diff --git a/interface-definitions/include/interface-disable.xml.i b/interface-definitions/include/interface-disable.xml.i
new file mode 100644
index 000000000..c6c24f867
--- /dev/null
+++ b/interface-definitions/include/interface-disable.xml.i
@@ -0,0 +1,6 @@
+<leafNode name="disable">
+ <properties>
+ <help>Set interface to Administratively down</help>
+ <valueless/>
+ </properties>
+</leafNode>
diff --git a/interface-definitions/include/vif-s.xml.i b/interface-definitions/include/vif-s.xml.i
index ffb9de24a..b73a5cdbc 100644
--- a/interface-definitions/include/vif-s.xml.i
+++ b/interface-definitions/include/vif-s.xml.i
@@ -1,122 +1,112 @@
<tagNode name="vif-s">
<properties>
<help>QinQ TAG-S Virtual Local Area Network (VLAN) ID</help>
<constraint>
<validator name="numeric" argument="--range 0-4094"/>
</constraint>
<constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage>
</properties>
<children>
#include <include/address-ipv4-ipv6-dhcp.xml.i>
#include <include/interface-description.xml.i>
#include <include/dhcp-dhcpv6-options.xml.i>
<leafNode name="disable-link-detect">
<properties>
<help>Ignore link state changes</help>
<valueless/>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable this bridge interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="ethertype">
<properties>
<help>Set Ethertype</help>
<completionHelp>
<list>0x88A8 0x8100</list>
</completionHelp>
<valueHelp>
<format>0x88A8</format>
<description>802.1ad</description>
</valueHelp>
<valueHelp>
<format>0x8100</format>
<description>802.1q</description>
</valueHelp>
<constraint>
<regex>(0x88A8|0x8100)</regex>
</constraint>
<constraintErrorMessage>Ethertype must be 0x88A8 or 0x8100</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="mac">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mtu">
<properties>
<help>Maximum Transmission Unit (MTU)</help>
<valueHelp>
<format>68-9000</format>
<description>Maximum Transmission Unit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 68-9000"/>
</constraint>
<constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage>
</properties>
</leafNode>
<tagNode name="vif-c">
<properties>
<help>QinQ TAG-C Virtual Local Area Network (VLAN) ID</help>
<constraint>
<validator name="numeric" argument="--range 0-4094"/>
</constraint>
<constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage>
</properties>
<children>
#include <include/address-ipv4-ipv6-dhcp.xml.i>
#include <include/interface-description.xml.i>
#include <include/dhcp-dhcpv6-options.xml.i>
<leafNode name="disable-link-detect">
<properties>
<help>Ignore link state changes</help>
<valueless/>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable this bridge interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="mac">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mtu">
<properties>
<help>Maximum Transmission Unit (MTU)</help>
<valueHelp>
<format>68-9000</format>
<description>Maximum Transmission Unit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 68-9000"/>
</constraint>
<constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i
index d9b5cfe34..642ed31f3 100644
--- a/interface-definitions/include/vif.xml.i
+++ b/interface-definitions/include/vif.xml.i
@@ -1,108 +1,103 @@
<tagNode name="vif">
<properties>
<help>Virtual Local Area Network (VLAN) ID</help>
<valueHelp>
<format>0-4094</format>
<description>Virtual Local Area Network (VLAN) ID</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4094"/>
</constraint>
<constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage>
</properties>
<children>
#include <include/address-ipv4-ipv6-dhcp.xml.i>
#include <include/interface-description.xml.i>
#include <include/dhcp-dhcpv6-options.xml.i>
<leafNode name="disable-link-detect">
<properties>
<help>Ignore link state changes</help>
<valueless/>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable this bridge interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="egress-qos">
<properties>
<help>VLAN egress QoS</help>
<completionHelp>
<script>echo Format for qos mapping, e.g.: '0:1 1:6 7:6'</script>
</completionHelp>
<constraint>
<regex>[:0-7 ]+$</regex>
</constraint>
<constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="ingress-qos">
<properties>
<help>VLAN ingress QoS</help>
<completionHelp>
<script>echo Format for qos mapping '0:1 1:6 7:6'</script>
</completionHelp>
<constraint>
<regex>[:0-7 ]+$</regex>
</constraint>
<constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage>
</properties>
</leafNode>
<node name="ip">
<children>
<leafNode name="arp-cache-timeout">
<properties>
<help>ARP cache entry timeout in seconds</help>
<valueHelp>
<format>1-86400</format>
<description>ARP cache entry timout in seconds (default 30)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-86400"/>
</constraint>
<constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="enable-proxy-arp">
<properties>
<help>Enable proxy-arp on this interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="proxy-arp-pvlan">
<properties>
<help>Enable private VLAN proxy ARP on this interface</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="mac">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mtu">
<properties>
<help>Maximum Transmission Unit (MTU)</help>
<valueHelp>
<format>68-9000</format>
<description>Maximum Transmission Unit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 68-9000"/>
</constraint>
<constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage>
</properties>
</leafNode>
</children>
</tagNode>
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index 6a82ddd91..13295f899 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -1,214 +1,209 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces-bonding.py">
<properties>
<help>Bonding interface name</help>
<priority>320</priority>
<constraint>
<regex>bond[0-9]+$</regex>
</constraint>
<constraintErrorMessage>Bonding interface must be named bondN</constraintErrorMessage>
<valueHelp>
<format>bondN</format>
<description>Bonding interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6-dhcp.xml.i>
<node name="arp-monitor">
<properties>
<help>ARP link monitoring parameters</help>
</properties>
<children>
<leafNode name="interval">
<properties>
<help>ARP link monitoring interval</help>
<valueHelp>
<format>0-4294967295</format>
<description>Specifies the ARP link monitoring frequency in milliseconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
<leafNode name="target">
<properties>
<help>IP address used for ARP monitoring</help>
<valueHelp>
<format>ipv4</format>
<description>Network Time Protocol (NTP) IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
<multi/>
</properties>
</leafNode>
</children>
</node>
#include <include/interface-description.xml.i>
#include <include/dhcp-dhcpv6-options.xml.i>
<leafNode name="disable-link-detect">
<properties>
<help>Ignore link state changes</help>
<valueless/>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable this bridge interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="hash-policy">
<properties>
<help>Bonding transmit hash policy</help>
<completionHelp>
<list>layer2 layer2+3 layer3+4</list>
</completionHelp>
<valueHelp>
<format>layer2</format>
<description>use MAC addresses to generate the hash (802.3ad, default)</description>
</valueHelp>
<valueHelp>
<format>layer2+3</format>
<description>combine MAC address and IP address to make hash</description>
</valueHelp>
<valueHelp>
<format>layer3+4</format>
<description>combine IP address and port to make hash</description>
</valueHelp>
<constraint>
<regex>(layer2\+3|layer3\+4|layer2)</regex>
</constraint>
<constraintErrorMessage>hash-policy must be layer2 layer2+3 or layer3+4</constraintErrorMessage>
</properties>
</leafNode>
<node name="ip">
<children>
<leafNode name="arp-cache-timeout">
<properties>
<help>ARP cache entry timeout in seconds</help>
<valueHelp>
<format>1-86400</format>
<description>ARP cache entry timout in seconds (default 30)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-86400"/>
</constraint>
<constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="enable-proxy-arp">
