 + 19200 bps + + + 38400 + 38400 bps + + + 57600 + 57600 bps + + + 115200 + 115200 bps + + + (1200|2400|4800|9600|19200|38400|57600|115200) + + + 115200 + + + + + + Enable screen blank powersaving on VGA console + + + + + + + + diff --git a/interface-definitions/system_domain-name.xml.in b/interface-definitions/system_domain-name.xml.in new file mode 100644 index 0000000..695af29 --- /dev/null +++ b/interface-definitions/system_domain-name.xml.in @@ -0,0 +1,16 @@ + + + + + + + System domain name + 6 + + + + + + + + diff --git a/interface-definitions/system_domain-search.xml.in b/interface-definitions/system_domain-search.xml.in new file mode 100644 index 0000000..eb6c8a8 --- /dev/null +++ b/interface-definitions/system_domain-search.xml.in @@ -0,0 +1,18 @@ + + + + + + + Domain Name Server (DNS) domain completion order + 400 + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and period. + + + + + + diff --git a/interface-definitions/system_flow-accounting.xml.in b/interface-definitions/system_flow-accounting.xml.in new file mode 100644 index 0000000..83a2480 --- /dev/null +++ b/interface-definitions/system_flow-accounting.xml.in @@ -0,0 +1,437 @@ + + + + + + + + Flow accounting settings + 990 + + + + + Buffer size + + u32 + Buffer size in MiB + + + + + + 10 + + + + Specifies the maximum number of bytes to capture for each packet + + u32:128-750 + Packet length in bytes + + + + + + 128 + + + + Enable egress flow accounting + + + + + + Disable in memory table plugin + + + + + + Syslog facility for flow-accounting + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + Routing protocols (local7) + + + security + Authentication and authorization + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + all + Authentication and authorization + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + + + #include + + + NetFlow settings + + + + + NetFlow engine-id + + 0-255 or 0-255:0-255 + NetFlow engine-id for v5 + + + u32 + NetFlow engine-id for v9 / IPFIX + + + (\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]) + + + + + + NetFlow maximum flows + + u32 + NetFlow maximum flows + + + + + + + + + NetFlow sampling-rate + + u32 + Sampling rate (1 in N packets) + + + + + + + #include + + + NetFlow version to export + + 5 9 10 + + + 5 + NetFlow version 5 + + + 9 + NetFlow version 9 + + + 10 + Internet Protocol Flow Information Export (IPFIX) + + + 9 + + + + NetFlow destination server + + ipv4 + IPv4 server to export NetFlow + + + ipv6 + IPv6 server to export NetFlow + + + + + + + + + NetFlow port number + + u32:1025-65535 + NetFlow port number + + + + + + 2055 + + + + + + NetFlow timeout values + + + + + Expiry scan interval + + u32:0-2147483647 + Expiry scan interval + + + + + + 60 + + + + Generic flow timeout value + + u32:0-2147483647 + Generic flow timeout in seconds + + + + + + 3600 + + + + ICMP timeout value + + u32:0-2147483647 + ICMP timeout in seconds + + + + + + 300 + + + + Max active timeout value + + u32:0-2147483647 + Max active timeout in seconds + + + + + + 604800 + + + + TCP finish timeout value + + u32:0-2147483647 + TCP FIN timeout in seconds + + + + + + 300 + + + + TCP generic timeout value + + u32:0-2147483647 + TCP generic timeout in seconds + + + + + + 3600 + + + + TCP reset timeout value + + u32:0-2147483647 + TCP RST timeout in seconds + + + + + + 120 + + + + UDP timeout value + + u32:0-2147483647 + UDP timeout in seconds + + + + + + 300 + + + + + + + + sFlow settings + + + + + sFlow agent IPv4 address + + auto + + + + ipv4 + sFlow IPv4 agent address + + + + + + + + + sFlow sampling-rate + + u32 + Sampling rate (1 in N packets) + + + + + + + + + sFlow destination server + + ipv4 + IPv4 server to export sFlow + + + ipv6 + IPv6 server to export sFlow + + + + + + + + + sFlow port number + + u32:1025-65535 + sFlow port number + + + + + + 6343 + + + + #include + + + #include + + + + + diff --git a/interface-definitions/system_frr.xml.in b/interface-definitions/system_frr.xml.in new file mode 100644 index 0000000..28242df --- /dev/null +++ b/interface-definitions/system_frr.xml.in @@ -0,0 +1,91 @@ + + + + + + + Configure FRRouting parameters + + 150 + + + + + Enable BGP Monitoring Protocol support + + + + + + Number of open file descriptors a process is allowed to use + + u32:1024-8192 + Number of file descriptors + + + + + Port number must be in range 1024 to 8192 + + 1024 + + + + Enable ICMP Router Discovery Protocol support + + + + + + Enable SNMP integration for next daemons + + + + + BGP + + + + + + IS-IS + + + + + + LDP + + + + + + OSPFv3 + + + + + + OSPFv2 + + + + + + RIP + + + + + + Zebra (IP routing manager) + + + + + + + + + + diff --git a/interface-definitions/system_host-name.xml.in b/interface-definitions/system_host-name.xml.in new file mode 100644 index 0000000..f74baab --- /dev/null +++ b/interface-definitions/system_host-name.xml.in @@ -0,0 +1,17 @@ + + + + + + + + System host name (default: vyos) + 5 + + #include + + + + + + diff --git a/interface-definitions/system_ip.xml.in b/interface-definitions/system_ip.xml.in new file mode 100644 index 0000000..b4b5092 --- /dev/null +++ b/interface-definitions/system_ip.xml.in @@ -0,0 +1,109 @@ + + + + + + + IPv4 Settings + + 290 + + + + + Parameters for ARP cache + + + #include + + + + + Disable IPv4 forwarding on all interfaces + + + + + + IPv4 multipath settings + + + + + Ignore next hops