diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in
index ce757a5d6..1a432be6d 100644
--- a/interface-definitions/load-balancing_reverse-proxy.xml.in
+++ b/interface-definitions/load-balancing_reverse-proxy.xml.in
@@ -1,340 +1,341 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="load-balancing">
<children>
<node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing_reverse-proxy.py">
<properties>
<help>Configure reverse-proxy</help>
+ <priority>900</priority>
</properties>
<children>
<tagNode name="service">
<properties>
<help>Frontend service name</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
</properties>
<children>
<leafNode name="backend">
<properties>
<help>Backend member</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
<valueHelp>
<format>txt</format>
<description>Name of reverse-proxy backend system</description>
</valueHelp>
<completionHelp>
<path>load-balancing reverse-proxy backend</path>
</completionHelp>
<multi/>
</properties>
</leafNode>
#include <include/generic-description.xml.i>
#include <include/listen-address.xml.i>
#include <include/haproxy/mode.xml.i>
#include <include/port-number.xml.i>
#include <include/haproxy/rule-frontend.xml.i>
#include <include/haproxy/tcp-request.xml.i>
#include <include/haproxy/http-response-headers.xml.i>
<leafNode name="redirect-http-to-https">
<properties>
<help>Redirect HTTP to HTTPS</help>
<valueless/>
</properties>
</leafNode>
<node name="ssl">
<properties>
<help>SSL Certificate, SSL Key and CA</help>
</properties>
<children>
#include <include/pki/certificate-multi.xml.i>
</children>
</node>
</children>
</tagNode>
<tagNode name="backend">
<properties>
<help>Backend server name</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
</properties>
<children>
<leafNode name="balance">
<properties>
<help>Load-balancing algorithm</help>
<completionHelp>
<list>source-address round-robin least-connection</list>
</completionHelp>
<valueHelp>
<format>source-address</format>
<description>Based on hash of source IP address</description>
</valueHelp>
<valueHelp>
<format>round-robin</format>
<description>Round robin</description>
</valueHelp>
<valueHelp>
<format>least-connection</format>
<description>Least connection</description>
</valueHelp>
<constraint>
<regex>(source-address|round-robin|least-connection)</regex>
</constraint>
</properties>
<defaultValue>round-robin</defaultValue>
</leafNode>
#include <include/generic-description.xml.i>
#include <include/haproxy/mode.xml.i>
#include <include/haproxy/http-response-headers.xml.i>
<node name="http-check">
<properties>
<help>HTTP check configuration</help>
</properties>
<children>
<leafNode name="method">
<properties>
<help>HTTP method used for health check</help>
<completionHelp>
<list>options head get post put</list>
</completionHelp>
<valueHelp>
<format>options|head|get|post|put</format>
<description>HTTP method used for health checking</description>
</valueHelp>
<constraint>
<regex>(options|head|get|post|put)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="uri">
<properties>
<help>URI used for HTTP health check (Example: '/' or '/health')</help>
<constraint>
<regex>^\/([^?#\s]*)(\?[^#\s]*)?$</regex>
</constraint>
</properties>
</leafNode>
<node name="expect">
<properties>
<help>Expected response for the health check to pass</help>
</properties>
<children>
<leafNode name="status">
<properties>
<help>Expected response status code for the health check to pass</help>
<valueHelp>
<format>u32:200-399</format>
<description>Expected response code</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 200-399"/>
</constraint>
<constraintErrorMessage>Status code must be in range 200-399</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="string">
<properties>
<help>Expected to be in response body for the health check to pass</help>
<valueHelp>
<format>txt</format>
<description>A string expected to be in the response</description>
</valueHelp>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
<leafNode name="health-check">
<properties>
<help>Non HTTP health check options</help>
<completionHelp>
<list>ldap mysql pgsql redis smtp</list>
</completionHelp>
<valueHelp>
<format>ldap</format>
<description>LDAP protocol check</description>
</valueHelp>
<valueHelp>
<format>mysql</format>
<description>MySQL protocol check</description>
</valueHelp>
<valueHelp>
<format>pgsql</format>
<description>PostgreSQL protocol check</description>
</valueHelp>
<valueHelp>
<format>redis</format>
<description>Redis protocol check</description>
</valueHelp>
<valueHelp>
<format>smtp</format>
<description>SMTP protocol check</description>
</valueHelp>
<constraint>
<regex>(ldap|mysql|redis|pgsql|smtp)</regex>
</constraint>
</properties>
</leafNode>
#include <include/haproxy/rule-backend.xml.i>
<tagNode name="server">
<properties>
<help>Backend server name</help>
</properties>
<children>
<leafNode name="address">
<properties>
<help>Backend server address</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 unicast peer address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>IPv6 unicast peer address</description>
</valueHelp>
<constraint>
<validator name="ip-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="backup">
<properties>
<help>Use backup server if other servers are not available</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="check">
<properties>
<help>Active health check backend server</help>
<valueless/>
</properties>
</leafNode>
#include <include/port-number.xml.i>
<leafNode name="send-proxy">
<properties>
<help>Send a Proxy Protocol version 1 header (text format)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="send-proxy-v2">
<properties>
<help>Send a Proxy Protocol version 2 header (binary format)</help>
<valueless/>
</properties>
</leafNode>
</children>
</tagNode>
<node name="ssl">
<properties>
<help>SSL Certificate, SSL Key and CA</help>
</properties>
<children>
#include <include/pki/ca-certificate.xml.i>
<leafNode name="no-verify">
<properties>
<help>Do not attempt to verify SSL certificates for backend servers</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
#include <include/haproxy/timeout.xml.i>
</children>
</tagNode>
<node name="global-parameters">
<properties>
<help>Global perfomance parameters and limits</help>
</properties>
<children>
<leafNode name="max-connections">
<properties>
<help>Maximum allowed connections</help>
<valueHelp>
<format>u32:1-2000000</format>
<description>Maximum allowed connections</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-2000000"/>
</constraint>
</properties>
</leafNode>
<leafNode name="ssl-bind-ciphers">
<properties>
<help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help>
<completionHelp>
<list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list>
</completionHelp>
<valueHelp>
<format>ecdhe-ecdsa-aes128-gcm-sha256</format>
<description>ecdhe-ecdsa-aes128-gcm-sha256</description>
</valueHelp>
<valueHelp>
<format>ecdhe-rsa-aes128-gcm-sha256</format>
<description>ecdhe-rsa-aes128-gcm-sha256</description>
</valueHelp>
<valueHelp>
<format>ecdhe-ecdsa-aes256-gcm-sha384</format>
<description>ecdhe-ecdsa-aes256-gcm-sha384</description>
</valueHelp>
<valueHelp>
<format>ecdhe-rsa-aes256-gcm-sha384</format>
<description>ecdhe-rsa-aes256-gcm-sha384</description>
</valueHelp>
<valueHelp>
<format>ecdhe-ecdsa-chacha20-poly1305</format>
<description>ecdhe-ecdsa-chacha20-poly1305</description>
</valueHelp>
<valueHelp>
<format>ecdhe-rsa-chacha20-poly1305</format>
<description>ecdhe-rsa-chacha20-poly1305</description>
</valueHelp>
<valueHelp>
<format>dhe-rsa-aes128-gcm-sha256</format>
<description>dhe-rsa-aes128-gcm-sha256</description>
</valueHelp>
<valueHelp>
