[Improvement][CE] L4xnat: Add parameters configuration in global.conf…

… for SIP protocol

A variable is added to configure parameters when nf_conntrack_sip module is loaded.

Signed-off-by: Antonio Rendon <[email protected]>

	modified:   usr/local/zevenet/share/global.conf.template
	modified:   usr/share/perl5/Zevenet/Farm/L4xNAT/Config.pm

usr/local/zevenet/share/global.conf.template

@@ -410,6 +410,8 @@ $ipv6_enabled="false";
 ## L4xNat - netfilter
 # Maximum recent ip list
 # Recent ip hash
+# SIP Module Parameters
+$l4xnat_sip_params="";#update
 
 
 #FarmGuardian binary, create advanced check for backend servers

usr/local/zevenet/zapi-model/v4.0/json/blacklist-modify.json

@@ -69,6 +69,9 @@
          "non_blank" : "true",
          "ref" : "array"
       },
+      "time" : {
+         "ref" : "hash"
+      },
       "unit" : {
          "depend_on" : "type==remote && frequency_type==period",
          "description" : "Period unit. The options are: minutes or hours, indicate the unit of measurement for the list updates.",

usr/local/zevenet/zapi-model/v4.0/json/farm_http_service-modify.json

@@ -108,7 +108,8 @@
          "is_regex" : "true"
       },
       "vhost" : {
-         "is_regex" : "true"
+         "is_regex" : "true",
+         "negated_regex" : "(?^:^\\^)"
       }
    },
    "url" : "/farms/<farmname>/services/<id>"

usr/local/zevenet/zapi-model/v4.0/json/letsencryptz-action.json

@@ -16,6 +16,7 @@
          "non_blank" : "true"
       },
       "force_renewal" : {
+         "description" : "true, force the certificate to be renewed even it is not expired, false, the certificate will be renewed if it is due to be renewed ( less than 30 days to expire ).",
          "values" : [
             "true",
             "false"
@@ -28,12 +29,6 @@
             "false"
          ]
       },
-      "test" : {
-         "values" : [
-            "true",
-            "false"
-         ]
-      },
       "vip" : {
          "description" : "IP of the system, where a temporal Farm “Letsencryptz” is configured. Required true if param vip is not sent.",
          "dyn_values" : "true",

usr/local/zevenet/zapi-model/v4.0/json/letsencryptz-modify.json

@@ -0,0 +1,47 @@
+{
+   "action" : "set",
+   "description" : "Modify the Auto Renewal parameters of a Letsencrypt certificate.",
+   "method" : "PUT",
+   "params" : {
+      "autorenewal" : {
+         "description" : "true,the autorenewal will be configured.false, the autorenewal will be removed.",
+         "non_blank" : "true",
+         "required" : "true",
+         "values" : [
+            "true",
+            "false"
+         ]
+      },
+      "farmname" : {
+         "depend_on" : "autorenewal==true && vip!=defined",
+         "description" : "Farm name which a temporal Service “Letsencryptz” is configured in. Required if param vip is not sent.",
+         "dyn_values" : "true",
+         "non_blank" : "true"
+      },
+      "force_renewal" : {
+         "depend_on" : "autorenewal==true",
+         "description" : "true, force the certificate to be renewed even it is not expired, false, the certificate will be renewed if it is due to be renewed ( less than 30 days to expire ).",
+         "required" : "true",
+         "values" : [
+            "true",
+            "false"
+         ]
+      },
+      "restart" : {
+         "depend_on" : "autorenewal==true",
+         "description" : "true, all the farms using the certificate will be restarted. false, no farms using the certificate will be restarted.",
+         "required" : "true",
+         "values" : [
+            "true",
+            "false"
+         ]
+      },
+      "vip" : {
+         "depend_on" : "autorenewal==true && farmname!=defined",
+         "description" : "IP of the system, where a temporal Farm “Letsencryptz” is configured. Required true if param vip is not sent.",
+         "dyn_values" : "true",
+         "non_blank" : "true"
+      }
+   },
+   "url" : "/certificates/letsencryptz/<domain>"
+}

usr/local/zevenet/zapi-model/v4.0/regexp

@@ -5,6 +5,7 @@ use Regexp::IPv6 qw($IPv6_re);
 