that are not in the ARP table + + + + + + Use layer 4 information for ECMP hashing + + + + + + #include + + + IPv4 TCP parameters + + + + + IPv4 TCP MSS probing options + + + + + Attempt to lower the MSS if TCP connections fail to establish + + on-icmp-black-hole force + + + on-icmp-black-hole + Attempt TCP MSS probing when an ICMP black hole is detected + + + force + Attempt TCP MSS probing by default + + + (on-icmp-black-hole|force) + + Must be on-icmp-black-hole or force + + + + + Base MSS to start probing from (applicable to "probing force") + + u32:48-1460 + Base MSS value for probing (default: 1024) + + + + + + + + + Minimum MSS to stop probing at (default: 48) + + u32:48-1460 + Minimum MSS value to probe + + + + + + + + + + + #include + + + + + diff --git a/interface-definitions/system_ipv6.xml.in b/interface-definitions/system_ipv6.xml.in new file mode 100644 index 0000000..dda00af --- /dev/null +++ b/interface-definitions/system_ipv6.xml.in @@ -0,0 +1,51 @@ + + + + + + + IPv6 Settings + + 290 + + + + + Disable IPv6 forwarding on all interfaces + + + + + + IPv6 multipath settings + + + + + Use layer 4 information for ECMP hashing + + + + + + + + Parameters for neighbor discovery cache + + + #include + + + #include + #include + + + Disable IPv6 operation on interface when DAD fails on LL addr + + + + + + + + diff --git a/interface-definitions/system_lcd.xml.in b/interface-definitions/system_lcd.xml.in new file mode 100644 index 0000000..0cf4de3 --- /dev/null +++ b/interface-definitions/system_lcd.xml.in @@ -0,0 +1,70 @@ + + + + + + + System LCD display + 100 + + + + + Model of the display attached to this system + + cfa-533 cfa-631 cfa-633 cfa-635 hd44780 sdec + + + cfa-533 + Crystalfontz CFA-533 + + + cfa-631 + Crystalfontz CFA-631 + + + cfa-633 + Crystalfontz CFA-633 + + + cfa-635 + Crystalfontz CFA-635 + + + hd44780 + Hitachi HD44780, Caswell Appliances + + + sdec + Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances + + + (cfa-533|cfa-631|cfa-633|cfa-635|hd44780|sdec) + + + + + + Physical device used by LCD display + + + + + + ttySXX + TTY device name, regular serial port + + + usbNbXpY + TTY device name, USB based + + + (ttyS[0-9]+|usb[0-9]+b.*) + + + + + + + + diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in new file mode 100644 index 0000000..f6c8021 --- /dev/null +++ b/interface-definitions/system_login.xml.in @@ -0,0 +1,294 @@ + + + + + + + System User Login Configuration + 400 + + + + + Local user account information + + #include + + Username contains illegal characters or\nexceeds 100 character limitation. + + + + + Authentication settings + + + + + Encrypted password + + (\*|\!) + [a-zA-Z0-9\.\/]{13} + \$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22} + \$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43} + \$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86} + + Invalid encrypted password for $VAR(../../@). + + ! + + + + One-Time-Pad (two-factor) authentication parameters + + + + + Limit number of logins (rate-limit) per rate-time + + u32:1-10 + Number of attempts + + + + + Number of login attempts must me between 1 and 10 + + 3 + + + + Limit number of logins (rate-limit) per rate-time + + u32:15-600 + Time interval + + + + + Rate limit time interval must be between 15 and 600 seconds + + 30 + + + + Set window of concurrently valid codes + + u32:1-21 + Window size + + + + + Window of concurrently valid codes must be between 1 and 21 + + 3 + + + + Key/secret the token algorithm (see RFC4226) + + txt + Base32 encoded key/token + + + [a-zA-Z2-7]{26,10000} + + Key must only include base32 characters and be at least 26 characters long + + + + + + + Plaintext password used for encryption + + + + + Remote access public keys + + txt + Key identifier used by ssh-keygen (usually of form user@host) + + + + + + Public key value (Base64 encoded) + + + + + + + + Optional public key options + + + + + SSH public key type + + ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com + + + ssh-dss + Digital Signature Algorithm (DSA) key support + + + ssh-rsa + Key pair based on RSA algorithm + + + ecdsa-sha2-nistp256 + Elliptic Curve DSA with NIST P-256 curve + + + ecdsa-sha2-nistp384 + Elliptic Curve DSA with NIST P-384 curve + + + ecdsa-sha2-nistp521 + Elliptic Curve DSA with NIST P-521 curve + + + ssh-ed25519 + Edwards-curve DSA with elliptic curve 25519 + + + sk-ecdsa-sha2-nistp256@openssh.com + Elliptic Curve DSA security key + + + sk-ssh-ed25519@openssh.com + Elliptic curve 25519 security key + + + (ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com) + + + + + + + + #include + + + Full name of the user (use quotes for names with spaces) + + [^:]* + + Cannot use ':' in full name + + + + + Home directory + + txt + Path to home directory + + + \/$|(\/[a-zA-Z_0-9-.]