<format>dhe-rsa-aes256-gcm-sha384</format>
<description>dhe-rsa-aes256-gcm-sha384</description>
</valueHelp>
<constraint>
<regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex>
</constraint>
<multi/>
</properties>
<defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue>
</leafNode>
<leafNode name="tls-version-min">
<properties>
<help>Specify the minimum required TLS version</help>
<completionHelp>
<list>1.2 1.3</list>
</completionHelp>
<valueHelp>
<format>1.2</format>
<description>TLS v1.2</description>
</valueHelp>
<valueHelp>
<format>1.3</format>
<description>TLS v1.3</description>
</valueHelp>
<constraint>
<regex>(1.2|1.3)</regex>
</constraint>
</properties>
<defaultValue>1.3</defaultValue>
</leafNode>
</children>
</node>
#include <include/interface/vrf.xml.i>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/load-balancing_wan.xml.in b/interface-definitions/load-balancing_wan.xml.in
index e117fd1b2..310aa0343 100644
--- a/interface-definitions/load-balancing_wan.xml.in
+++ b/interface-definitions/load-balancing_wan.xml.in
@@ -1,399 +1,399 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="load-balancing">
<properties>
<help>Configure load-balancing</help>
- <priority>900</priority>
</properties>
<children>
<node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing_wan.py">
<properties>
<help>Configure Wide Area Network (WAN) load-balancing</help>
+ <priority>900</priority>
</properties>
<children>
<leafNode name="disable-source-nat">
<properties>
<help>Disable source NAT rules from being configured for WAN load balancing</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="enable-local-traffic">
<properties>
<help>Enable WAN load balancing for locally sourced traffic</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="flush-connections">
<properties>
<help>Flush connection tracking tables on connection state change</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="hook">
<properties>
<help>Script to be executed on interface status change</help>
<valueHelp>
<format>txt</format>
<description>Script in /config/scripts</description>
</valueHelp>
<constraint>
<validator name="script"/>
</constraint>
</properties>
</leafNode>
<tagNode name="interface-health">
<properties>
<help>Interface name</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
<children>
<leafNode name="failure-count">
<properties>
<help>Failure count</help>
<valueHelp>
<format>u32:1-10</format>
<description>Failure count</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-10"/>
</constraint>
</properties>
<defaultValue>1</defaultValue>
</leafNode>
<leafNode name="nexthop">
<properties>
<help>Outbound interface nexthop address. Can be 'DHCP or IPv4 address' [REQUIRED]</help>
<completionHelp>
<list>dhcp</list>
</completionHelp>
<valueHelp>
<format>ipv4</format>
<description>Nexthop IP address</description>
</valueHelp>
<valueHelp>
<format>dhcp</format>
<description>Set the nexthop via DHCP</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
<regex>(dhcp)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="success-count">
<properties>
<help>Success count</help>
<valueHelp>
<format>u32:1-10</format>
<description>Success count</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-10"/>
</constraint>
</properties>
<defaultValue>1</defaultValue>
</leafNode>
<tagNode name="test">
<properties>
<help>Rule number</help>
<valueHelp>
<format>u32:0-4294967295</format>
<description>Rule number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
<children>
<leafNode name="resp-time">
<properties>
<help>Ping response time (seconds)</help>
<valueHelp>
<format>u32:1-30</format>
<description>Response time (seconds)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-30"/>
</constraint>
</properties>
<defaultValue>5</defaultValue>
</leafNode>
<leafNode name="target">
<properties>
<help>Health target address</help>
<valueHelp>
<format>ipv4</format>
<description>Health target address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="test-script">
<properties>
<help>Path to user-defined script</help>
<valueHelp>
<format>txt</format>
<description>Script in /config/scripts</description>
</valueHelp>
<constraint>
<validator name="script"/>
</constraint>
</properties>
</leafNode>
<leafNode name="ttl-limit">
<properties>
<help>TTL limit (hop count)</help>
<valueHelp>
<format>u32:1-254</format>
<description>Number of hops</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-254"/>
</constraint>
</properties>
<defaultValue>1</defaultValue>
</leafNode>
<leafNode name="type">
<properties>
<help>WLB test type</help>
<completionHelp>
<list>ping ttl user-defined</list>
</completionHelp>
<valueHelp>
<format>ping</format>
<description>Test with ICMP echo response</description>
</valueHelp>
<valueHelp>
<format>ttl</format>
<description>Test with UDP TTL expired response</description>
</valueHelp>
<valueHelp>
<format>user-defined</format>
<description>User-defined test script</description>
</valueHelp>
<constraint>
<regex>(ping|ttl|user-defined)</regex>
</constraint>
</properties>
<defaultValue>ping</defaultValue>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
<tagNode name="rule">
<properties>
<help>Rule number (1-9999)</help>
<valueHelp>
<format>u32:1-9999</format>
<description>Rule number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-9999"/>
</constraint>
</properties>
<children>
#include <include/generic-description.xml.i>
<node name="destination">
<properties>
<help>Destination</help>
</properties>
<children>
#include <include/ipv4-address-prefix-range.xml.i>
#include <include/port-port-range.xml.i>
</children>
</node>
<leafNode name="exclude">
<properties>
<help>Exclude packets matching this rule from WAN load balance</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="failover">
<properties>
<help>Enable failover for packets matching this rule from WAN load balance</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="inbound-interface">
<properties>
<help>Inbound interface name (e.g., "eth0") [REQUIRED]</help>
<completionHelp>
<list>any</list>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
</leafNode>
<tagNode name="interface">
<properties>
<help>Interface name [REQUIRED]</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
<children>
<leafNode name="weight">
<properties>
<help>Load-balance weight</help>
<valueHelp>
<format>u32:1-255</format>
<description>Interface weight</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
<constraintErrorMessage>Weight must be between 1 and 255</constraintErrorMessage>
</properties>
<defaultValue>1</defaultValue>
</leafNode>
</children>
</tagNode>
<node name="limit">
<properties>
<help>Enable packet limit for this rule</help>
</properties>
<children>
<leafNode name="burst">
<properties>
<help>Burst limit for matching packets</help>
<valueHelp>
<format>u32:0-4294967295</format>
<description>Burst limit for matching packets</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
<defaultValue>5</defaultValue>
</leafNode>
<leafNode name="period">
<properties>
<help>Time window for rate calculation</help>
<completionHelp>
<list>hour minute second</list>
</completionHelp>
<valueHelp>
<format>hour</format>
<description>hour</description>
</valueHelp>
<valueHelp>
<format>minute</format>
<description>minute</description>
</valueHelp>
<valueHelp>
<format>second</format>
<description>second</description>
</valueHelp>
<constraint>
<regex>(hour|minute|second)</regex>
</constraint>
</properties>
<defaultValue>second</defaultValue>
</leafNode>
<leafNode name="rate">
<properties>
<help>Number of packets used for rate limit</help>
<valueHelp>
<format>u32:0-4294967295</format>