<properties>
<help>Enable proxy-arp on this interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="proxy-arp-pvlan">
<properties>
<help>Enable private VLAN proxy ARP on this interface</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="mac">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mode">
<properties>
<help>Bonding mode</help>
<completionHelp>
<list>802.3ad active-backup broadcast round-robin transmit-load-balance adaptive-load-balance xor-hash</list>
</completionHelp>
<valueHelp>
<format>802.3ad</format>
<description>IEEE 802.3ad Dynamic link aggregation (Default)</description>
</valueHelp>
<valueHelp>
<format>active-backup</format>
<description>Fault tolerant: only one slave in the bond is active</description>
</valueHelp>
<valueHelp>
<format>broadcast</format>
<description>Fault tolerant: transmits everything on all slave interfaces</description>
</valueHelp>
<valueHelp>
<format>round-robin</format>
<description>Load balance: transmit packets in sequential order</description>
</valueHelp>
<valueHelp>
<format>transmit-load-balance</format>
<description>Load balance: adapts based on transmit load and speed</description>
</valueHelp>
<valueHelp>
<format>adaptive-load-balance</format>
<description>Load balance: adapts based on transmit and receive plus ARP</description>
</valueHelp>
<valueHelp>
<format>xor-hash</format>
<description>Distribute based on MAC address</description>
</valueHelp>
<constraint>
<regex>(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex>
</constraint>
<constraintErrorMessage>mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor</constraintErrorMessage>
</properties>
</leafNode>
<node name="member">
<properties>
<help>Bridge member interfaces</help>
</properties>
<children>
<leafNode name="interface">
<properties>
<help>Member interface name</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces.py --bondable</script>
</completionHelp>
<multi/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="mtu">
<properties>
<help>Maximum Transmission Unit (MTU)</help>
<valueHelp>
<format>68-9000</format>
<description>Maximum Transmission Unit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 68-9000"/>
</constraint>
<constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="primary">
<properties>
<help>Primary device interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces.py --bondable</script>
</completionHelp>
</properties>
</leafNode>
#include <include/vif-s.xml.i>
#include <include/vif.xml.i>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index 8bac2f244..bb96db625 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -1,197 +1,192 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces-bridge.py">
<properties>
<help>Bridge interface name</help>
<priority>470</priority>
<constraint>
<regex>^br[0-9]+$</regex>
</constraint>
<constraintErrorMessage>Bridge interface must be named brN</constraintErrorMessage>
<valueHelp>
<format>brN</format>
<description>Bridge interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6-dhcp.xml.i>
<leafNode name="aging">
<properties>
<help>MAC address aging interval</help>
<valueHelp>
<format>0</format>
<description>Disable MAC address learning (always flood)</description>
</valueHelp>
<valueHelp>
<format>10-1000000</format>
<description>MAC address aging time in seconds (default: 300)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-0 --range 10-1000000"/>
</constraint>
</properties>
</leafNode>
#include <include/interface-description.xml.i>
#include <include/dhcp-dhcpv6-options.xml.i>
<leafNode name="disable-link-detect">
<properties>
<help>Ignore link state changes</help>
<valueless/>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable this bridge interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="forwarding-delay">
<properties>
<help>Forwarding delay</help>
<valueHelp>
<format>0-200</format>
<description>Spanning Tree Protocol forwarding delay in seconds (default 15)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-200"/>
</constraint>
<constraintErrorMessage>Forwarding delay must be between 0 and 200 seconds</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="hello-time">
<properties>
<help>Hello packet advertisment interval</help>
<valueHelp>
<format>1-10</format>
<description>Spanning Tree Protocol hello advertisement interval in seconds (default 2)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-10"/>
</constraint>
<constraintErrorMessage>Bridge Hello interval must be between 1 and 10 seconds</constraintErrorMessage>
</properties>
</leafNode>
<node name="igmp">
<properties>
<help>Internet Group Management Protocol (IGMP) settings</help>
</properties>
<children>
<leafNode name="querier">
<properties>
<help>Enable IGMP querier</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<node name="ip">
<children>
<leafNode name="arp-cache-timeout">
<properties>
<help>ARP cache entry timeout in seconds</help>
<valueHelp>
<format>1-86400</format>
<description>ARP cache entry timout in seconds (default 30)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-86400"/>
</constraint>
<constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage>
</properties>
</leafNode>
</children>
</node>
<leafNode name="mac">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="max-age">
<properties>
<help>Interval at which neighbor bridges are removed</help>
<valueHelp>
<format>1-40</format>
<description>Bridge maximum aging time in seconds (default 20)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-40"/>
</constraint>
<constraintErrorMessage>Bridge max aging value must be between 1 and 40 seconds</constraintErrorMessage>
</properties>
</leafNode>
<node name="member">
<properties>
<help>Bridge member interfaces</help>
</properties>
<children>
<tagNode name="interface">
<properties>
<help>Member interface name</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script>
</completionHelp>
</properties>
<children>
<leafNode name="cost">
<properties>
<help>Bridge port cost</help>
<valueHelp>
<format>1-65535</format>
<description>Path cost value for Spanning Tree Protocol</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
<constraintErrorMessage>Path cost value must be between 1 and 65535</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="priority">
<properties>
<help>Bridge port priority</help>
<valueHelp>
<format>0-63</format>
<description>Bridge port priority</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-63"/>
</constraint>
<constraintErrorMessage>Port priority value must be between 0 and 63</constraintErrorMessage>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
<leafNode name="priority">
<properties>
<help>Priority for this bridge</help>
<valueHelp>
<format>0-65535</format>
<description>Bridge priority (default 32768)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
<constraintErrorMessage>Bridge priority must be between 0 and 65535 (multiples of 4096)</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="stp">
<properties>
<help>Enable spanning tree protocol</help>
<valueless/>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in
index db1afd803..445f6b2d4 100644
--- a/interface-definitions/interfaces-dummy.xml.in
+++ b/interface-definitions/interfaces-dummy.xml.in
@@ -1,31 +1,26 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces-dummy.py">
<properties>
<help>Dummy interface name</help>
<priority>300</priority>
<constraint>
<regex>dum[0-9]+$</regex>
</constraint>
<constraintErrorMessage>Dummy interface must be named dumN</constraintErrorMessage>
<valueHelp>
<format>dumN</format>
<description>Dummy interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6.xml.i>
#include <include/interface-description.xml.i>
- <leafNode name="disable">
- <properties>
- <help>Disable interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 293c147d8..800588232 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -1,328 +1,323 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces-ethernet.py">
<properties>
<help>Ethernet interface name</help>
<priority>318</priority>
<constraint>