+)+ + + + + + + #include + + + + + #include + #include + + 255 + + + + #include + + + + + TACACS+ based user authentication + + + + + TACACS+ server configuration + + ipv4 + TACACS+ server IPv4 address + + + + + + + #include + #include + #include + + 49 + + + + #include + + + Security mode for TACACS+ authentication + + mandatory optional + + + mandatory + Deny access immediately if TACACS+ answers with REJECT + + + optional + Pass to the next authentication method if TACACS+ answers with REJECT + + + (mandatory|optional) + + + optional + + #include + #include + + + + + Maximum number of all login sessions + + u32:1-65536 + Maximum number of all login sessions + + + + + Maximum logins must be between 1 and 65536 + + + + + Session timeout + + u32:5-604800 + Session timeout in seconds + + + + + Timeout must be between 5 and 604800 seconds + + + + + + + diff --git a/interface-definitions/system_login_banner.xml.in b/interface-definitions/system_login_banner.xml.in new file mode 100644 index 0000000..c90e38c --- /dev/null +++ b/interface-definitions/system_login_banner.xml.in @@ -0,0 +1,33 @@ + + + + + + + System User Login Configuration + 400 + + + + + System login banners + 410 + + + + + A system banner after the user logs in + + + + + A system banner before the user logs in + + + + + + + + + diff --git a/interface-definitions/system_logs.xml.in b/interface-definitions/system_logs.xml.in new file mode 100644 index 0000000..b34cbdc --- /dev/null +++ b/interface-definitions/system_logs.xml.in @@ -0,0 +1,92 @@ + + + + + + + Logging options + 9999 + + + + + Logrotate options + + + + + Atop logs options (system resources usage) + + + + + Size of a single log file that triggers rotation + + u32:1-1024 + Size in MB + + + + + The size must be between 1 and 1024 MB + + 10 + + + + Count of rotations before old logs will be deleted + + u32:1-100 + Rotations + + + + + The count must be between 1 and 100 + + 10 + + + + + + The /var/log/messages file rotation + + + + + Size of a single log file that triggers rotation + + u32:1-1024 + Size in MB + + + + + The size must be between 1 and 1024 MB + + 1 + + + + Count of rotations before old logs will be deleted + + u32:1-100 + Rotations + + + + + The count must be between 1 and 100 + + 10 + + + + + + + + + + diff --git a/interface-definitions/system_name-server.xml.in b/interface-definitions/system_name-server.xml.in new file mode 100644 index 0000000..2f750ab --- /dev/null +++ b/interface-definitions/system_name-server.xml.in @@ -0,0 +1,33 @@ + + + + + + + System Domain Name Servers (DNS) + 400 + + + + + ipv4 + Domain Name Server IPv4 address + + + ipv6 + Domain Name Server IPv6 address + + + txt + Use Domain Name Server from DHCP interface + + + + + #include + + + + + + diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in new file mode 100644 index 0000000..dc9958f --- /dev/null +++ b/interface-definitions/system_option.xml.in @@ -0,0 +1,229 @@ + + + + + + + System Options + 9999 + + + + + System action on Ctrl-Alt-Delete keystroke + + ignore reboot poweroff + + + ignore + Ignore key sequence + + + reboot + Reboot system + + + poweroff + Poweroff system + + + (ignore|reboot|poweroff) + + Must be ignore, reboot, or poweroff + + + + + Kernel boot parameters + + + + + Disable all optional CPU mitigations + + + + + + Disable CPU power saving mechanisms also known as C states + + + + + + Enables and configures pstate driver for AMD Ryzen and Epyc CPUs + + active passive guided + + + active + The firmware controls performance states and the system governor has no effect + + + passive + Allow the system governor to manage performance states + + + guided + The firmware controls performance states guided by the system governor + + + + + + Dynamic debugging for kernel module + + + + + Dynamic debugging for Wireguard module + + + + + + + + + + System keyboard layout, type ISO2 + + us uk fr de es fi jp106 no dk se-latin1 dvorak + + + us + United States + + + uk + United Kingdom + + + fr + France + + + de + Germany + + + es + Spain + + + fi + Finland + + + jp106 + Japan + + + no + Norway + + + dk + Denmark + + + se-latin1 + Sweden + + + dvorak + Dvorak + + + (us|uk|fr|de|es|fi|jp106|no|dk|se-latin1|dvorak) + + Invalid keyboard layout + + us + + + + Tune system performance + + throughput latency + + + throughput + Tune for maximum network throughput + + + latency + Tune for low network latency + + + (throughput|latency) + + + + + + Global options used for HTTP client + + + #include + #include + + + + + Reboot system on kernel panic + + + + + + Global options used for SSH client + + + #include + #include + + + + + plays sound via system speaker when you can login + + + + + + Enable root partition auto-extention on system boot + + + + + + System time-format + + 12-hour 24-hour + + + 12-hour + 12 hour time format + + + 24-hour + 24 hour time format + + + (12-hour|24-hour) + + + 12-hour + + + + Disable autosuspend for all USB devices + + + + + + + + diff --git a/interface-definitions/system_proxy.xml.in b/interface-definitions/system_proxy.xml.in new file mode 100644 index 0000000..5b0df5c --- /dev/null +++ b/interface-definitions/system_proxy.xml.in @@ -0,0 +1,26 @@ + + + + + + + Sets a proxy for system wide use + 100 + + + + + Proxy URL + + http(s)?:\/\/[a-z0-9-\.]+ + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/system_sflow.xml.in b/interface-definitions/system_sflow.xml.in new file mode 100644 index 0000000..aaf4033 --- /dev/null +++ b/interface-definitions/system_sflow.xml.in @@ -0,0 +1,114 @@ + + + + + + + + sFlow settings + 990 + + + + + sFlow agent IPv4 or IPv6 address + + auto + + + + ipv4 + sFlow IPv4 agent address + + + ipv6 + sFlow IPv6 agent address + + + + + + + + + + IP address associated with this interface + + + + + txt + Interface name + + + #include + + + + + + Export headers of dropped by kernel packets + + u32:1-65535 + Maximum rate limit of N drops per second send out in the sFlow datagrams + + + + + + + #include + + + Schedule counter-polling in seconds + + u32:1-600 + Polling rate in seconds + + + + + + 30 + + + + sFlow sampling-rate + + u32:1-65535 + Sampling rate (1 in N packets) + + + + + + 1000 + + + + sFlow destination server + + ipv4 + IPv4 server to export sFlow + + + ipv6 + IPv6 server to export sFlow + + + + + + + #include + + 6343 + + + + #include + + + + + diff --git a/interface-definitions/system_static-host-mapping.xml.in b/interface-definitions/system_static-host-mapping.xml.in new file mode 100644 index 0000000..492741f --- /dev/null +++ b/interface-definitions/system_static-host-mapping.xml.in @@ -0,0 +1,53 @@ + + + + + + + Map host names to addresses + 400 + + + + + Host name for static address mapping + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + Alias for this address + + .{1,63} + + invalid alias hostname, needs to be between 1 and 63 charactes + + + + + + IP Address + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + + + + + + + + + + + + diff --git a/interface-definitions/system_sysctl.xml.in b/interface-definitions/system_sysctl.xml.in new file mode 100644 index 0000000..bf118c2 --- /dev/null +++ b/interface-definitions/system_sysctl.xml.in @@ -0,0 +1,40 @@ + + + + + System parameters + + + + + Configure kernel parameters at runtime + 318 + + + + + Sysctl key name + + + + + txt + Sysctl key name + + + + + + + + + Sysctl configuration value + + + + + + + + + diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in new file mode 100644 index 0000000..0a9a005 --- /dev/null +++ b/interface-definitions/system_syslog.xml.in @@ -0,0 +1,161 @@ + + + + + + + System logging + 400 + + + + + Logging to specific terminal of given user + + system login user + + + txt + Local user account + + + #include + + illegal characters in user + + + #include + + + + + Logging to remote host + + + + + Invalid host (FQDN or IP address) + + ipv4 + Remote syslog server IPv4 address + + + ipv6 + Remote syslog server IPv6 address + + + hostname + Remote syslog server FQDN + + + + #include + + 514 + + #include + #include + + + Logging format + + + + + Allows for the transmission of all characters inside a syslog message + + + + + + Include system timezone in syslog message + + + + + + + + + + Logging to system standard location + + + #include + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds + + + + + 1200 + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + [a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files + + [0-9]+ + + illegal characters in number of files + + 5 + + + + Size of log files in kbytes + + [0-9]+ + + illegal characters in size + + 256 + + + + #include + + + + + logging to serial console + + + #include + + + #include + + + + + diff --git a/interface-definitions/system_task-scheduler.xml.in b/interface-definitions/system_task-scheduler.xml.in new file mode 100644 index 0000000..597d588 --- /dev/null +++ b/interface-definitions/system_task-scheduler.xml.in @@ -0,0 +1,72 @@ + + + + + + + Task scheduler settings + + + + + Scheduled task + + txt + Task name + + 999 + + + + + UNIX crontab time specification string + + + + + Execution interval + + <minutes> + Execution interval in minutes + + + <minutes>m + Execution interval in minutes + + + <hours>h + Execution interval in hours + + + <days>d + Execution interval in days + + + [1-9]([0-9]*)([mhd]{0,1}) + + + + + + Executable path and arguments + + + + + Path to executable + + + + + Arguments passed to the executable + + + + + + + + + + + diff --git a/interface-definitions/system_time-zone.xml.in b/interface-definitions/system_time-zone.xml.in new file mode 100644 index 0000000..65cce9e --- /dev/null +++ b/interface-definitions/system_time-zone.xml.in @@ -0,0 +1,19 @@ + + + + + + + Local time zone (default UTC) + 100 + + + + + + + + + + + diff --git a/interface-definitions/system_update-check.xml.in b/interface-definitions/system_update-check.xml.in new file mode 100644 index 0000000..14570b0 --- /dev/null +++ b/interface-definitions/system_update-check.xml.in @@ -0,0 +1,22 @@ + + + + + + + Check available update images + 9999 + + + + + Enable auto check for new images + + + + #include + + + + + diff --git a/interface-definitions/system_wireless.xml.in b/interface-definitions/system_wireless.xml.in new file mode 100644 index 0000000..834f8b6 --- /dev/null +++ b/interface-definitions/system_wireless.xml.in @@ -0,0 +1,36 @@ + + + + + + + Wireless (IEEE-802.11) subsystem settings + + 317 + + + + + Indicate country in which device is operating + + 00 ad ae af ai al am an ar as at au aw az ba bb bd be bf bg bh bl bm bn bo br bs bt by bz ca cf ch ci cl cn co cr cu cx cy cz de dk dm do dz ec ee eg es et fi fm fr gb gd ge gf gh gl gp gr gt gu gy hk hn hr ht hu id ie il in ir is it jm jo jp ke kh kn kp kr kw ky kz lb lc li lk ls lt lu lv ma mc md me mf mh mk mn mo mp mq mr mt mu mv mw mx my ng ni nl no np nz om pa pe pf pg ph pk pl pm pr pt pw py qa re ro rs ru rw sa se sg si sk sn sr sv sy tc td tg th tn tr tt tw tz ua ug us uy uz vc ve vi vn vu wf ws ye yt za zw + + + 00 + World regulatory domain + + + txt + ISO/IEC 3166-1 Country Code + + + (00|ad|ae|af|ai|al|am|an|ar|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bl|bm|bn|bo|br|bs|bt|by|bz|ca|cf|ch|ci|cl|cn|co|cr|cu|cx|cy|cz|de|dk|dm|do|dz|ec|ee|eg|es|et|fi|fm|fr|gb|gd|ge|gf|gh|gl|gp|gr|gt|gu|gy|hk|hn|hr|ht|hu|id|ie|il|in|ir|is|it|jm|jo|jp|ke|kh|kn|kp|kr|kw|ky|kz|lb|lc|li|lk|ls|lt|lu|lv|ma|mc|md|me|mf|mh|mk|mn|mo|mp|mq|mr|mt|mu|mv|mw|mx|my|ng|ni|nl|no|np|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pr|pt|pw|py|qa|re|ro|rs|ru|rw|sa|se|sg|si|sk|sn|sr|sv|sy|tc|td|tg|th|tn|tr|tt|tw|tz|ua|ug|us|uy|uz|vc|ve|vi|vn|vu|wf|ws|ye|yt|za|zw) + + Invalid ISO/IEC 3166-1 Country Code + + + + + + + diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in new file mode 100644 index 0000000..d9d6fd9 --- /dev/null +++ b/interface-definitions/vpn_ipsec.xml.in @@ -0,0 +1,1256 @@ + + + + + Virtual Private Network (VPN) + + + + + VPN IP security (IPsec) parameters + 901 + + + + + Authentication + + + + + Pre-shared key name + + + #include + + + ID for authentication + + txt + ID used for authentication + + + + + + + IKE pre-shared secret key + + txt + IKE pre-shared secret key + + + + + + + + + + Disable requirement for unique IDs in the Security Database + + + + + + Encapsulating Security Payload (ESP) group name + + + + + Enable ESP compression + + + + + + Security Association time to expire + + u32:30-86400 + SA lifetime in seconds + + + + + + 3600 + + + + Security Association byte count to expire + + u32:1024-26843545600000 + SA life in bytes + + + + + + + + + Security Association packet count to expire + + u32:1000-26843545600000 + SA life in packets + + + + + + + + + Do not locally initiate a re-key of the SA, remote peer must re-key before expiration + + + + + + ESP mode + + tunnel transport + + + tunnel + Tunnel mode + + + transport + Transport mode + + + (tunnel|transport) + + + tunnel + + + + ESP Perfect Forward Secrecy + + enable dh-group1 dh-group2 dh-group5 dh-group14 dh-group15 dh-group16 dh-group17 dh-group18 dh-group19 dh-group20 dh-group21 dh-group22 dh-group23 dh-group24 dh-group25 dh-group26 dh-group27 dh-group28 dh-group29 dh-group30 dh-group31 dh-group32 disable + + + enable + Inherit Diffie-Hellman group from the IKE group + + + dh-group1 + Use Diffie-Hellman group 1 (modp768) + + + dh-group2 + Use Diffie-Hellman group 2 (modp1024) + + + dh-group5 + Use Diffie-Hellman group 5 (modp1536) + + + dh-group14 + Use Diffie-Hellman group 14 (modp2048) + + + dh-group15 + Use Diffie-Hellman group 15 (modp3072) + + + dh-group16 + Use Diffie-Hellman group 16 (modp4096) + + + dh-group17 + Use Diffie-Hellman group 17 (modp6144) + + + dh-group18 + Use Diffie-Hellman group 18 (modp8192) + + + dh-group19 + Use Diffie-Hellman group 19 (ecp256) + + + dh-group20 + Use Diffie-Hellman group 20 (ecp384) + + + dh-group21 + Use Diffie-Hellman group 21 (ecp521) + + + dh-group22 + Use Diffie-Hellman group 22 (modp1024s160) + + + dh-group23 + Use Diffie-Hellman group 23 (modp2048s224) + + + dh-group24 + Use Diffie-Hellman group 24 (modp2048s256) + + + dh-group25 + Use Diffie-Hellman group 25 (ecp192) + + + dh-group26 + Use Diffie-Hellman group 26 (ecp224) + + + dh-group27 + Use Diffie-Hellman group 27 (ecp224bp) + + + dh-group28 + Use Diffie-Hellman group 28 (ecp256bp) + + + dh-group29 + Use Diffie-Hellman group 29 (ecp384bp) + + + dh-group30 + Use Diffie-Hellman group 30 (ecp512bp) + + + dh-group31 + Use Diffie-Hellman group 31 (curve25519) + + + dh-group32 + Use Diffie-Hellman group 32 (curve448) + + + disable + Disable PFS + + + (enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable) + + + enable + + + + ESP group proposal + + u32:1-65535 + ESP group proposal number + + + + #include + #include + + + + + + + Internet Key Exchange (IKE) group name + + + + + Action to take if a child SA is unexpectedly closed + + none trap start + + + none + Do nothing + + + trap + Attempt to re-negotiate when matching traffic is seen + + + start + Attempt to re-negotiate the connection immediately + + + (none|trap|start) + + + none + + + + Dead Peer Detection (DPD) + + + + + Keep-alive failure action + + trap clear restart + + + trap + Attempt to re-negotiate the connection when matching traffic is seen + + + clear + Remove the connection immediately + + + restart + Attempt to re-negotiate the connection immediately + + + (trap|clear|restart) + + + clear + + + + Keep-alive interval + + u32:2-86400 + Keep-alive interval in seconds + + + + + + 30 + + + + Dead Peer Detection keep-alive timeout (IKEv1 only) + + u32:2-86400 + Keep-alive timeout in seconds + + + + + + 120 + + + + + + Re-authentication of the remote peer during an IKE re-key (IKEv2 only) + + + + + + IKE version + + ikev1 ikev2 + + + ikev1 + Use IKEv1 for key exchange + + + ikev2 + Use IKEv2 for key exchange + + + (ikev1|ikev2) + + + + + + IKE lifetime + + u32:0-86400 + IKE lifetime in seconds + + + + + + 28800 + + + + Disable MOBIKE Support (IKEv2 only) + + + + + + IKEv1 phase 1 mode + + main aggressive + + + main + Use the main mode (recommended) + + + aggressive + Use the aggressive mode (insecure, not recommended) + + + (main|aggressive) + + + main + + + + IKE proposal + + u32:1-65535 + IKE group proposal + + + + + + dh-grouphelp + + 1 2 5 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 + + + 1 + Diffie-Hellman group 1 (modp768) + + + 2 + Diffie-Hellman group 2 (modp1024) + + + 5 + Diffie-Hellman group 5 (modp1536) + + + 14 + Diffie-Hellman group 14 (modp2048) + + + 15 + Diffie-Hellman group 15 (modp3072) + + + 16 + Diffie-Hellman group 16 (modp4096) + + + 17 + Diffie-Hellman group 17 (modp6144) + + + 18 + Diffie-Hellman group 18 (modp8192) + + + 19 + Diffie-Hellman group 19 (ecp256) + + + 20 + Diffie-Hellman group 20 (ecp384) + + + 21 + Diffie-Hellman group 21 (ecp521) + + + 22 + Diffie-Hellman group 22 (modp1024s160) + + + 23 + Diffie-Hellman group 23 (modp2048s224) + + + 24 + Diffie-Hellman group 24 (modp2048s256) + + + 25 + Diffie-Hellman group 25 (ecp192) + + + 26 + Diffie-Hellman group 26 (ecp224) + + + 27 + Diffie-Hellman group 27 (ecp224bp) + + + 28 + Diffie-Hellman group 28 (ecp256bp) + + + 29 + Diffie-Hellman group 29 (ecp384bp) + + + 30 + Diffie-Hellman group 30 (ecp512bp) + + + 31 + Diffie-Hellman group 31 (curve25519) + + + 32 + Diffie-Hellman group 32 (curve448) + + + (1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32) + + + 2 + + + + Pseudo-Random Functions + + prfmd5 prfsha1 prfaesxcbc prfaescmac prfsha256 prfsha384 prfsha512 + + + prfmd5 + MD5 PRF + + + prfsha1 + SHA1 PRF + + + prfaesxcbc + AES XCBC PRF + + + prfaescmac + AES CMAC PRF + + + prfsha256 + SHA2_256 PRF + + + prfsha384 + SHA2_384 PRF + + + prfsha512 + SHA2_512 PRF + + + (prfmd5|prfsha1|prfaesxcbc|prfaescmac|prfsha256|prfsha384|prfsha512) + + + + #include + #include + + + + + #include + + + IPsec logging + + + + + Global IPsec logging Level + + 0 + Very basic auditing logs (e.g., SA up/SA down) + + + 1 + Generic control flow with errors, a good default to see whats going on + + + 2 + More detailed debugging control flow + + + + + + 0 + + + + Subsystem logging levels + + dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any + + + dmn + Main daemon setup/cleanup/signal handling + + + mgr + IKE_SA manager, handling synchronization for IKE_SA access + + + ike + IKE_SA/ISAKMP SA + + + chd + CHILD_SA/IPsec SA + + + job + Jobs queuing/processing and thread pool management + + + cfg + Configuration management and plugins + + + knl + IPsec/Networking kernel interface + + + net + IKE network communication + + + asn + Low-level encoding/decoding (ASN.1, X.509 etc.) + + + enc + Packet encoding/decoding encryption/decryption operations + + + lib + libstrongswan library messages + + + esp + libipsec library messages + + + tls + libtls library messages + + + tnc + Trusted Network Connect + + + imc + Integrity Measurement Collector + + + imv + Integrity Measurement Verifier + + + pts + Platform Trust Service + + + any + Any subsystem + + + (dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any) + + + + + + + + + Global IPsec settings + + + + + Do not automatically install routes to remote networks + + + + + + Allow FlexVPN vendor ID payload (IKEv2 only) + + + + #include + + + Allow install virtual-ip addresses + + + + + + + + VPN IPsec profile + + txt + Profile name + + + [a-zA-Z][0-9a-zA-Z_-]+ + + Profile name must be alphanumeric and can contain hyphen(s) and underscore(s) + + + #include + + + Authentication + + + + + Authentication mode + + pre-shared-secret + + + pre-shared-secret + Use a pre-shared secret key + + + + #include + + + + + DMVPN tunnel configuration + + + + + Tunnel interface associated with this profile + + interfaces tunnel + + + txt + Associated interface to this profile + + + + + + + #include + #include + + + + + IKEv2 remote access VPN + + + + + IKEv2 VPN connection name + + txt + Connection name + + + [a-zA-Z][0-9a-zA-Z_-]+ + + Profile name must be alphanumeric and can contain hyphen(s) and underscore(s) + + + + + Authentication for remote access + + + #include + #include + + + Remote EAP ID for client authentication + + txt + Remote EAP ID for client authentication + + + any + + + any + Allow any EAP ID + + + [[:ascii:]]{1,64} + + + any + + + + Client authentication mode + + x509 eap-tls eap-mschapv2 eap-radius + + + x509 + Use IPsec x.509 certificate authentication + + + eap-tls + Use EAP-TLS authentication + + + eap-mschapv2 + Use EAP-MSCHAPv2 authentication + + + eap-radius + Use EAP-RADIUS authentication + + + (x509|eap-tls|eap-mschapv2|eap-radius) + + + eap-mschapv2 + + #include + + + Server authentication mode + + pre-shared-secret x509 + + + pre-shared-secret + Use a pre-shared secret key + + + x509 + Use x.509 certificate + + + (pre-shared-secret|x509) + + + x509 + + #include + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + Timeout to close connection if no data is transmitted + + u32:0 + Disable inactivity checks + + + u32:1-86400 + Timeout in seconds + + + + + + 28800 + + + + IP address pool + + vpn ipsec remote-access pool + dhcp radius + + + txt + Predefined IP pool name + + + dhcp + Forward requests for virtual IP addresses to a DHCP server + + + radius + Forward requests for virtual IP addresses to a RADIUS server + + + + + + + Connection uniqueness enforcement policy + + never keep replace + + + never + Never enforce connection uniqueness + + + keep + Reject new connection attempts if the same user already has an active connection + + + replace + Delete any existing connection if a new one for the same user gets established + + + (never|keep|replace) + + + + + + + + DHCP pool options for remote access + + + #include + + + DHCP server address + + ipv4 + DHCP server IPv4 address + + + + + + + + + + + IP address pool for remote access users + + + + + Local IPv4 or IPv6 pool prefix exclusions + + ipv4net + Local IPv4 pool prefix exclusion + + + ipv6net + Local IPv6 pool prefix exclusion + + + + + + + + + + + Local IPv4 or IPv6 pool prefix + + ipv4net + Local IPv4 pool prefix + + + ipv6net + Local IPv6 pool prefix + + + + + + + + + + Local IPv4 or IPv6 pool range + + + + + First IP address for local pool range + + ipv4 + IPv4 start address of pool + + + ipv6 + IPv6 start address of pool + + + + + + + + + Last IP address for local pool range + + ipv4 + IPv4 end address of pool + + + ipv6 + IPv6 end address of pool + + + + + + + + + #include + + + #include + + + #include + #include + + + #include + + + + + + + + + Site-to-site VPN + + + + + Connection name of the peer + + txt + Connection name of the peer + + + [-_a-zA-Z0-9|@]+ + + Peer connection name must be alphanumeric and can contain hyphen and underscores + + + #include + + + Peer authentication + + + #include + #include + #include + + + Authentication mode + + pre-shared-secret rsa x509 + + + pre-shared-secret + Use pre-shared secret key + + + rsa + Use RSA key + + + x509 + Use x.509 certificate + + + (pre-shared-secret|rsa|x509) + + + + + + ID for remote authentication + + txt + ID used for peer authentication + + + %any + + + + Use certificate common name as ID + + + + + + + + Connection type + + initiate respond none + + + initiate + Bring the connection up immediately + + + respond + Wait for the peer to initiate the connection + + + none + Load the connection only + + + (initiate|respond|none) + + + + + + Defult ESP group name + + vpn ipsec esp-group + + + + #include + #include + + + Force UDP encapsulation + + + + #include + + + Re-authentication of the remote peer during an IKE re-key (IKEv2 only) + + yes no inherit + + + yes + Enable remote host re-autentication during an IKE re-key. Currently broken due to a strong swan bug + + + no + Disable remote host re-authenticaton during an IKE re-key. + + + inherit + Inherit the reauth configuration form your IKE-group + + + (yes|no|inherit) + + + + #include + #include + #include + + + Peer tunnel + + u32 + Peer tunnel + + + + #include + #include + #include + #include + + + Priority for IPsec policy (lowest value more preferable) + + u32:1-100 + Priority for IPsec policy (lowest value more preferable) + + + + + + + + + Match remote addresses + + + #include + + + Remote IPv4 or IPv6 prefix + + ipv4net + Remote IPv4 prefix + + + ipv6net + Remote IPv6 prefix + + + + + + + + + + + + + + + Initiator request virtual-address from peer + + ipv4 + Request IPv4 address from peer + + + ipv6 + Request IPv6 address from peer + + + + + + + Virtual tunnel interface + + + #include + #include + + + + + + + + + + + diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in new file mode 100644 index 0000000..c00e825 --- /dev/null +++ b/interface-definitions/vpn_l2tp.xml.in @@ -0,0 +1,150 @@ + + + + + + + L2TP Virtual Private Network (VPN) + 902 + + + + + Remote access L2TP VPN + + + + + Authentication for remote access L2TP VPN + + + #include + #include + #include + #include + #include + + + #include + + + + + + + Internet Protocol Security (IPsec) for remote access L2TP VPN + + + + + IPsec authentication settings + + + + + Authentication mode for IPsec + + pre-shared-secret + Use pre-shared secret for IPsec authentication + + + x509 + Use X.509 certificate for IPsec authentication + + + (pre-shared-secret|x509) + + + pre-shared-secret x509 + + + + #include + #include + + + + + IKE lifetime + + u32:30-86400 + IKE lifetime in seconds + + + + + + 3600 + + + + ESP lifetime + + u32:30-86400 + IKE lifetime in seconds + + + + + + 3600 + + #include + #include + + + + + L2TP Network Server (LNS) + + + + + Tunnel password used to authenticate the client (LAC) + + + + + Sent to the client (LAC) in the Host-Name attribute + + #include + + Host-name must be alphanumeric and can contain hyphens + + + + + + + External IP address to which VPN clients will connect + + + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + 1436 + + #include + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in new file mode 100644 index 0000000..a2f040b --- /dev/null +++ b/interface-definitions/vpn_openconnect.xml.in @@ -0,0 +1,396 @@ + + + + + + + SSL VPN OpenConnect, AnyConnect compatible server + 901 + + + + + Accounting for users OpenConnect VPN Sessions + + + + + Accounting mode used by this server + + + + + Use RADIUS server for accounting + + + + + + #include + + + + + Authentication for remote access SSL VPN Server + + + + + Authentication mode used by this server + + + + + Use local username/password configuration (OTP supported) + + password + Password-only local authentication + + + otp + OTP-only local authentication + + + password-otp + Password (first) + OTP local authentication + + + (password|otp|password-otp) + + Invalid authentication mode. Must be one of: password, otp or password-otp + + otp password password-otp + + + + + + Use RADIUS server for user autentication + + + + + + + + Include configuration file by username or RADIUS group attribute + + + #include + + + Select per user or per group configuration file - ignored if authentication group is configured + + user group + + + user + Match configuration file on username + + + group + Match RADIUS response class attribute as file name + + + (user|group) + + Invalid mode, must be either user or group + + + + + Directory to containing configuration files + + path + Path to configuration directory, must be under /config/auth + + + + + + + + + Default configuration if discrete