<description>Number of packets used for rate limit</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
<defaultValue>5</defaultValue>
</leafNode>
<leafNode name="threshold">
<properties>
<help>Threshold behavior for limit</help>
<completionHelp>
<list>above below</list>
</completionHelp>
<valueHelp>
<format>above</format>
<description>Above limit</description>
</valueHelp>
<valueHelp>
<format>below</format>
<description>Below limit</description>
</valueHelp>
<constraint>
<regex>(above|below)</regex>
</constraint>
</properties>
<defaultValue>below</defaultValue>
</leafNode>
</children>
</node>
<leafNode name="per-packet-balancing">
<properties>
<help>Option to match traffic per-packet instead of the default, per-flow</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="protocol">
<properties>
<help>Protocol to match (protocol name, number, or "all")</help>
<completionHelp>
<script>${vyos_completion_dir}/list_protocols.sh</script>
<list>all tcp_udp</list>
</completionHelp>
<valueHelp>
<format>all</format>
<description>All IP protocols</description>
</valueHelp>
<valueHelp>
<format>tcp_udp</format>
<description>Both TCP and UDP</description>
</valueHelp>
<valueHelp>
<format>u32:0-255</format>
<description>IP protocol number</description>
</valueHelp>
<valueHelp>
<format><protocol></format>
<description>IP protocol name</description>
</valueHelp>
<valueHelp>
<format>!<protocol></format>
<description>IP protocol name</description>
</valueHelp>
<constraint>
<validator name="ip-protocol"/>
</constraint>
</properties>
<defaultValue>all</defaultValue>
</leafNode>
<node name="source">
<properties>
<help>Source information</help>
</properties>
<children>
#include <include/ipv4-address-prefix-range.xml.i>
#include <include/port-port-range.xml.i>
</children>
</node>
</children>
</tagNode>
<node name="sticky-connections">
<properties>
<help>Configure sticky connections</help>
</properties>
<children>
<leafNode name="inbound">
<properties>
<help>Enable sticky incoming WAN connections</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/protocols_static_arp.xml.in b/interface-definitions/protocols_static_arp.xml.in
index 05c69f1ed..0c5d6e4ed 100644
--- a/interface-definitions/protocols_static_arp.xml.in
+++ b/interface-definitions/protocols_static_arp.xml.in
@@ -1,51 +1,52 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="protocols">
<children>
<node name="static">
<children>
<node name="arp" owner="${vyos_conf_scripts_dir}/protocols_static_arp.py">
<properties>
<help>Static ARP translation</help>
+ <priority>481</priority>
</properties>
<children>
<tagNode name="interface">
<properties>
<help>Interface configuration</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
<valueHelp>
<format>txt</format>
<description>Interface name</description>
</valueHelp>
<constraint>
#include <include/constraint/interface-name.xml.i>
</constraint>
</properties>
<children>
<tagNode name="address">
<properties>
<help>IP address for static ARP entry</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 destination address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
<children>
#include <include/generic-description.xml.i>
#include <include/interface/mac.xml.i>
</children>
</tagNode>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/protocols_static_multicast.xml.in b/interface-definitions/protocols_static_multicast.xml.in
index c8e28ed35..caf95ed7c 100644
--- a/interface-definitions/protocols_static_multicast.xml.in
+++ b/interface-definitions/protocols_static_multicast.xml.in
@@ -1,94 +1,95 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="protocols">
<children>
<node name="static">
<children>
<node name="multicast" owner="${vyos_conf_scripts_dir}/protocols_static_multicast.py">
<properties>
<help>Multicast static route</help>
+ <priority>481</priority>
</properties>
<children>
<tagNode name="route">
<properties>
<help>Configure static unicast route into MRIB for multicast RPF lookup</help>
<valueHelp>
<format>ipv4net</format>
<description>Network</description>
</valueHelp>
<constraint>
<validator name="ip-prefix"/>
</constraint>
</properties>
<children>
<tagNode name="next-hop">
<properties>
<help>Nexthop IPv4 address</help>
<valueHelp>
<format>ipv4</format>
<description>Nexthop IPv4 address</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Distance value for this route</help>
<valueHelp>
<format>u32:1-255</format>
<description>Distance for this route</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
<tagNode name="interface-route">
<properties>
<help>Multicast interface based route</help>
<valueHelp>
<format>ipv4net</format>
<description>Network</description>
</valueHelp>
<constraint>
<validator name="ip-prefix"/>
</constraint>
</properties>
<children>
<tagNode name="next-hop-interface">
<properties>
<help>Next-hop interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
<children>
<leafNode name="distance">
<properties>
<help>Distance value for this route</help>
<valueHelp>
<format>u32:1-255</format>
<description>Distance for this route</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-255"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in
index 1c8433a39..7347976f9 100644
--- a/interface-definitions/protocols_static_neighbor-proxy.xml.in
+++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in
@@ -1,48 +1,49 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="protocols">
<children>
<node name="static">
<children>
<node name="neighbor-proxy" owner="${vyos_conf_scripts_dir}/protocols_static_neighbor-proxy.py">
<properties>
<help>Neighbor proxy parameters</help>
+ <priority>481</priority>
</properties>
<children>
<tagNode name="arp">
<properties>
<help>IP address for selective ARP proxy</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 destination address allowed for proxy-arp</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
<children>
#include <include/generic-interface-multi.xml.i>
</children>
</tagNode>
<tagNode name="nd">
<properties>
<help>IPv6 address for selective NDP proxy</help>
<valueHelp>
<format>ipv6</format>
<description>IPv6 destination address</description>
</valueHelp>
<constraint>
<validator name="ipv6-address"/>
</constraint>
</properties>
<children>
#include <include/generic-interface-multi.xml.i>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/service_aws_glb.xml.in b/interface-definitions/service_aws_glb.xml.in
index c749fd04e..71de1f03a 100644
--- a/interface-definitions/service_aws_glb.xml.in
+++ b/interface-definitions/service_aws_glb.xml.in
@@ -1,127 +1,127 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="aws">
<properties>
<help>Amazon Web Service</help>
- <priority>1280</priority>
</properties>
<children>
<node name="glb" owner="${vyos_conf_scripts_dir}/service_aws_glb.py">
<properties>
<help>Gateway load-balancer tunnel handler</help>
+ <priority>1280</priority>
</properties>
<children>
<node name="script">
<properties>
<help>Script executed on create or destroy tunnel</help>
</properties>
<children>
<leafNode name="on-create">
<properties>
<help>Script to run when interface is created</help>
<constraint>
<validator name="script"/>
</constraint>
</properties>
</leafNode>
<leafNode name="on-destroy">
<properties>
<help>Script to run when interface is destroyed</help>
<constraint>
<validator name="script"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
<node name="status">
<properties>
<help>Status</help>
</properties>
<children>
<leafNode name="format">
<properties>
<help>Statistic format</help>
<completionHelp>
<list>simple full</list>
</completionHelp>
<valueHelp>
<format>simple</format>
<description>Simple format</description>
</valueHelp>
<valueHelp>
<format>full</format>