<regex>((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$</regex>
</constraint>
<constraintErrorMessage>Invalid Ethernet interface name</constraintErrorMessage>
<valueHelp>
<format>ethN</format>
<description>Ethernet interface name</description>
</valueHelp>
<valueHelp>
<format>en[ospx]N</format>
<description>Ethernet interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6-dhcp.xml.i>
#include <include/interface-description.xml.i>
#include <include/dhcp-dhcpv6-options.xml.i>
<leafNode name="disable-flow-control">
<properties>
<help>Disable Ethernet flow control (pause frames)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="disable-link-detect">
<properties>
<help>Ignore link state changes</help>
<valueless/>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable this bridge interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="duplex">
<properties>
<help>Duplex mode</help>
<completionHelp>
<list>auto half full</list>
</completionHelp>
<valueHelp>
<format>auto</format>
<description>Auto negotiation (default)</description>
</valueHelp>
<valueHelp>
<format>half</format>
<description>Half duplex</description>
</valueHelp>
<valueHelp>
<format>full</format>
<description>Full duplex</description>
</valueHelp>
<constraint>
<regex>(auto|half|full)</regex>
</constraint>
<constraintErrorMessage>duplex must be auto, half or full</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="hw-id">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<node name="ip">
<children>
<leafNode name="arp-cache-timeout">
<properties>
<help>ARP cache entry timeout in seconds</help>
<valueHelp>
<format>1-86400</format>
<description>ARP cache entry timout in seconds (default 30)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-86400"/>
</constraint>
<constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="enable-proxy-arp">
<properties>
<help>Enable proxy-arp on this interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="proxy-arp-pvlan">
<properties>
<help>Enable private VLAN proxy ARP on this interface</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="mac">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mtu">
<properties>
<help>Maximum Transmission Unit (MTU)</help>
<valueHelp>
<format>68-9000</format>
<description>Maximum Transmission Unit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 68-9000"/>
</constraint>
<constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage>
</properties>
</leafNode>
<node name="offload-options">
<properties>
<help>Configurable offload options</help>
</properties>
<children>
<leafNode name="generic-receive">
<properties>
<help>Configure GRO (generic receive offload)</help>
<completionHelp>
<list>on off</list>
</completionHelp>
<valueHelp>
<format>on</format>
<description>Enable GRO (generic receive offload)</description>
</valueHelp>
<valueHelp>
<format>off</format>
<description>Disable GRO (generic receive offload)</description>
</valueHelp>
<constraint>
<regex>(on|off)</regex>
</constraint>
<constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="generic-segmentation">
<properties>
<help>Configure GSO (generic segmentation offload)</help>
<completionHelp>
<list>on off</list>
</completionHelp>
<valueHelp>
<format>on</format>
<description>Enable GSO (generic segmentation offload)</description>
</valueHelp>
<valueHelp>
<format>off</format>
<description>Disable GSO (generic segmentation offload)</description>
</valueHelp>
<constraint>
<regex>(on|off)</regex>
</constraint>
<constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="scatter-gather">
<properties>
<help>Configure scatter-gather option</help>
<completionHelp>
<list>on off</list>
</completionHelp>
<valueHelp>
<format>on</format>
<description>Enable scatter-gather</description>
</valueHelp>
<valueHelp>
<format>off</format>
<description>Disable scatter-gather</description>
</valueHelp>
<constraint>
<regex>(on|off)</regex>
</constraint>
<constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="tcp-segmentation">
<properties>
<help>Configure TSO (TCP segmentation offloading)</help>
<completionHelp>
<list>on off</list>
</completionHelp>
<valueHelp>
<format>on</format>
<description>Enable TSO (TCP segmentation offloading)</description>
</valueHelp>
<valueHelp>
<format>off</format>
<description>Disable TSO (TCP segmentation offloading)</description>
</valueHelp>
<constraint>
<regex>(on|off)</regex>
</constraint>
<constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="udp-fragmentation">
<properties>
<help>Configure UDP fragmentation offloading</help>
<completionHelp>
<list>on off</list>
</completionHelp>
<valueHelp>
<format>on</format>
<description>Enable UDP fragmentation offloading</description>
</valueHelp>
<valueHelp>
<format>off</format>
<description>Disable UDP fragmentation offloading</description>
</valueHelp>
<constraint>
<regex>(on|off)</regex>
</constraint>
<constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage>
</properties>
</leafNode>
</children>
</node>
<leafNode name="smp-affinity">
<properties>
<help>CPU interrupt affinity mask</help>
<completionHelp>
<list>auto 10 100 1000 2500 5000 10000</list>
</completionHelp>
<valueHelp>
<format>auto</format>
<description>Auto negotiation (default)</description>
</valueHelp>
<valueHelp>
<format>hex</format>
<description>Bitmask representing CPUs that this NIC will interrupt</description>
</valueHelp>
<valueHelp>
<format>hex,hex</format>
<description>Bitmasks representing CPUs for interrupt and receive processing</description>
</valueHelp>
<constraint>
<regex>(auto)</regex>
<regex>[0-9a-f]+(|,[0-9a-f]+)$</regex>
</constraint>
<constraintErrorMessage>IRQ affinity mask must be hex value or auto</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="speed">
<properties>
<help>Link speed</help>
<completionHelp>
<list>auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000</list>
</completionHelp>
<valueHelp>
<format>auto</format>
<description>Auto negotiation (default)</description>
</valueHelp>
<valueHelp>
<format>10</format>
<description>10 Mbit/sec</description>
</valueHelp>
<valueHelp>
<format>100</format>
<description>100 Mbit/sec</description>
</valueHelp>
<valueHelp>
<format>1000</format>
<description>1 Gbit/sec</description>
</valueHelp>
<valueHelp>
<format>2500</format>
<description>2.5 Gbit/sec</description>
</valueHelp>
<valueHelp>
<format>5000</format>
<description>5 Gbit/sec</description>
</valueHelp>
<valueHelp>
<format>10000</format>
<description>10 Gbit/sec</description>
</valueHelp>
<valueHelp>
<format>25000</format>
<description>25 Gbit/sec</description>
</valueHelp>
<valueHelp>
<format>40000</format>
<description>40 Gbit/sec</description>
</valueHelp>
<valueHelp>
<format>50000</format>
<description>50 Gbit/sec</description>
</valueHelp>
<valueHelp>
<format>100000</format>
<description>100 Gbit/sec</description>
</valueHelp>
<constraint>
<regex>(auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000)</regex>
</constraint>
<constraintErrorMessage>Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000</constraintErrorMessage>
</properties>
</leafNode>
#include <include/vif-s.xml.i>
#include <include/vif.xml.i>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in
index 3fbafd2ec..146c40152 100644
--- a/interface-definitions/interfaces-geneve.xml.in
+++ b/interface-definitions/interfaces-geneve.xml.in
@@ -1,94 +1,89 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces-geneve.py">
<properties>
<help>Generic Network Virtualization Encapsulation (GENEVE)</help>
<priority>460</priority>
<constraint>
<regex>gnv[0-9]+$</regex>
</constraint>
<constraintErrorMessage>GENEVE interface must be named gnvN</constraintErrorMessage>
<valueHelp>
<format>gnvN</format>
<description>GENEVE interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6.xml.i>
#include <include/interface-description.xml.i>
- <leafNode name="disable">
- <properties>
- <help>Disable interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<node name="ip">
<properties>
<help>IPv4 routing parameters</help>
</properties>
<children>
<leafNode name="arp-cache-timeout">
<properties>
<help>ARP cache entry timeout in seconds</help>