config could not be found + + filename + Default configuration filename, must be under /config/auth + + + + + + + + + + + Group that a client is allowed to select (from a list). Maps to RADIUS Class attribute. + + txt + Group string. The group may be followed by a user-friendly name in brackets: group1[First Group] + + + + + #include + + + + + + + 2FA OTP authentication parameters + + + + + Token Key Secret key for the token algorithm (see RFC 4226) + + txt + OTP key in hex-encoded format + + + [a-fA-F0-9]{20,10000} + + Key name must only include hex characters and be at least 20 characters long + + + + + Number of digits in OTP code + + u32:6-8 + Number of digits in OTP code + + + + + Number of digits in OTP code must be between 6 and 8 + + 6 + + + + Time tokens interval in seconds + + u32:5-86400 + Time tokens interval in seconds. + + + + + Time token interval must be between 5 and 86400 seconds + + 30 + + + + Token type + + hotp-time + Time-based OTP algorithm + + + hotp-event + Event-based OTP algorithm + + + (hotp-time|hotp-event) + + + hotp-time hotp-event + + + hotp-time + + + + + + + + #include + + + #include + + + If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS. + + + + + + + #include + + 0.0.0.0 + + + + Specify custom ports to use for client connections + + + + + tcp port number to accept connections + + u32:1-65535 + Numeric IP port + + + + + + 443 + + + + udp port number to accept connections + + u32:1-65535 + Numeric IP port + + + + + + 443 + + + + + + Enable HTTP security headers + + + + #include + + 1.2 + + + + SSL Certificate, SSL Key and CA + + + #include + #include + + + + + Network settings + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + ipv6net + IPv6 network and prefix length + + + + + + + + + + Client IP pools settings + + + + + Client IP subnet (CIDR notation) + + ipv4net + IPv4 address and prefix length + + + + + Not a valid CIDR formatted prefix + + + + + + + Pool of client IPv6 addresses + + + + + Pool of addresses used to assign to clients + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length used for individual client + + u32:48-128 + Client prefix length + + + + + + 64 + + + + #include + + + Domains over which the provided DNS should be used + + txt + Client prefix length + + + + + + + + + + If the tunnel-all-dns option is set to yes, tunnel all DNS queries via the VPN. This is the default when a default route is set. + + yes no + + + yes + Enable tunneling of all DNS traffic + + + no + Disable tunneling of all DNS traffic + + + (yes|no) + + + no + + + + + + + + diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in new file mode 100644 index 0000000..8aec0cb --- /dev/null +++ b/interface-definitions/vpn_pptp.xml.in @@ -0,0 +1,66 @@ + + + + + + + Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) + 901 + + + + + Remote access PPTP VPN + + + + + Authentication for remote access PPTP VPN + + + #include + #include + #include + #include + #include + + + #include + + + + + + + External IP address to which VPN clients will connect + + + + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + 1436 + + #include + #include + #include + #include + #include + #include + #include + + + + + + + diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in new file mode 100644 index 0000000..5fd5c95 --- /dev/null +++ b/interface-definitions/vpn_sstp.xml.in @@ -0,0 +1,70 @@ + + + + + + + Secure Socket Tunneling Protocol (SSTP) server + 901 + + + + + Authentication for remote access SSTP Server + + + #include + #include + #include + #include + #include + + + #include + + + + + + + SSL Certificate, SSL Key and CA + + + #include + #include + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + + 443 + + #include + #include + #include + #include + #include + #include + + + Only allow connection to specified host with the same TLS SNI + + #include + + Host-name must be alphanumeric and can contain hyphens + + + #include + + + + + diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in new file mode 100644 index 0000000..a20be99 --- /dev/null +++ b/interface-definitions/vrf.xml.in @@ -0,0 +1,128 @@ + + + + + Virtual Routing and Forwarding + + 11 + + + + + Enable binding services to all VRFs + + + + + + Virtual Routing and Forwarding instance + #include + + txt + VRF instance name + + + + #include + #include + + + IPv4 routing parameters + + + #include + #include + #include + + + + + IPv6 routing parameters + + + #include + #include + #include + + + + + Routing protocol parameters + + + + + Border Gateway Protocol (BGP) + 821 + + + #include + + + + + Enhanced Interior Gateway Routing Protocol (EIGRP) + 821 + + + #include + + + + + Intermediate System to Intermediate System (IS-IS) + 611 + + + #include + + + + + Open Shortest Path First (OSPF) + 621 + + + #include + + + + + Open Shortest Path First (OSPF) for IPv6 + 621 + + + #include + + + + + Static Routing + 481 + + + #include + #include + + + + + + + Routing table associated with this instance + + u32:100-65535 + Routing table ID + + + + + VRF routing table must be in range from 100 to 65535 + + + #include + + + + + diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in new file mode 100644 index 0000000..67d86a1 --- /dev/null +++ b/interface-definitions/xml-component-version.xml.in @@ -0,0 +1,52 @@ + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + -- cgit v1.2.3