<description>Full format</description>
</valueHelp>
<constraint>
<regex>(simple|full)</regex>
</constraint>
</properties>
</leafNode>
#include <include/port-number.xml.i>
</children>
</node>
<node name="threads">
<properties>
<help>Threads settings</help>
</properties>
<children>
<leafNode name="tunnel">
<properties>
<help>Number of threads for each tunnel processor</help>
<valueHelp>
<format>u32:1-256</format>
<description>Number of threads</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-256"/>
</constraint>
</properties>
</leafNode>
<leafNode name="tunnel-affinity">
<properties>
<help>List of cores worker threads</help>
<valueHelp>
<format><idN>-<idM></format>
<description>CPU core id range (use '-' as delimiter)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--allow-range --range 0-255"/>
</constraint>
</properties>
</leafNode>
<leafNode name="udp">
<properties>
<help>Number of threads for UDP receiver</help>
<valueHelp>
<format>u32:1-256</format>
<description>Number of threads</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-256"/>
</constraint>
</properties>
</leafNode>
<leafNode name="udp-affinity">
<properties>
<help>List of cores worker threads</help>
<valueHelp>
<format><idN>-<idM></format>
<description>CPU core id range (use '-' as delimiter)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--allow-range --range 0-255"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/service_config-sync.xml.in b/interface-definitions/service_config-sync.xml.in
index 648c14aee..af4e8ed51 100644
--- a/interface-definitions/service_config-sync.xml.in
+++ b/interface-definitions/service_config-sync.xml.in
@@ -1,528 +1,529 @@
<?xml version="1.0" encoding="UTF-8"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config-sync.py">
<properties>
<help>Configuration synchronization</help>
+ <priority>10000</priority>
</properties>
<children>
<node name="secondary">
<properties>
<help>Secondary server parameters</help>
</properties>
<children>
<leafNode name="address">
<properties>
<help>IP address</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address to match</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>IPv6 address to match</description>
</valueHelp>
<valueHelp>
<format>hostname</format>
<description>FQDN address to match</description>
</valueHelp>
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
<validator name="fqdn"/>
</constraint>
</properties>
</leafNode>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>443</defaultValue>
</leafNode>
<leafNode name="timeout">
<properties>
<help>Connection API timeout</help>
<valueHelp>
<format>u32:1-3600</format>
<description>Connection API timeout</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-3600"/>
</constraint>
</properties>
<defaultValue>60</defaultValue>
</leafNode>
<leafNode name="key">
<properties>
<help>HTTP API key</help>
</properties>
</leafNode>
</children>
</node>
<leafNode name="mode">
<properties>
<help>Synchronization mode</help>
<completionHelp>
<list>load set</list>
</completionHelp>
<valueHelp>
<format>load</format>
<description>Load and replace configuration section</description>
</valueHelp>
<valueHelp>
<format>set</format>
<description>Set configuration section</description>
</valueHelp>
<constraint>
<regex>(load|set)</regex>
</constraint>
</properties>
</leafNode>
<node name="section">
<properties>
<help>Section for synchronization</help>
</properties>
<children>
<leafNode name="firewall">
<properties>
<help>Firewall</help>
<valueless/>
</properties>
</leafNode>
<node name="interfaces">
<properties>
<help>Interfaces</help>
</properties>
<children>
<leafNode name="bonding">
<properties>
<help>Bonding interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="bridge">
<properties>
<help>Bridge interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="dummy">
<properties>
<help>Dummy interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ethernet">
<properties>
<help>Ethernet interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="geneve">
<properties>
<help>GENEVE interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="input">
<properties>
<help>Input interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="l2tpv3">
<properties>
<help>L2TPv3 interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="loopback">
<properties>
<help>Loopback interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="macsec">
<properties>
<help>MACsec interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="openvpn">
<properties>
<help>OpenVPN interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="pppoe">
<properties>
<help>PPPoE interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="pseudo-ethernet">
<properties>
<help>Pseudo-Ethernet interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="sstpc">
<properties>
<help>SSTP client interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="tunnel">
<properties>
<help>Tunnel interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="virtual-ethernet">
<properties>
<help>Virtual Ethernet interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="vti">
<properties>
<help>Virtual tunnel interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="vxlan">
<properties>
<help>VXLAN interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="wireguard">
<properties>
<help>Wireguard interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="wireless">
<properties>
<help>Wireless interface</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="wwan">
<properties>
<help>WWAN interface</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="nat">
<properties>
<help>NAT</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="nat66">
<properties>
<help>NAT66</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="pki">
<properties>
<help>Public key infrastructure (PKI)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="policy">
<properties>
<help>Routing policy</help>
<valueless/>
</properties>
</leafNode>
<node name="protocols">
<properties>
<help>Routing protocols</help>
</properties>
<children>
<leafNode name="babel">
<properties>
<help>Babel Routing Protocol</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="bfd">
<properties>
<help>Bidirectional Forwarding Detection (BFD)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="bgp">
<properties>
<help>Border Gateway Protocol (BGP)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="failover">
<properties>
<help>Failover route</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="igmp-proxy">
<properties>
<help>Internet Group Management Protocol (IGMP) proxy</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="isis">
<properties>
<help>Intermediate System to Intermediate System (IS-IS)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="mpls">
<properties>
<help>Multiprotocol Label Switching (MPLS)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="nhrp">
<properties>
<help>Next Hop Resolution Protocol (NHRP) parameters</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ospf">
<properties>
<help>Open Shortest Path First (OSPF)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ospfv3">
<properties>
<help>Open Shortest Path First (OSPF) for IPv6</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="pim">
<properties>
<help>Protocol Independent Multicast (PIM) and IGMP</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="pim6">
<properties>
<help>Protocol Independent Multicast for IPv6 (PIMv6) and MLD</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="rip">
<properties>
<help>Routing Information Protocol (RIP) parameters</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ripng">
<properties>