<valueHelp>
<format>1-86400</format>
<description>ARP cache entry timout in seconds (default 30)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-86400"/>
</constraint>
<constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="enable-proxy-arp">
<properties>
<help>Enable proxy-arp on this interface</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="mtu">
<properties>
<help>Maximum Transmission Unit (MTU)</help>
<valueHelp>
<format>1450-9000</format>
<description>Maximum Transmission Unit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1500-9000"/>
</constraint>
<constraintErrorMessage>MTU must be between 1500 and 9000</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="remote">
<properties>
<help>Remote address of GENEVE tunnel</help>
<valueHelp>
<format>ipv4</format>
<description>Remote address of GENEVE tunnel</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="vni">
<properties>
<help>Virtual Network Identifier</help>
<valueHelp>
<format>0-16777214</format>
<description>GENEVE virtual network identifier</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-16777214"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index d08dba78a..638e9048b 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -1,673 +1,668 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces-openvpn.py">
<properties>
<help>OpenVPN tunnel interface name</help>
<priority>460</priority>
<constraint>
<regex>^vtun[0-9]+$</regex>
</constraint>
<constraintErrorMessage>OpenVPN tunnel interface must be named vtunN</constraintErrorMessage>
<valueHelp>
<format>vtunN</format>
<description>OpenVPN interface name</description>
</valueHelp>
</properties>
<children>
<node name="authentication">
<properties>
<help>Authentication options</help>
</properties>
<children>
<leafNode name="password">
<properties>
<help>OpenVPN password used for authentication</help>
</properties>
</leafNode>
<leafNode name="username">
<properties>
<help>OpenVPN username used for authentication</help>
</properties>
</leafNode>
</children>
</node>
#include <include/interface-description.xml.i>
<leafNode name="device-type">
<properties>
<help>OpenVPN interface device-type</help>
<completionHelp>
<list>tun tap</list>
</completionHelp>
<valueHelp>
<format>tun</format>
<description>TUN device, required for OSI layer 3</description>
</valueHelp>
<valueHelp>
<format>tap</format>
<description>TAP device, required for OSI layer 2</description>
</valueHelp>
<constraint>
<regex>(tun|tap)</regex>
</constraint>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<node name="encryption">
<properties>
<help>Data Encryption settings</help>
</properties>
<children>
<leafNode name="cipher">
<properties>
<help>Standard Data Encryption Algorithm</help>
<completionHelp>
<list>des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
</completionHelp>
<valueHelp>
<format>des</format>
<description>DES algorithm</description>
</valueHelp>
<valueHelp>
<format>3des</format>
<description>DES algorithm with triple encryption</description>
</valueHelp>
<valueHelp>
<format>bf128</format>
<description>Blowfish algorithm with 128-bit key</description>
</valueHelp>
<valueHelp>
<format>bf256</format>
<description>Blowfish algorithm with 256-bit key</description>
</valueHelp>
<valueHelp>
<format>aes128</format>
<description>AES algorithm with 128-bit key CBC</description>
</valueHelp>
<valueHelp>
<format>aes128gcm</format>
<description>AES algorithm with 128-bit key GCM</description>
</valueHelp>
<valueHelp>
<format>aes192</format>
<description>AES algorithm with 192-bit key CBC</description>
</valueHelp>
<valueHelp>
<format>aes192gcm</format>
<description>AES algorithm with 192-bit key GCM</description>
</valueHelp>
<valueHelp>
<format>aes256</format>
<description>AES algorithm with 256-bit key CBC</description>
</valueHelp>
<valueHelp>
<format>aes256gcm</format>
<description>AES algorithm with 256-bit key GCM</description>
</valueHelp>
<constraint>
<regex>(des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="ncp-ciphers">
<properties>
<help>Cipher negotiation list for use in server or client mode</help>
<completionHelp>
<list>des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list>
</completionHelp>
<valueHelp>
<format>des</format>
<description>DES algorithm</description>
</valueHelp>
<valueHelp>
<format>3des</format>
<description>DES algorithm with triple encryption</description>
</valueHelp>
<valueHelp>
<format>aes128</format>
<description>AES algorithm with 128-bit key CBC</description>
</valueHelp>
<valueHelp>
<format>aes128gcm</format>
<description>AES algorithm with 128-bit key GCM</description>
</valueHelp>
<valueHelp>
<format>aes192</format>
<description>AES algorithm with 192-bit key CBC</description>
</valueHelp>
<valueHelp>
<format>aes192gcm</format>
<description>AES algorithm with 192-bit key GCM</description>
</valueHelp>
<valueHelp>
<format>aes256</format>
<description>AES algorithm with 256-bit key CBC</description>
</valueHelp>
<valueHelp>
<format>aes256gcm</format>
<description>AES algorithm with 256-bit key GCM</description>
</valueHelp>
<constraint>
<regex>(des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="disable-ncp">
<properties>
<help>Disable support for ncp-ciphers</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="hash">
<properties>
<help>Hashing Algorithm</help>
<completionHelp>
<list>md5 sha1 sha256 sha384 sha512</list>
</completionHelp>
<valueHelp>
<format>md5</format>
<description>MD5 algorithm</description>
</valueHelp>
<valueHelp>
<format>sha1</format>
<description>SHA-1 algorithm</description>
</valueHelp>
<valueHelp>
<format>sha256</format>
<description>SHA-256 algorithm</description>
</valueHelp>
<valueHelp>
<format>sha384</format>
<description>SHA-384 algorithm</description>
</valueHelp>
<valueHelp>
<format>sha512</format>
<description>SHA-512 algorithm</description>
</valueHelp>
<constraint>
<regex>(md5|sha1|sha256|sha384|sha512)</regex>
</constraint>
</properties>
</leafNode>
<node name="keep-alive">
<properties>
<help>Keepalive helper options</help>
</properties>
<children>
<leafNode name="failure-count">
<properties>
<help>Maximum number of keepalive packet failures [default 6]</help>
<valueHelp>
<format>0-1000</format>
<description>Maximum number of keepalive packet failures</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-1000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="interval">
<properties>
<help>Keepalive packet interval (seconds) [default 10]</help>
<valueHelp>
<format>0-600</format>
<description>Keepalive packet interval (seconds)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-600"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<tagNode name="local-address">
<properties>
<help>Local IP address of tunnel</help>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
<children>
<leafNode name="subnet-mask">
<properties>
<help>Subnet-mask for local IP address of tunnel</help>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
<leafNode name="local-host">
<properties>
<help>Local IP address to accept connections (all if not set)</help>
<valueHelp>
<format>ipv4</format>
<description>Local IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="local-port">
<properties>
<help>Local port number to accept connections</help>
<valueHelp>
<format>1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mode">
<properties>
<help>OpenVPN mode of operation</help>
<completionHelp>
<list>site-to-site client server</list>
</completionHelp>
<valueHelp>
<format>site-to-site</format>
<description>Site-to-site mode</description>
</valueHelp>
<valueHelp>
<format>client</format>
<description>Client in client-server mode</description>
</valueHelp>
<valueHelp>
<format>server</format>
<description>Server in client-server mode</description>
</valueHelp>
<constraint>
<regex>(site-to-site|client|server)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="openvpn-option">
<properties>
<help>Additional OpenVPN options. You must
use the syntax of openvpn.conf in this text-field. Using this
without proper knowledge may result in a crashed OpenVPN server.
