ehmry/genode
ehmry/genode
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3db7181104
genode/repos/os/src/server/nic_router/config.xsd
Martin Stein 3db7181104 nic_router: limit packets handled per signal 
Make it configurable how many packets get handled at a max per signal to
prevent DoS attacks by clients.

Issue #2953
2018-10-29 09:36:21 +01:00

150 lines
5.5 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:include schemaLocation="base_types.xsd"/>
<xs:include schemaLocation="net_types.xsd"/>
<xs:include schemaLocation="timeout_types.xsd"/>
<xs:simpleType name="Domain_name">
<xs:restriction base="xs:string">
<xs:minLength value="1"/>
<xs:maxLength value="160"/>
</xs:restriction>
</xs:simpleType><!-- Domain_name -->
<xs:simpleType name="Nr_of_ports">
<xs:restriction base="xs:integer">
<xs:minInclusive value="1"/>
<xs:maxInclusive value="65536"/>
</xs:restriction>
</xs:simpleType><!-- Nr_of_ports -->
<xs:complexType name="L2_rule">
<xs:attribute name="dst" type="Ipv4_address_prefix" />
<xs:attribute name="domain" type="Domain_name" />
</xs:complexType><!-- L2_rule -->
<xs:complexType name="L3_rule">
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name="permit">
<xs:complexType>
<xs:attribute name="port" type="Port" />
<xs:attribute name="domain" type="Domain_name" />
</xs:complexType>
</xs:element><!-- permit -->
<xs:element name="permit-any">
<xs:complexType>
<xs:attribute name="domain" type="Domain_name" />
</xs:complexType>
</xs:element><!-- permit-any -->
</xs:choice>
<xs:attribute name="dst" type="Ipv4_address_prefix" />
</xs:complexType><!-- L3_rule -->
<xs:complexType name="L3_forward_rule">
<xs:attribute name="port" type="Port" />
<xs:attribute name="domain" type="Domain_name" />
<xs:attribute name="to" type="Ipv4_address" />
</xs:complexType><!-- L3_forward_rule -->
<xs:element name="config">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name="report">
<xs:complexType>
<xs:attribute name="config" type="Boolean" />
<xs:attribute name="config_triggers" type="Boolean" />
<xs:attribute name="bytes" type="Boolean" />
<xs:attribute name="interval_sec" type="Seconds" />
</xs:complexType>
</xs:element><!-- report -->
<xs:element name="default-policy">
<xs:complexType>
<xs:attribute name="domain" type="Domain_name" />
</xs:complexType>
</xs:element><!-- default-policy -->
<xs:element name="policy">
<xs:complexType>
<xs:complexContent>
<xs:extension base="Session_policy">
<xs:attribute name="domain" type="Domain_name" />
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element><!-- policy -->
<xs:element name="uplink">
<xs:complexType>
<xs:attribute name="label" type="Session_label" />
<xs:attribute name="domain" type="Domain_name" />
</xs:complexType>
</xs:element><!-- uplink -->
<xs:element name="domain">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name="ip" type="L2_rule" />
<xs:element name="icmp" type="L2_rule" />
<xs:element name="nat">
<xs:complexType>
<xs:attribute name="icmp-ids" type="Nr_of_ports" />
<xs:attribute name="tcp-ports" type="Nr_of_ports" />
<xs:attribute name="udp-ports" type="Nr_of_ports" />
<xs:attribute name="domain" type="Domain_name" />
</xs:complexType>
</xs:element><!-- nat -->
<xs:element name="dhcp-server">
<xs:complexType>
<xs:attribute name="ip_first" type="Ipv4_address" />
<xs:attribute name="ip_last" type="Ipv4_address" />
<xs:attribute name="ip_lease_time_sec" type="Seconds" />
<xs:attribute name="dns_server" type="Ipv4_address" />
<xs:attribute name="dns_server_from" type="Domain_name" />
</xs:complexType>
</xs:element><!-- dhcp-server -->
<xs:element name="tcp" type="L3_rule" />
<xs:element name="udp" type="L3_rule" />
<xs:element name="tcp-forward" type="L3_forward_rule" />
<xs:element name="udp-forward" type="L3_forward_rule" />
</xs:choice>
<xs:attribute name="name" type="Domain_name" />
<xs:attribute name="interface" type="Ipv4_address_prefix" />
<xs:attribute name="gateway" type="Ipv4_address" />
<xs:attribute name="verbose_packets" type="Boolean" />
<xs:attribute name="verbose_packet_drop" type="Boolean" />
<xs:attribute name="label" type="Session_label" />
<xs:attribute name="icmp_echo_server" type="Boolean" />
</xs:complexType>
</xs:element><!-- domain -->
</xs:choice>
<xs:attribute name="max_packets_per_signal" type="xs:nonNegativeInteger" />
<xs:attribute name="verbose" type="Boolean" />
<xs:attribute name="verbose_packets" type="Boolean" />
<xs:attribute name="verbose_packet_drop" type="Boolean" />
<xs:attribute name="verbose_domain_state" type="Boolean" />
<xs:attribute name="dhcp_discover_timeout_sec" type="Seconds" />
<xs:attribute name="dhcp_request_timeout_sec" type="Seconds" />
<xs:attribute name="dhcp_offer_timeout_sec" type="Seconds" />
<xs:attribute name="udp_idle_timeout_sec" type="Seconds" />
<xs:attribute name="tcp_idle_timeout_sec" type="Seconds" />
<xs:attribute name="icmp_idle_timeout_sec" type="Seconds" />
<xs:attribute name="tcp_max_segm_lifetime_sec" type="Seconds" />
<xs:attribute name="icmp_echo_server" type="Boolean" />
<xs:attribute name="ld_verbose" type="Boolean" />
</xs:complexType>
</xs:element><!-- config -->
</xs:schema>
Reference in New Issue View Git Blame Copy Permalink