<help>Routing Information Protocol (RIPng) parameters</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="rpki">
<properties>
<help>Resource Public Key Infrastructure (RPKI)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="segment-routing">
<properties>
<help>Segment Routing</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="static">
<properties>
<help>Static Routing</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<node name="qos">
<properties>
<help>Quality of Service (QoS)</help>
</properties>
<children>
<leafNode name="interface">
<properties>
<help>Interface to apply QoS policy</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="policy">
<properties>
<help>Service Policy definitions</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<node name="service">
<properties>
<help>System services</help>
</properties>
<children>
<leafNode name="console-server">
<properties>
<help>Serial Console Server</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="dhcp-relay">
<properties>
<help>Host Configuration Protocol (DHCP) relay agent</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="dhcp-server">
<properties>
<help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="dhcpv6-relay">
<properties>
<help>DHCPv6 Relay Agent parameters</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="dhcpv6-server">
<properties>
<help>DHCP for IPv6 (DHCPv6) server</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="dns">
<properties>
<help>Domain Name System (DNS) related services</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="lldp">
<properties>
<help>LLDP settings</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="mdns">
<properties>
<help>Multicast DNS (mDNS) parameters</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="monitoring">
<properties>
<help>Monitoring services</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ndp-proxy">
<properties>
<help>Neighbor Discovery Protocol (NDP) Proxy</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ntp">
<properties>
<help>Network Time Protocol (NTP) configuration</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="snmp">
<properties>
<help>Simple Network Management Protocol (SNMP)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="tftp-server">
<properties>
<help>Trivial File Transfer Protocol (TFTP) server</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="webproxy">
<properties>
<help>Webproxy service settings</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<node name="system">
<properties>
<help>System parameters</help>
</properties>
<children>
<leafNode name="conntrack">
<properties>
<help>Connection Tracking</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="flow-accounting">
<properties>
<help>Flow accounting</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="option">
<properties>
<help>System Options</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="sflow">
<properties>
<help>sFlow</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="static-host-mapping">
<properties>
<help>Map host names to addresses</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="sysctl">
<properties>
<help>Configure kernel parameters at runtime</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="time-zone">
<properties>
<help>Local time zone</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="vpn">
<properties>
<help>Virtual Private Network (VPN)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="vrf">
<properties>
<help>Virtual Routing and Forwarding</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in
index fc6dbe954..68835dafd 100644
--- a/interface-definitions/service_console-server.xml.in
+++ b/interface-definitions/service_console-server.xml.in
@@ -1,100 +1,101 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="console-server" owner="${vyos_conf_scripts_dir}/service_console-server.py">
<properties>
<help>Serial Console Server</help>
+ <priority>2</priority>
</properties>
<children>
<tagNode name="device">
<properties>
<help>System serial interface name (ttyS or ttyUSB)</help>
<completionHelp>
<script>ls -1 /dev | grep ttyS</script>
<script>if [ -d /dev/serial/by-bus ]; then ls -1 /dev/serial/by-bus; fi</script>
</completionHelp>
<valueHelp>
<format>ttySxxx</format>
<description>Regular serial interface</description>
</valueHelp>
<valueHelp>
<format>usbxbxpx</format>
<description>USB based serial interface</description>
</valueHelp>
<constraint>
<regex>(ttyS\d+|usb\d+b.*p.*)</regex>
</constraint>
</properties>
<children>
#include <include/generic-description.xml.i>
<leafNode name="alias">
<properties>
<help>Human-readable name for this console</help>
<constraint>
<regex>[-_a-zA-Z0-9.]{1,128}</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="speed">
<properties>
<help>Serial port baud rate</help>
<completionHelp>
<list>300 1200 2400 4800 9600 19200 38400 57600 115200</list>
</completionHelp>
<constraint>
<regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="data-bits">
<properties>
<help>Serial port data bits</help>
<completionHelp>
<list>7 8</list>
</completionHelp>
<constraint>
<validator name="numeric" argument="--range 7-8"/>
</constraint>
</properties>
<defaultValue>8</defaultValue>
</leafNode>
<leafNode name="stop-bits">
<properties>
<help>Serial port stop bits</help>
<completionHelp>
<list>1 2</list>
</completionHelp>
<constraint>
<validator name="numeric" argument="--range 1-2"/>
</constraint>
</properties>
<defaultValue>1</defaultValue>
</leafNode>
<leafNode name="parity">
<properties>
<help>Parity setting</help>
<completionHelp>
<list>even odd none</list>
</completionHelp>
<constraint>
<regex>(even|odd|none)</regex>
</constraint>
</properties>
<defaultValue>none</defaultValue>
</leafNode>
<node name="ssh">
<properties>
<help>SSH remote access to this console</help>
</properties>
<children>
#include <include/port-number.xml.i>
</children>
</node>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/service_event-handler.xml.in b/interface-definitions/service_event-handler.xml.in
index 2cee4f595..41540816b 100644
--- a/interface-definitions/service_event-handler.xml.in
+++ b/interface-definitions/service_event-handler.xml.in
@@ -1,70 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event-handler.py">
<properties>
<help>Service event handler</help>
+ <priority>2</priority>
</properties>
<children>
<tagNode name="event">
<properties>
<help>Event handler name</help>
</properties>
<children>
<node name="filter">
<properties>
<help>Logs filter settings</help>
</properties>
<children>
<leafNode name="pattern">
<properties>
<help>Match pattern (regex)</help>
</properties>
</leafNode>
<leafNode name="syslog-identifier">
<properties>
<help>Identifier of a process in syslog (string)</help>
</properties>
</leafNode>
</children>
</node>
<node name="script">
<properties>
<help>Event handler script file</help>
</properties>
<children>
<leafNode name="arguments">
<properties>
<help>Script arguments</help>
</properties>
</leafNode>
<tagNode name="environment">
<properties>
<help>Script environment arguments</help>
</properties>
<children>
<leafNode name="value">
<properties>
<help>Environment value</help>
</properties>
</leafNode>
</children>
</tagNode>
<leafNode name="path">
<properties>
<help>Path to the script</help>
<constraint>
<validator name="script"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
index 4d694114a..2624023ea 100644
--- a/interface-definitions/service_monitoring_telegraf.xml.in
+++ b/interface-definitions/service_monitoring_telegraf.xml.in
@@ -1,284 +1,284 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="monitoring">
<properties>
<help>Monitoring services</help>