Check system log to look for errors.</help>
<multi/>
</properties>
</leafNode>
<leafNode name="persistent-tunnel">
<properties>
<help>Do not close and reopen interface (TUN/TAP device) on client restarts</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="protocol">
<properties>
<help>OpenVPN communication protocol</help>
<completionHelp>
<list>udp tcp-passive tcp-active</list>
</completionHelp>
<valueHelp>
<format>udp</format>
<description>Site-to-site mode</description>
</valueHelp>
<valueHelp>
<format>tcp-passive</format>
<description>TCP and accepts connections passively</description>
</valueHelp>
<valueHelp>
<format>tcp-active</format>
<description>TCP and initiates connections actively</description>
</valueHelp>
<constraint>
<regex>(udp|tcp-passive|tcp-active)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="remote-address">
<properties>
<help>IP address of remote end of tunnel</help>
<valueHelp>
<format>ipv4</format>
<description>Remote end IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="remote-host">
<properties>
<help>Remote host to connect to (dynamic if not set)</help>
<valueHelp>
<format>ipv4</format>
<description>IP address of remote host</description>
</valueHelp>
<valueHelp>
<format>txt</format>
<description>Hostname of remote host</description>
</valueHelp>
<multi/>
</properties>
</leafNode>
<leafNode name="remote-port">
<properties>
<help>Remote port number to connect to</help>
<valueHelp>
<format>1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<node name="replace-default-route">
<properties>
<help>OpenVPN tunnel to be used as the default route</help>
</properties>
<children>
<leafNode name="local">
<properties>
<help>Tunnel endpoints are on the same subnet</help>
</properties>
</leafNode>
</children>
</node>
<node name="server">
<properties>
<help>Server-mode options</help>
</properties>
<children>
<tagNode name="client">
<properties>
<help>Client-specific settings</help>
<valueHelp>
<format>name</format>
<description>Client common-name in the certificate</description>
</valueHelp>
</properties>
<children>
<leafNode name="disable">
<properties>
<help>Option to disable client connection</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ip">
<properties>
<help>IP address of the client</help>
<valueHelp>
<format>ipv4</format>
<description>Client IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="push-route">
<properties>
<help>Route to be pushed to the client</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 network and prefix length</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="subnet">
<properties>
<help>Subnet belonging to the client</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 network and prefix length belonging to the client</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
<multi/>
</properties>
</leafNode>
</children>
</tagNode>
<leafNode name="domain-name">
<properties>
<help>DNS suffix to be pushed to all clients</help>
<valueHelp>
<format>txt</format>
<description>Domain Name Server suffix</description>
</valueHelp>
</properties>
</leafNode>
<leafNode name="max-connections">
<properties>
<help>Number of maximum client connections</help>
<valueHelp>
<format>1-4096</format>
<description>Number of concurrent clients</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-4096"/>
</constraint>
</properties>
</leafNode>
<leafNode name="name-server">
<properties>
<help>Domain Name Server (DNS)</help>
<valueHelp>
<format>ipv4</format>
<description>DNS server IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="push-route">
<properties>
<help>Route to be pushed to all clients</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 network and prefix length</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="reject-unconfigured-clients">
<properties>
<help>Reject connections from clients that are not explicitly configured</help>
</properties>
</leafNode>
<leafNode name="subnet">
<properties>
<help>Server-mode subnet (from which client IPs are allocated)</help>
<valueHelp>
<format>ipv4net</format>
<description>IPv4 address and prefix length</description>
</valueHelp>
<constraint>
<validator name="ipv4-prefix"/>
</constraint>
</properties>
</leafNode>
<leafNode name="topology">
<properties>
<help>Topology for clients</help>
<completionHelp>
<list>point-to-point subnet</list>
</completionHelp>
<valueHelp>
<format>point-to-point</format>
<description>Point-to-point topology</description>
</valueHelp>
<valueHelp>
<format>subnet</format>
<description>Subnet topology</description>
</valueHelp>
<constraint>
<regex>(subnet|point-to-point)</regex>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="shared-secret-key-file">
<properties>
<help>File containing the secret key shared with remote end of tunnel</help>
<valueHelp>
<format>file</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
</properties>
</leafNode>
<node name="tls">
<properties>
<help>Transport Layer Security (TLS) options</help>
</properties>
<children>
<leafNode name="auth-file">
<properties>
<help>File containing tls static key for tls-auth</help>
<valueHelp>
<format>file</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
</properties>
</leafNode>
<leafNode name="ca-cert-file">
<properties>
<help>File containing certificate for Certificate Authority (CA)</help>
<valueHelp>
<format>file</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
</properties>
</leafNode>
<leafNode name="cert-file">
<properties>
<help>File containing certificate for this host</help>
<valueHelp>
<format>file</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
</properties>
</leafNode>
<leafNode name="crl-file">
<properties>
<help>File containing certificate revocation list (CRL) for this host</help>
<valueHelp>
<format>file</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
</properties>
</leafNode>
<leafNode name="dh-file">
<properties>
<help>File containing Diffie Hellman parameters (server only)</help>
<valueHelp>
<format>file</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
</properties>
</leafNode>
<leafNode name="key-file">
<properties>
<help>Private key for this host</help>
<valueHelp>
<format>file</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
</properties>
</leafNode>
<leafNode name="tls-version-min">
<properties>
<help>Specify the minimum required TLS version</help>
<completionHelp>
<list>1.0 1.1 1.2</list>
</completionHelp>
<valueHelp>
<format>1.0</format>
<description>TLS v1.0</description>
</valueHelp>
<valueHelp>
<format>1.1</format>
<description>TLS v1.1</description>
</valueHelp>
<valueHelp>
<format>1.2</format>
<description>TLS v1.2</description>
</valueHelp>
<constraint>
<regex>(1.0|1.1|1.2)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="role">
<properties>
<help>Private key for this host</help>
<completionHelp>
<list>active passive</list>
</completionHelp>
<valueHelp>
<format>active</format>
<description>Initiate TLS negotiation actively</description>
</valueHelp>
<valueHelp>
<format>passive</format>
<description>Waiting for TLS connections passively</description>
</valueHelp>
<constraint>
<regex>(active|passive)</regex>
</constraint>
</properties>
</leafNode>
</children>
</node>
<leafNode name="use-lzo-compression">
<properties>
<help>Use fast LZO compression on this TUN/TAP interface</help>
<valueless/>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 9434c2f5a..5be7125ce 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -1,127 +1,122 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces-vxlan.py">
<properties>
<help>Virtual extensible LAN interface (VXLAN)</help>
<priority>460</priority>
<constraint>
<regex>vxlan[0-9]+$</regex>
</constraint>
<constraintErrorMessage>VXLAN interface must be named vxlanN</constraintErrorMessage>
<valueHelp>
<format>vxlanN</format>
<description>VXLAN interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6.xml.i>
#include <include/interface-description.xml.i>
- <leafNode name="disable">
- <properties>
- <help>Disable interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="group">
<properties>