 # BASICS
 our $newline   = qr/\n/;
+our $startline  = qr/^\^/;
 
 # MACROS
 our $word_prefix   = '[?[\w-\s]+]?';

usr/local/zevenet/zapi-model/v4.0/tpl/blacklist-modify.json

@@ -4,6 +4,9 @@
 	"action": "set",
 	"description": "Modify the configuration of a blacklist rule. name is the blacklist unique identifier.",
 	"params": {
+		"time": {
+			"ref": "hash"
+		},
 		"policy": {
 			"description": "Action to apply to a source. The options are: deny, block the input traffic from sources of the list; or allow accept the traffic from sources of the list.",
 			"values": [

usr/local/zevenet/zapi-model/v4.0/tpl/farm_http_service-modify.json

@@ -5,7 +5,8 @@
 	"description": "Modify the parameters of a service in an HTTP profile.",
 	"params": {
 		"vhost": {
-			"is_regex": "true"
+			"is_regex": "true",
+			"negated_regex": "$startline"
 		},
 		"urlp": {
 			"is_regex": "true"

usr/local/zevenet/zapi-model/v4.0/tpl/letsencryptz-action.json

@@ -22,12 +22,7 @@
 			"dyn_values": "true"
 		},
 		"force_renewal": {
-			"values": [
-				"true",
-				"false"
-			]
-		},
-		"test": {
+			"description": "true, force the certificate to be renewed even it is not expired, false, the certificate will be renewed if it is due to be renewed ( less than 30 days to expire ).",
 			"values": [
 				"true",
 				"false"

usr/local/zevenet/zapi-model/v4.0/tpl/letsencryptz-modify.json

@@ -0,0 +1,47 @@
+{
+	"method": "PUT",
+	"url": "/certificates/letsencryptz/<domain>",
+	"action": "set",
+	"description": "Modify the Auto Renewal parameters of a Letsencrypt certificate.",
+	"params": {
+		"autorenewal": {
+			"description": "true,the autorenewal will be configured.false, the autorenewal will be removed.",
+			"values": [
+				"true",
+				"false"
+			],
+			"non_blank": "true",
+			"required": "true"
+		},
+		"vip": {
+			"description": "IP of the system, where a temporal Farm “Letsencryptz” is configured. Required true if param vip is not sent.",
+			"non_blank": "true",
+			"dyn_values": "true",
+			"depend_on": "autorenewal==true && farmname!=defined"
+		},
+		"farmname": {
+			"description": "Farm name which a temporal Service “Letsencryptz” is configured in. Required if param vip is not sent.",
+			"non_blank": "true",
+			"dyn_values": "true",
+			"depend_on": "autorenewal==true && vip!=defined"
+		},
+		"force_renewal": {
+			"description": "true, force the certificate to be renewed even it is not expired, false, the certificate will be renewed if it is due to be renewed ( less than 30 days to expire ).",
+			"values": [
+				"true",
+				"false"
+			],
+			"depend_on": "autorenewal==true",
+			"required": "true"
+		},
+		"restart": {
+			"description": "true, all the farms using the certificate will be restarted. false, no farms using the certificate will be restarted.",
+			"values": [
+				"true",
+				"false"
+			],
+			"depend_on": "autorenewal==true",
+			"required": "true"
+		}
+	}
+}

usr/share/perl5/Zevenet/Farm/L4xNAT/Config.pm

@@ -816,7 +816,10 @@ sub loadL4Modules
 
 	if ( $protocol =~ /sip|tftp|ftp|amanda|h323|irc|netbios-ns|pptp|sane|snmp/ )
 	{
-		$status = &loadNfModule( "nf_conntrack_$protocol", "" );
+		my $params = "";
+		$params = &getGlobalConfiguration( "l4xnat_sip_params" )
+		  if ( $protocol eq "sip" );
+		$status = &loadNfModule( "nf_conntrack_$protocol", $params );
 		$status = $status || &loadNfModule( "nf_nat_$protocol", "" );
 	}