- <priority>1280</priority>
</properties>
<children>
<node name="telegraf" owner="${vyos_conf_scripts_dir}/service_monitoring_telegraf.py">
<properties>
<help>Telegraf metric collector</help>
+ <priority>1280</priority>
</properties>
<children>
<node name="influxdb">
<properties>
<help>Output plugin InfluxDB</help>
</properties>
<children>
<node name="authentication">
<properties>
<help>Authentication parameters</help>
</properties>
<children>
<leafNode name="organization">
<properties>
<help>Authentication organization for InfluxDB v2</help>
<constraint>
<regex>[a-zA-Z][1-9a-zA-Z@_\-.]{2,50}</regex>
</constraint>
<constraintErrorMessage>Organization name must be alphanumeric and can contain hyphens, underscores and at symbol.</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="token">
<properties>
<help>Authentication token for InfluxDB v2</help>
<valueHelp>
<format>txt</format>
<description>Authentication token</description>
</valueHelp>
<constraint>
<regex>[a-zA-Z0-9-_]{86}==</regex>
</constraint>
<constraintErrorMessage>Token must be 88 characters long and must contain only [a-zA-Z0-9-_] and '==' characters.</constraintErrorMessage>
</properties>
</leafNode>
</children>
</node>
<leafNode name="bucket">
<properties>
<help>Remote bucket</help>
</properties>
<defaultValue>main</defaultValue>
</leafNode>
#include <include/url-http-https.xml.i>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>8086</defaultValue>
</leafNode>
</children>
</node>
<node name="azure-data-explorer">
<properties>
<help>Output plugin Azure Data Explorer</help>
</properties>
<children>
<node name="authentication">
<properties>
<help>Authentication parameters</help>
</properties>
<children>
<leafNode name="client-id">
<properties>
<help>Application client id</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Client-id is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="client-secret">
<properties>
<help>Application client secret</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Client-secret is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="tenant-id">
<properties>
<help>Set tenant id</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
</properties>
</leafNode>
</children>
</node>
<leafNode name="database">
<properties>
<help>Remote database name</help>
<valueHelp>
<format>txt</format>
<description>Remote database name</description>
</valueHelp>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Database is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="group-metrics">
<properties>
<help>Type of metrics grouping when push to Azure Data Explorer</help>
<completionHelp>
<list>single-table table-per-metric</list>
</completionHelp>
<valueHelp>
<format>single-table</format>
<description>Metrics stores in one table</description>
</valueHelp>
<valueHelp>
<format>table-per-metric</format>
<description>One table per gorups of metric by the metric name</description>
</valueHelp>
<constraint>
<regex>(single-table|table-per-metric)</regex>
</constraint>
</properties>
<defaultValue>table-per-metric</defaultValue>
</leafNode>
<leafNode name="table">
<properties>
<help>Name of the single table [Only if set group-metrics single-table]</help>
<valueHelp>
<format>txt</format>
<description>Table name</description>
</valueHelp>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
<constraintErrorMessage>Table is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage>
</properties>
</leafNode>
#include <include/url-http-https.xml.i>
</children>
</node>
<leafNode name="source">
<properties>
<help>Source parameters for monitoring</help>
<completionHelp>
<list>all hardware-utilization logs network system telegraf</list>
</completionHelp>
<valueHelp>
<format>all</format>
<description>All parameters</description>
</valueHelp>
<valueHelp>
<format>hardware-utilization</format>
<description>Hardware-utilization parameters (CPU, disk, memory)</description>
</valueHelp>
<valueHelp>
<format>logs</format>
<description>Logs parameters</description>
</valueHelp>
<valueHelp>
<format>network</format>
<description>Network parameters (net, netstat, nftables)</description>
</valueHelp>
<valueHelp>
<format>system</format>
<description>System parameters (system, processes, interrupts)</description>
</valueHelp>
<valueHelp>
<format>telegraf</format>
<description>Telegraf internal statistics</description>
</valueHelp>
<constraint>
<regex>(all|hardware-utilization|logs|network|system|telegraf)</regex>
</constraint>
<multi/>
</properties>
<defaultValue>all</defaultValue>
</leafNode>
<node name="prometheus-client">
<properties>
<help>Output plugin Prometheus client</help>
</properties>
<children>
<node name="authentication">
<properties>
<help>HTTP basic authentication parameters</help>
</properties>
<children>
<leafNode name="username">
<properties>
<help>Authentication username</help>
</properties>
</leafNode>
<leafNode name="password">
<properties>
<help>Authentication password</help>
<valueHelp>
<format>txt</format>
<description>Authentication password</description>
</valueHelp>
</properties>
</leafNode>
</children>
</node>
<leafNode name="allow-from">
<properties>
<help>Networks allowed to query this server</help>
<valueHelp>
<format>ipv4net</format>
<description>IP address and prefix length</description>
</valueHelp>
<valueHelp>
<format>ipv6net</format>
<description>IPv6 address and prefix length</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ip-prefix"/>
</constraint>
</properties>
</leafNode>
#include <include/listen-address-single.xml.i>
<leafNode name="metric-version">
<properties>
<help>Metric version control mapping from Telegraf to Prometheus format</help>
<valueHelp>
<format>u32:1-2</format>
<description>Metric version (default: 2)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-2"/>
</constraint>
</properties>
<defaultValue>2</defaultValue>
</leafNode>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>9273</defaultValue>
</leafNode>
</children>
</node>
<node name="splunk">
<properties>
<help>Output plugin Splunk</help>
</properties>
<children>
<node name="authentication">
<properties>
<help>HTTP basic authentication parameters</help>
</properties>
<children>
<leafNode name="token">
<properties>
<help>Authorization token</help>
</properties>
</leafNode>
<leafNode name="insecure">
<properties>
<help>Use TLS but skip host validation</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
#include <include/url-http-https.xml.i>
</children>
</node>
#include <include/interface/vrf.xml.i>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/service_monitoring_zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in
index 40f2df642..3754e9145 100644
--- a/interface-definitions/service_monitoring_zabbix-agent.xml.in
+++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in
@@ -1,193 +1,194 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="monitoring">
<children>
<node name="zabbix-agent" owner="${vyos_conf_scripts_dir}/service_monitoring_zabbix-agent.py">
<properties>
<help>Zabbix-agent settings</help>
+ <priority>1280</priority>
</properties>
<children>
<leafNode name="directory">
<properties>
<help>Folder containing individual Zabbix-agent configuration files</help>
<constraint>
<validator name="file-path" argument="--directory"/>
</constraint>
</properties>
</leafNode>
<leafNode name="host-name">
<properties>
<help>Zabbix agent hostname</help>
<constraint>
#include <include/constraint/host-name.xml.i>
</constraint>
<constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
</properties>
</leafNode>
<node name="limits">
<properties>
<help>Limit settings</help>
</properties>
<children>
<leafNode name="buffer-flush-interval">
<properties>