<help>Multicast group address for VXLAN interface</help>
<valueHelp>
<format>ipv4</format>
<description>Multicast group address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<node name="ip">
<children>
<leafNode name="arp-cache-timeout">
<properties>
<help>ARP cache entry timeout in seconds</help>
<valueHelp>
<format>1-86400</format>
<description>ARP cache entry timout in seconds (default 30)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-86400"/>
</constraint>
<constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="enable-proxy-arp">
<properties>
<help>Enable proxy-arp on this interface</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="link">
<properties>
<help>Underlay device of VXLAN interface</help>
<valueHelp>
<format>interface</format>
<description>Interface used for VXLAN underlay</description>
</valueHelp>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
</properties>
</leafNode>
<leafNode name="mtu">
<properties>
<help>Maximum Transmission Unit (MTU)</help>
<valueHelp>
<format>1450-9000</format>
<description>Maximum Transmission Unit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1450-9000"/>
</constraint>
<constraintErrorMessage>MTU must be between 1450 and 9000</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="remote">
<properties>
<help>Remote address of VXLAN tunnel</help>
<valueHelp>
<format>ipv4</format>
<description>Remote address of VXLAN tunnel</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="port">
<properties>
<help>Destination port of VXLAN tunnel (default: 8472)</help>
<valueHelp>
<format>1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="vni">
<properties>
<help>Virtual Network Identifier</help>
<valueHelp>
<format>0-16777214</format>
<description>VXLAN virtual network identifier</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-16777214"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in
index ef0b643bb..6be0292a1 100644
--- a/interface-definitions/interfaces-wireguard.xml.in
+++ b/interface-definitions/interfaces-wireguard.xml.in
@@ -1,126 +1,121 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces-wireguard.py">
<properties>
<help>WireGuard interface name</help>
<priority>459</priority>
<!-- subsequent ones may be removed, just make sure ethernet ifs are present -->
<constraint>
<regex>^wg[0-9]{1,4}</regex>
</constraint>
<constraintErrorMessage>illegal interface name</constraintErrorMessage>
<valueHelp>
<format>wgN</format>
<description>WireGuard interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6.xml.i>
#include <include/interface-description.xml.i>
- <leafNode name="disable">
- <properties>
- <help>disables interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="port">
<properties>
<help>Local port number to accept connections</help>
<constraint>
<validator name="numeric" argument="--range 1024-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="mtu">
<properties>
<help>interface mtu size(default: 1420)</help>
<constraint>
<validator name="numeric" argument="--range 68-9000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="fwmark">
<properties>
<help>A 32-bit fwmark value set on all outgoing packets</help>
<valueHelp>
<format>number</format>
<description>value which marks the packet for QoS/shaper</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="private-key">
<properties>
<help>Private key to use on that interface</help>
<completionHelp>
<script>${vyos_op_scripts_dir}/wireguard.py --listkdir</script>
</completionHelp>
</properties>
</leafNode>
<tagNode name="peer">
<properties>
<help>peer alias</help>
<constraint>
<regex>[^ ]{1,100}$</regex>
</constraint>
<constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage>
</properties>
<children>
<leafNode name="disable">
<properties>
<help>disables peer</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="pubkey">
<properties>
<help>base64 encoded public key</help>
<constraint>
<regex>^[0-9a-zA-Z\+/]{43}=$</regex>
</constraint>
<constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="preshared-key">
<properties>
<help>base64 encoded preshared key</help>
<constraint>
<regex>^[0-9a-zA-Z\+/]{43}=$</regex>
</constraint>
<constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="allowed-ips">
<properties>
<help>IP addresses allowed to traverse the peer</help>
<constraint>
<validator name="ip-prefix"/>
</constraint>
<multi/>
</properties>
</leafNode>
<!-- eventually check format IP:port -->
<leafNode name="endpoint">
<properties>
<help>Remote endpoint (IP:port)</help>
</properties>
</leafNode>
<leafNode name="persistent-keepalive">
<properties>
<help>how often send keep alives in seconds</help>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index 65ad14228..4e8c9a932 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -1,795 +1,790 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="interfaces">
<children>
<tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces-wireless.py">
<properties>
<help>Wireless network interface (WiFi/WLAN)</help>
<priority>400</priority>
<constraint>
<regex>wlan[0-9]+$</regex>
</constraint>
<constraintErrorMessage>Wireless interface must be named wlanN</constraintErrorMessage>
<valueHelp>
<format>wlanN</format>
<description>Wireless (WiFi/WLAN) interface name</description>
</valueHelp>
</properties>
<children>
#include <include/address-ipv4-ipv6-dhcp.xml.i>
<node name="capabilities">
<properties>
<help>HT and VHT capabilities for your card</help>
</properties>
<children>
<node name="ht">
<properties>
<help>HT (High Throughput) settings</help>
</properties>
<children>
<leafNode name="40mhz-incapable">
<properties>
<help>40MHz intolerance, use 20MHz only!</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="auto-powersave">
<properties>
<help>Enable WMM-PS unscheduled automatic power aave delivery [U-APSD]</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="channel-set-width">
<properties>
<help>Supported channel set width</help>
<completionHelp>
<list>ht20 ht40+ ht40-</list>
</completionHelp>
<valueHelp>
<format>ht20</format>
<description>Supported channel set width both 20 MHz only</description>
</valueHelp>
<valueHelp>
<format>ht40+</format>
<description>Supported channel set width both 20 MHz and 40 MHz with secondary channel above primary channel</description>
</valueHelp>
<valueHelp>
<format>ht40-</format>
<description>Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel</description>
</valueHelp>
<constraint>
<regex>(ht20|ht40\+|ht40-)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="delayed-block-ack">
<properties>
<help>Enable HT-delayed block ack</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="dsss-cck-40">
<properties>
<help>Enable DSSS_CCK-40</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="greenfield">
<properties>
<help>Enable HT-greenfield</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ldpc">
<properties>
<help>Enable LDPC coding capability</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="lsig-protection">
<properties>
<help>Enable L-SIG TXOP protection capability</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="max-amsdu">
<properties>
<help>Set maximum A-MSDU length</help>
<completionHelp>
<list>3839 7935</list>
</completionHelp>
<valueHelp>
<format>3839</format>
<description>Set maximum A-MSDU length to 3839 octets</description>
</valueHelp>
<valueHelp>
<format>7935</format>
<description>Set maximum A-MSDU length to 7935 octets</description>
</valueHelp>
<constraint>
<regex>(3839|7935)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="short-gi">
<properties>
<help>Short GI capabilities</help>
<completionHelp>
<list>20 40</list>
</completionHelp>
<valueHelp>
<format>20</format>
<description>Short GI for 20 MHz</description>
</valueHelp>
<valueHelp>
<format>40</format>
<description>Short GI for 40 MHz</description>
</valueHelp>
<constraint>
<regex>(20|40)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<leafNode name="smps">
<properties>
<help>Spatial Multiplexing Power Save (SMPS) settings</help>
<completionHelp>
<list>static dynamic</list>
</completionHelp>