<help>Do not keep data longer than N seconds in buffer</help>
<valueHelp>
<format>u32:1-3600</format>
<description>Seconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-3600"/>
</constraint>
<constraintErrorMessage>buffer-flush-interval must be between 1 and 3600 seconds</constraintErrorMessage>
</properties>
<defaultValue>5</defaultValue>
</leafNode>
<leafNode name="buffer-size">
<properties>
<help>Maximum number of values in a memory buffer</help>
<valueHelp>
<format>u32:2-65535</format>
<description>Maximum number of values in a memory buffer</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 2-65535"/>
</constraint>
<constraintErrorMessage>Buffer-size must be between 2 and 65535</constraintErrorMessage>
</properties>
<defaultValue>100</defaultValue>
</leafNode>
</children>
</node>
<node name="log">
<properties>
<help>Log settings</help>
</properties>
<children>
<leafNode name="debug-level">
<properties>
<help>Debug level</help>
<completionHelp>
<list>basic critical error warning debug extended-debug</list>
</completionHelp>
<valueHelp>
<format>basic</format>
<description>Basic information</description>
</valueHelp>
<valueHelp>
<format>critical</format>
<description>Critical information</description>
</valueHelp>
<valueHelp>
<format>error</format>
<description>Error information</description>
</valueHelp>
<valueHelp>
<format>warning</format>
<description>Warnings</description>
</valueHelp>
<valueHelp>
<format>debug</format>
<description>Debug information</description>
</valueHelp>
<valueHelp>
<format>extended-debug</format>
<description>Extended debug information</description>
</valueHelp>
<constraint>
<regex>(basic|critical|error|warning|debug|extended-debug)</regex>
</constraint>
</properties>
<defaultValue>warning</defaultValue>
</leafNode>
<leafNode name="remote-commands">
<properties>
<help>Enable logging of executed shell commands as warnings</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="size">
<properties>
<help>Log file size in megabytes</help>
<valueHelp>
<format>u32:0-1024</format>
<description>Megabytes</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-1024"/>
</constraint>
<constraintErrorMessage>Size must be between 0 and 1024 Megabytes</constraintErrorMessage>
</properties>
<defaultValue>0</defaultValue>
</leafNode>
</children>
</node>
#include <include/listen-address.xml.i>
<leafNode name="listen-address">
<defaultValue>0.0.0.0</defaultValue>
</leafNode>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>10050</defaultValue>
</leafNode>
<leafNode name="server">
<properties>
<help>Remote server to connect to</help>
<valueHelp>
<format>ipv4</format>
<description>Server IPv4 address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>Server IPv6 address</description>
</valueHelp>
<valueHelp>
<format>hostname</format>
<description>Server hostname/FQDN</description>
</valueHelp>
<multi/>
</properties>
</leafNode>
<tagNode name="server-active">
<properties>
<help>Remote server address to get active checks from</help>
<valueHelp>
<format>ipv4</format>
<description>Server IPv4 address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>Server IPv6 address</description>
</valueHelp>
<valueHelp>
<format>hostname</format>
<description>Server hostname/FQDN</description>
</valueHelp>
</properties>
<children>
#include <include/port-number.xml.i>
</children>
</tagNode>
<leafNode name="timeout">
<properties>
<help>Item processing timeout in seconds</help>
<valueHelp>
<format>u32:1-30</format>
<description>Item processing timeout</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-30"/>
</constraint>
<constraintErrorMessage>Timeout must be between 1 and 30 seconds</constraintErrorMessage>
</properties>
<defaultValue>3</defaultValue>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/service_sla.xml.in b/interface-definitions/service_sla.xml.in
index 0c4f8a591..2cd68195a 100644
--- a/interface-definitions/service_sla.xml.in
+++ b/interface-definitions/service_sla.xml.in
@@ -1,36 +1,37 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="sla" owner="${vyos_conf_scripts_dir}/service_sla.py">
<properties>
<help>Service level agreement (SLA)</help>
+ <priority>2</priority>
</properties>
<children>
<node name="owamp-server">
<properties>
<help>One-way active measurement protocol (OWAMP) server</help>
</properties>
<children>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>861</defaultValue>
</leafNode>
</children>
</node>
<node name="twamp-server">
<properties>
<help>Two-way active measurement protocol (TWAMP) server</help>
</properties>
<children>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>862</defaultValue>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/system_login_banner.xml.in b/interface-definitions/system_login_banner.xml.in
index 211505ae4..c90e38c3c 100644
--- a/interface-definitions/system_login_banner.xml.in
+++ b/interface-definitions/system_login_banner.xml.in
@@ -1,32 +1,33 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="system">
<children>
<node name="login" owner="${vyos_conf_scripts_dir}/system_login.py">
<properties>
<help>System User Login Configuration</help>
<priority>400</priority>
</properties>
<children>
<node name="banner" owner="${vyos_conf_scripts_dir}/system_login_banner.py">
<properties>
<help>System login banners</help>
+ <priority>410</priority>
</properties>
<children>
<leafNode name="post-login">
<properties>
<help>A system banner after the user logs in </help>
</properties>
</leafNode>
<leafNode name="pre-login">
<properties>
<help>A system banner before the user logs in</help>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/system_proxy.xml.in b/interface-definitions/system_proxy.xml.in
index 214534dbb..5b0df5c70 100644
--- a/interface-definitions/system_proxy.xml.in
+++ b/interface-definitions/system_proxy.xml.in
@@ -1,25 +1,26 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="system">
<children>
<node name="proxy" owner="${vyos_conf_scripts_dir}/system_proxy.py">
<properties>
<help>Sets a proxy for system wide use</help>
+ <priority>100</priority>
</properties>
<children>
<leafNode name="url">
<properties>
<help>Proxy URL</help>
<constraint>
<regex>http(s)?:\/\/[a-z0-9-\.]+</regex>
</constraint>
</properties>
</leafNode>
#include <include/port-number.xml.i>
#include <include/generic-username.xml.i>
#include <include/generic-password.xml.i>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/scripts/build-command-templates b/scripts/build-command-templates
index 2e7f8b994..36929abb2 100755
--- a/scripts/build-command-templates
+++ b/scripts/build-command-templates
@@ -1,338 +1,348 @@
#!/usr/bin/env python3
#
# build-command-template: converts new style command definitions in XML
# to the old style (bunch of dirs and node.def's) command templates
#
# Copyright (C) 2017 VyOS maintainers <maintainers@vyos.net>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
# USA
import sys
import os
import argparse
import copy
import functools
from lxml import etree as ET
from textwrap import fill
# Defaults
#validator_dir = "/usr/libexec/vyos/validators"
validator_dir = "${vyos_validators_dir}"
default_constraint_err_msg = "Invalid value"
## Get arguments
parser = argparse.ArgumentParser(description='Converts new-style XML interface definitions to old-style command templates')
parser.add_argument('--debug', help='Enable debug information output', action='store_true')
parser.add_argument('INPUT_FILE', type=str, help="XML interface definition file")
parser.add_argument('SCHEMA_FILE', type=str, help="RelaxNG schema file")
parser.add_argument('OUTPUT_DIR', type=str, help="Output directory")
args = parser.parse_args()
input_file = args.INPUT_FILE
schema_file = args.SCHEMA_FILE
output_dir = args.OUTPUT_DIR
debug = args.debug
#debug = True
## Load and validate the inputs
try:
xml = ET.parse(input_file)
except Exception as e:
print("Failed to load interface definition file {0}".format(input_file))
print(e)
sys.exit(1)
try:
relaxng_xml = ET.parse(schema_file)
validator = ET.RelaxNG(relaxng_xml)
if not validator.validate(xml):
print(validator.error_log)
print("Interface definition file {0} does not match the schema!".format(input_file))
sys.exit(1)
except Exception as e:
print("Failed to load the XML schema {0}".format(schema_file))
print(e)
sys.exit(1)
if not os.access(output_dir, os.W_OK):
print("The output directory {0} is not writeable".format(output_dir))
sys.exit(1)
## If we got this far, everything must be ok and we can convert the file
def make_path(l):
path = functools.reduce(os.path.join, l)
if debug:
print(path)
return path
def collect_validators(ve):
regexes = []
regex_elements = ve.findall("regex")
if regex_elements is not None:
regexes = list(map(lambda e: e.text.strip().replace('\\','\\\\'), regex_elements))
if "" in regexes:
print("Warning: empty regex, node will be accepting any value")
validator_elements = ve.findall("validator")
validators = []
if validator_elements is not None:
for v in validator_elements:
v_name = os.path.join(validator_dir, v.get("name"))
# XXX: lxml returns None for empty arguments
v_argument = None
try:
v_argument = v.get("argument")
except:
pass
if v_argument is None:
v_argument = ""
validators.append("{0} {1}".format(v_name, v_argument))
regex_args = " ".join(map(lambda s: "--regex \\\'{0}\\\'".format(s), regexes))
validator_args = " ".join(map(lambda s: "--exec \\\"{0}\\\"".format(s), validators))
return regex_args + " " + validator_args
def get_properties(p, default=None):
props = {}
if p is None:
return props
# Get the help string
try:
help = p.find("help").text
if default != None:
# DNS forwarding for instance has multiple defaults - specified as whitespace separated list
tmp = ', '.join(default.text.split())
help += f' (default: {tmp})'
help = fill(help, width=64, subsequent_indent='\t\t\t')
props["help"] = help
except:
pass
# Get value help strings
try:
vhe = p.findall("valueHelp")
vh = []
for v in vhe:
format = v.find("format").text
description = v.find("description").text
if default != None and default.text == format:
description += f' (default)'
# Is no description was specified, keep it empty
if not description: description = ''
vh.append( (format, description) )
props["val_help"] = vh
except:
props["val_help"] = []
# Get the constraint and constraintGroup statements
error_msg = default_constraint_err_msg
# Get the error message if it's there
try:
error_msg = p.find("constraintErrorMessage").text
except:
pass
vce = p.find("constraint")
distinct_validator_string = ""
if vce is not None:
# The old backend doesn't support multiple validators in OR mode
# so we emulate it
distinct_validator_string = collect_validators(vce)
vcge = p.findall("constraintGroup")
group_validator_string = ""
if len(vcge):
for vcg in vcge:
group_validator_string = group_validator_string + " --grp " + collect_validators(vcg)
if vce is not None or len(vcge):
validator_script = '${vyos_libexec_dir}/validate-value'
validator_string = "exec \"{0} {1} {2} --value \\\'$VAR(@)\\\'\"; \"{3}\"".format(validator_script, distinct_validator_string, group_validator_string, error_msg)
props["constraint"] = validator_string
# Get the completion help strings
try:
che = p.findall("completionHelp")
ch = ""
for c in che:
scripts = c.findall("script")
paths = c.findall("path")
lists = c.findall("list")
# Current backend doesn't support multiple allowed: tags
# so we get to emulate it
comp_exprs = []
for i in lists:
comp_exprs.append(f'echo "{i.text}"')
for i in paths:
comp_exprs.append(f'/bin/cli-shell-api listNodes {i.text}')
for i in scripts:
comp_exprs.append(f'sh -c "{i.text}"')
comp_help = ' && echo " " && '.join(comp_exprs)
props["comp_help"] = comp_help
except:
props["comp_help"] = []
# Get priority
try:
props["priority"] = p.find("priority").text
except:
pass
# Get "multi"
if p.find("multi") is not None:
props["multi"] = True
# Get "valueless"
if p.find("valueless") is not None:
props["valueless"] = True
return props
def make_node_def(props):
# XXX: replace with a template processor if it grows
# out of control
node_def = ""
if "tag" in props:
node_def += "tag:\n"
if "multi" in props:
node_def += "multi:\n"
if "type" in props:
# Will always be txt in practice if it's set
node_def += "type: {0}\n".format(props["type"])
if "priority" in props:
node_def += "priority: {0}\n".format(props["priority"])
if "help" in props:
node_def += "help: {0}\n".format(props["help"])
if "val_help" in props:
for v in props["val_help"]:
node_def += "val_help: {0}; {1}\n".format(v[0], v[1])
if "comp_help" in props:
node_def += "allowed: {0}\n".format(props["comp_help"])
if "constraint" in props:
node_def += "syntax:expression: {0}\n".format(props["constraint"])
shim = '${vyshim}'
if "owner" in props:
if "tag" in props:
node_def += "end: sudo sh -c \"{1} VYOS_TAGNODE_VALUE='$VAR(@)' {0}\"\n".format(props["owner"], shim)
else:
node_def += "end: sudo sh -c \"{1} {0}\"\n".format(props["owner"], shim)
if debug:
print("The contents of the node.def file:\n", node_def)
return node_def
def process_node(n, tmpl_dir):
# Avoid mangling the path from the outer call
my_tmpl_dir = copy.copy(tmpl_dir)
props_elem = n.find("properties")
children = n.find("children")
name = n.get("name")
owner = n.get("owner")
node_type = n.tag
my_tmpl_dir.append(name)
if debug:
print("Name of the node: {0}. Created directory: {1}\n".format(name, "/".join(my_tmpl_dir)), end="")
os.makedirs(make_path(my_tmpl_dir), exist_ok=True)
props = get_properties(props_elem, n.find("defaultValue"))
if owner:
props["owner"] = owner
+ # <priority> tag is mandatory if the parent node has an owner
+ if "priority" not in props:
+ raise ValueError(
+ f"<priority> tag should be set for the node <{name}> path '{' '.join(my_tmpl_dir[1:])}'"
+ )
+
# Type should not be set for non-tag, non-leaf nodes
# For non-valueless leaf nodes, set the type to txt: to make them have some type,
# actual value validation is handled by constraints translated to syntax:expression:
if node_type != "node":
if "valueless" not in props.keys():
props["type"] = "txt"
if node_type == "tagNode":
props["tag"] = "True"
if node_type != "leafNode":
if "multi" in props:
raise ValueError("<multi/> tag is only allowed in <leafNode>")
if "valueless" in props:
raise ValueError("<valueless/> is only allowed in <leafNode>")
nodedef_path = os.path.join(make_path(my_tmpl_dir), "node.def")
# Only create the "node.def" file if it exists but is empty, or if it does
# not exist at all. An empty node.def file could be generated by XML paths
# that derive from one another bot having a common base structure like
# "protocols static"
if not os.path.exists(nodedef_path) or os.path.getsize(nodedef_path) == 0:
with open(nodedef_path, "w") as f:
f.write(make_node_def(props))
if node_type == "node":
inner_nodes = children.iterfind("*")
for inner_n in inner_nodes:
process_node(inner_n, my_tmpl_dir)
if node_type == "tagNode":
my_tmpl_dir.append("node.tag")
if debug:
print("Created path for the tagNode:", end="")
os.makedirs(make_path(my_tmpl_dir), exist_ok=True)
inner_nodes = children.iterfind("*")
for inner_n in inner_nodes:
process_node(inner_n, my_tmpl_dir)
else:
# This is a leaf node
pass
root = xml.getroot()
nodes = root.iterfind("*")
for n in nodes:
if n.tag == "syntaxVersion":
continue
- process_node(n, [output_dir])
+ try:
+ process_node(n, [output_dir])
+ except ValueError as e:
+ print(e)
+ sys.exit(1)