<valueHelp>
<format>static</format>
<description>STATIC Spatial Multiplexing (SM) Power Save</description>
</valueHelp>
<valueHelp>
<format>dynamic</format>
<description>DYNAMIC Spatial Multiplexing (SM) Power Save</description>
</valueHelp>
<constraint>
<regex>(static|dynamic)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<node name="stbc">
<properties>
<help>Support for sending and receiving PPDU using STBC (Space Time Block Coding)</help>
</properties>
<children>
<leafNode name="rx">
<properties>
<help>Enable receiving PPDU using STBC (Space Time Block Coding)</help>
<valueHelp>
<format>[1-3]+</format>
<description>Number of spacial streams that can use RX STBC</description>
</valueHelp>
<constraint>
<regex>[1-3]+</regex>
</constraint>
<constraintErrorMessage>Invalid capability item</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="tx">
<properties>
<help>Enable sending PPDU using STBC (Space Time Block Coding)</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<leafNode name="require-ht">
<properties>
<help>Require stations to support HT PHY (reject association if they do not)</help>
<completionHelp>
<script>echo If you reject non-HT, you also disable 802.11g</script>
</completionHelp>
<valueless/>
</properties>
</leafNode>
<leafNode name="require-vht">
<properties>
<help>Require stations to support VHT PHY (reject association if they do not)</help>
<completionHelp>
<script>echo If you reject non-VHT, you also disable 802.11n</script>
</completionHelp>
<valueless/>
</properties>
</leafNode>
<node name="vht">
<properties>
<help>VHT (Very High Throughput) settings</help>
</properties>
<children>
<leafNode name="antenna-count">
<properties>
<help>Number of antennas on this card</help>
<valueHelp>
<format>1-9</format>
<description>Number of antennas for this card</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-9"/>
</constraint>
</properties>
</leafNode>
<leafNode name="antenna-pattern-fixed">
<properties>
<help>Set if antenna pattern does not change during the lifetime of an association</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="beamform">
<properties>
<help>Beamforming capabilities</help>
<completionHelp>
<list>single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee</list>
</completionHelp>
<valueHelp>
<format>single-user-beamformer</format>
<description>Support for operation as single user beamformer</description>
</valueHelp>
<valueHelp>
<format>single-user-beamformee</format>
<description>Support for operation as single user beamformee</description>
</valueHelp>
<valueHelp>
<format>multi-user-beamformer</format>
<description>Support for operation as multi user beamformer</description>
</valueHelp>
<valueHelp>
<format>multi-user-beamformee</format>
<description>Support for operation as multi user beamformee</description>
</valueHelp>
<constraint>
<regex>(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<node name="center-channel-freq">
<properties>
<help>VHT operating channel center frequency</help>
</properties>
<children>
<leafNode name="freq-1">
<properties>
<help>VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)</help>
<valueHelp>
<format><34-173></format>
<description>5Ghz (802.11 a/h/j/n/ac) center channel index (use 42 for primary 80MHz channel 36)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 34-173"/>
</constraint>
<constraintErrorMessage>Channel center value must be between 34 and 173</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="freq-2">
<properties>
<help>VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)</help>
<valueHelp>
<format>34-173</format>
<description>5Ghz (802.11 a/h/j/n/ac) center channel index (use 58 for primary 80MHz channel 52)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 34-173"/>
</constraint>
<constraintErrorMessage>Channel center value must be between 34 and 173</constraintErrorMessage>
</properties>
</leafNode>
</children>
</node>
<leafNode name="channel-set-width">
<properties>
<help>VHT operating Channel width</help>
<completionHelp>
<list>0 1 2 3</list>
</completionHelp>
<valueHelp>
<format>0</format>
<description>20 or 40 MHz channel width (default)</description>
</valueHelp>
<valueHelp>
<format>1</format>
<description>80 MHz channel width</description>
</valueHelp>
<valueHelp>
<format>2</format>
<description>160 MHz channel width</description>
</valueHelp>
<valueHelp>
<format>3</format>
<description>80+80 MHz channel width</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-3"/>
</constraint>
</properties>
</leafNode>
<leafNode name="ldpc">
<properties>
<help>Enable LDPC (Low Density Parity Check) coding capability</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="link-adaptation">
<properties>
<help>VHT link adaptation capabilities</help>
<completionHelp>
<list>single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee</list>
</completionHelp>
<valueHelp>
<format>unsolicited</format>
<description>Station provides only unsolicited VHT MFB</description>
</valueHelp>
<valueHelp>
<format>both</format>
<description>Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB</description>
</valueHelp>
<constraint>
<regex>(unsolicited|both)</regex>
</constraint>
<constraintErrorMessage>Invalid capability item</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="max-mpdu-exp">
<properties>
<help>Set the maximum length of A-MPDU pre-EOF padding that the station can receive</help>
<valueHelp>
<format><0-7></format>
<description>Maximum length of A-MPDU pre-EOF padding = 2 pow(13 + x) -1 octets</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-7"/>
</constraint>
</properties>
</leafNode>
<leafNode name="max-mpdu">
<properties>
<help>Increase Maximum MPDU length to 7991 or 11454 octets (otherwise: 3895 octets)</help>
<completionHelp>
<list>7991 11454</list>
</completionHelp>
<valueHelp>
<format>7991</format>
<description>ncrease Maximum MPDU length to 7991 octets</description>
</valueHelp>
<valueHelp>
<format>11454</format>
<description>ncrease Maximum MPDU length to 11454 octets</description>
</valueHelp>
<constraint>
<regex>(7991|11454)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="short-gi">
<properties>
<help>Short GI capabilities</help>
<completionHelp>
<list>80 160</list>
</completionHelp>
<valueHelp>
<format>80</format>
<description>Short GI for 80 MHz</description>
</valueHelp>
<valueHelp>
<format>160</format>
<description>Short GI for 160 MHz</description>
</valueHelp>
<constraint>
<regex>(80|160)</regex>
</constraint>
<multi/>
</properties>
</leafNode>
<node name="stbc">
<properties>
<help>Support for sending and receiving PPDU using STBC (Space Time Block Coding)</help>
</properties>
<children>
<leafNode name="rx">
<properties>
<help>Enable receiving PPDU using STBC (Space Time Block Coding)</help>
<valueHelp>
<format>[1-4]+</format>
<description>Number of spacial streams that can use RX STBC</description>
</valueHelp>
<constraint>
<regex>[1-4]+</regex>
</constraint>
<constraintErrorMessage>Invalid capability item</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="tx">
<properties>
<help>Enable sending PPDU using STBC (Space Time Block Coding)</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="tx-powersave">
<properties>
<help>Enable VHT TXOP Power Save Mode</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="vht-cf">
<properties>
<help>Station supports receiving VHT variant HT Control field</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<leafNode name="channel">
<properties>
<help>Wireless radio channel (use 0 for ACS auto channel selection)</help>
<valueHelp>
<format><1-14></format>
<description>2.4Ghz (802.11 b/g/n) Channel</description>
</valueHelp>
<valueHelp>
<format><0,34-173></format>
<description>5Ghz (802.11 a/h/j/n/ac) Channel</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-0 --range 1-14 --range 34-173"/>
</constraint>
</properties>
</leafNode>
#include <include/interface-description.xml.i>
#include <include/dhcp-dhcpv6-options.xml.i>
<leafNode name="disable-broadcast-ssid">
<properties>
<help>Disable broadcast of SSID from access-point</help>
</properties>
</leafNode>
<leafNode name="disable-link-detect">
<properties>
<help>Ignore link state changes</help>
<valueless/>
</properties>
</leafNode>
- <leafNode name="disable">
- <properties>
- <help>Disable this bridge interface</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface-disable.xml.i>
<leafNode name="expunge-failing-stations">
<properties>
<help>Disassociate stations based on excessive transmission failures</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="hw-id">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="isolate-stations">
<properties>
<help>Isolate stations on the AP so they cannot see each other</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="mac">
<properties>
<help>Media Access Control (MAC) address</help>
<valueHelp>
<format>h:h:h:h:h:h</format>
<description>Hardware (MAC) address</description>
</valueHelp>
<constraint>
<validator name="mac-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="max-stations">
<properties>
<help>Maximum number of wireless radio stations. Excess stations will be rejected upon authentication request.</help>
<valueHelp>
<format><1-2007></format>
<description>Number of allowed stations</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-2007"/>
</constraint>
<constraintErrorMessage>Number of stations must be between 1 and 2007</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="mgmt-frame-protection">
<properties>
<help>Management Frame Protection (MFP) according to IEEE 802.11w</help>
<completionHelp>
<list>disabled optional required</list>
</completionHelp>
<valueHelp>
<format>disabled</format>
<description>no MFP (hostapd default)</description>
</valueHelp>
<valueHelp>
<format>optional</format>
<description>MFP optional</description>
</valueHelp>
<valueHelp>
<format>required</format>
<description>MFP enforced</description>
</valueHelp>
<constraint>
<regex>(disabled|optional|required)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="mode">
<properties>
<help>Wireless radio mode</help>
<completionHelp>
<list>a b g n ac</list>
</completionHelp>
<valueHelp>
<format>a</format>
<description>802.11a - 54 Mbits/sec</description>
</valueHelp>
<valueHelp>
<format>b</format>
<description>802.11b - 11 Mbits/sec</description>
</valueHelp>
<valueHelp>
<format>g</format>
<description>802.11g - 54 Mbits/sec (default)</description>
</valueHelp>
<valueHelp>
<format>n</format>
<description>802.11n - 600 Mbits/sec</description>
</valueHelp>
<valueHelp>
<format>ac</format>
<description>802.11ac - 1300 Mbits/sec</description>
</valueHelp>
<constraint>
<regex>(a|b|g|n|ac)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="physical-device">
<properties>
<help>Wireless physical device</help>
<completionHelp>
<script>${vyos_completion_dir}/list_wireless_phys.sh</script>
</completionHelp>
</properties>
</leafNode>
<leafNode name="reduce-transmit-power">
<properties>
<help>Transmission power reduction in dBm</help>
<valueHelp>
<format><0-255></format>
<description>TX power reduction in dBm</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-255"/>
</constraint>
<constraintErrorMessage>dBm value must be between 0 and 255</constraintErrorMessage>
</properties>
</leafNode>
<node name="security">
<properties>
<help>Wireless security settings</help>
</properties>
<children>
<node name="wep">
<properties>
<help>Wired Equivalent Privacy (WEP) parameters</help>
</properties>
<children>
<leafNode name="key">
<properties>
<help>WEP encryption key</help>
<valueHelp>
<format><hexdigits></format>
<description>Wired Equivalent Privacy key</description>
</valueHelp>
<constraint>
<regex>([a-fA-F0-9]{10}|[a-fA-F0-9]{26}|[a-fA-F0-9]{32})</regex>
</constraint>
<constraintErrorMessage>Invalid WEP key</constraintErrorMessage>
<multi/>
</properties>
</leafNode>
</children>
</node>
<node name="wpa">
<properties>
<help>Wifi Protected Access (WPA) parameters</help>
</properties>
<children>
<leafNode name="cipher">
<properties>
<help>Cipher suite for WPA</help>
<completionHelp>
<list>TKIP CCMP</list>
</completionHelp>
<valueHelp>
<format>CCMP</format>
<description>AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]</description>
</valueHelp>
<valueHelp>
<format>TKIP</format>
<description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description>
</valueHelp>
<constraint>
<regex>(CCMP|TKIP)</regex>
</constraint>
<constraintErrorMessage>Invalid WEP key</constraintErrorMessage>
<multi/>
</properties>
</leafNode>
<leafNode name="mode">
<properties>
<help>WPA mode</help>
<completionHelp>
<list>wpa wpa2 both</list>
</completionHelp>
<valueHelp>
<format>wpa</format>
<description>WPA (IEEE 802.11i/D3.0)</description>
</valueHelp>
<valueHelp>
<format>wpa2</format>
<description>WPA2 (full IEEE 802.11i/RSN)</description>
</valueHelp>
<valueHelp>
<format>both</format>
<description>Allow both WPA and WPA2</description>
</valueHelp>
<constraint>
<regex>(wpa|wpa2|both)</regex>
</constraint>
<constraintErrorMessage>Unknown WPA mode</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="passphrase">
<properties>
<help>WPA personal shared pass phrase. If you are
using special characters in the WPA passphrase then single
quotes are required.</help>
<valueHelp>
<format><text></format>
<description>Passphrase of at least 8 but not more than 63 printable characters</description>
</valueHelp>
<constraint>
<regex>.{8,63}$</regex>
</constraint>
<constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage>
</properties>
</leafNode>
<node name="radius">
<properties>
<help>RADIUS specific configuration</help>
</properties>
<children>
<leafNode name="source-address">
<properties>
<help>RADIUS client forced local IP address</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address of RADIUS server</description>
</valueHelp>
</properties>
</leafNode>
<tagNode name="server">
<properties>
<help>IP address of RADIUS server</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address of RADIUS server</description>
</valueHelp>
</properties>
<children>
<leafNode name="accounting">
<properties>
<help>Enable RADIUS server to receive accounting info</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="port">
<properties>
<help>RADIUS server port (default: 1812)</help>
<valueHelp>
<format>1-65535</format>
<description>RADIUS server port</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="key">
<properties>
<help>RADIUS shared secret key</help>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
<leafNode name="ssid">
<properties>
<help>Wireless access-point service set identifier (SSID)</help>
<constraint>
<regex>.{1,32}$</regex>
</constraint>
<constraintErrorMessage>Invalid SSID</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="type">
<properties>
<help>Wireless device type for this interface</help>
<completionHelp>
<list>access-point station monitor</list>
</completionHelp>
<valueHelp>
<format>access-point</format>
<description>Access-point forwards packets between other nodes</description>
</valueHelp>
<valueHelp>
<format>station</format>
<description>Connects to another access point</description>
</valueHelp>
<valueHelp>
<format>monitor</format>
<description>Passively monitor all packets on the frequency/channel</description>
</valueHelp>
<constraint>
<regex>(access-point|station|monitor)</regex>
</constraint>
<constraintErrorMessage>Type must be access-point, station or monitor</constraintErrorMessage>
</properties>
</leafNode>
#include <include/vif.xml.i>
</children>
</tagNode>
</children>
</node>
<node name="system">
<children>
<leafNode name="wifi-regulatory-domain" owner="${vyos_conf_scripts_dir}/system-wifi-regdom.py">
<properties>
<help>Wireless regulatory domain (mandatory)</help>
<priority>305</priority>
<completionHelp>
<list>US EU JP DE UK CN</list>
</completionHelp>
<valueHelp>
<format><code%gt;</format>
<description>Country code (ISO/IEC 3166-1)</description>
</valueHelp>
<constraint>
<regex>[A-Z][A-Z]$</regex>
</constraint>
<constraintErrorMessage>invalid country code</constraintErrorMessage>
</properties>
</leafNode>
</children>
</node>
</interfaceDefinition>