diff options
Diffstat (limited to 'interface-definitions')
39 files changed, 1519 insertions, 265 deletions
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in index 5cf866b8e..239269235 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/flow-accounting-conf.xml.in @@ -217,7 +217,7 @@ </valueHelp> <valueHelp> <format>10</format> - <description>IPFIX</description> + <description>Internet Protocol Flow Information Export (IPFIX)</description> </valueHelp> </properties> </leafNode> diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index 4f940f7f6..9bb96f1f0 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -1,6 +1,7 @@ <?xml version="1.0"?> <!-- HTTPS configuration --> <interfaceDefinition> + <syntaxVersion component='https' version='2'></syntaxVersion> <node name="service"> <children> <node name="https" owner="${vyos_conf_scripts_dir}/https.py"> @@ -9,28 +10,37 @@ <priority>1001</priority> </properties> <children> - <tagNode name="listen-address"> + <tagNode name="virtual-host"> <properties> - <help>Addresses to listen for HTTPS requests</help> - <valueHelp> - <format>ipv4</format> - <description>HTTPS IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>HTTPS IPv6 address</description> - </valueHelp> - <valueHelp> - <format>'*'</format> - <description>any</description> - </valueHelp> + <help>Identifier for virtual host</help> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - <regex>\*$</regex> + <regex>[a-zA-Z0-9-_.:]{1,255}</regex> </constraint> + <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage> </properties> <children> + <leafNode name="listen-address"> + <properties> + <help>Address to listen for HTTPS requests</help> + <valueHelp> + <format>ipv4</format> + <description>HTTPS IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>HTTPS IPv6 address</description> + </valueHelp> + <valueHelp> + <format>'*'</format> + <description>any</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <regex>\*$</regex> + </constraint> + </properties> + </leafNode> <leafNode name='listen-port'> <properties> <help>Port to listen for HTTPS requests; default 443</help> @@ -45,7 +55,7 @@ </leafNode> <leafNode name="server-name"> <properties> - <help>Server names: exact, wildcard, regex, or '_' (any)</help> + <help>Server names: exact, wildcard, or regex</help> <multi/> </properties> </leafNode> @@ -103,6 +113,19 @@ </leafNode> </children> </node> + <node name="api-restrict"> + <properties> + <help>Restrict api proxy to subset of virtual hosts</help> + </properties> + <children> + <leafNode name="virtual-host"> + <properties> + <help>Restrict proxy to virtual host(s)</help> + <multi/> + </properties> + </leafNode> + </children> + </node> <node name="certificates"> <properties> <help>TLS certificates</help> diff --git a/interface-definitions/include/interface-description.xml.i b/interface-definitions/include/interface-description.xml.i index 7a7a37871..961533e26 100644 --- a/interface-definitions/include/interface-description.xml.i +++ b/interface-definitions/include/interface-description.xml.i @@ -1,9 +1,9 @@ <leafNode name="description"> <properties> - <help>Interface description</help> + <help>Interface specific description</help> <constraint> <regex>.{1,256}$</regex> </constraint> - <constraintErrorMessage>Interface description too long (limit 256 characters)</constraintErrorMessage> + <constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage> </properties> </leafNode> diff --git a/interface-definitions/include/interface-mtu-64-8024.xml.i b/interface-definitions/include/interface-mtu-64-8024.xml.i new file mode 100644 index 000000000..e917c816f --- /dev/null +++ b/interface-definitions/include/interface-mtu-64-8024.xml.i @@ -0,0 +1,13 @@ +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>64-8024</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 64-8024"/> + </constraint> + <constraintErrorMessage>MTU must be between 64 and 8024</constraintErrorMessage> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-mtu-68-1500.xml.i b/interface-definitions/include/interface-mtu-68-1500.xml.i new file mode 100644 index 000000000..81223c332 --- /dev/null +++ b/interface-definitions/include/interface-mtu-68-1500.xml.i @@ -0,0 +1,13 @@ +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>68-1500</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 68-1500"/> + </constraint> + <constraintErrorMessage>MTU must be between 68 and 1500</constraintErrorMessage> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-vrf.xml.i b/interface-definitions/include/interface-vrf.xml.i new file mode 100644 index 000000000..355e7f0f3 --- /dev/null +++ b/interface-definitions/include/interface-vrf.xml.i @@ -0,0 +1,12 @@ +<leafNode name="vrf"> + <properties> + <help>VRF instance name</help> + <valueHelp> + <format>text</format> + <description>VRF instance name</description> + </valueHelp> + <completionHelp> + <path>vrf name</path> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i new file mode 100644 index 000000000..507d5dcc1 --- /dev/null +++ b/interface-definitions/include/ipv6-address.xml.i @@ -0,0 +1,22 @@ +<node name="address"> + <children> + <leafNode name="autoconf"> + <properties> + <help>Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="eui64"> + <properties> + <help>ssign IPv6 address using EUI-64 based on MAC address</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/ipv6-disable-forwarding.xml.i b/interface-definitions/include/ipv6-disable-forwarding.xml.i new file mode 100644 index 000000000..3f90c7e34 --- /dev/null +++ b/interface-definitions/include/ipv6-disable-forwarding.xml.i @@ -0,0 +1,6 @@ +<leafNode name="disable-forwarding"> + <properties> + <help>Disable IPv6 forwarding on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i new file mode 100644 index 000000000..728187560 --- /dev/null +++ b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i @@ -0,0 +1,16 @@ +<leafNode name="dup-addr-detect-transmits"> + <properties> + <help>Number of NS messages to send while performing DAD (default: 1)</help> + <valueHelp> + <format>1-n</format> + <description>Number of NS messages to send while performing DAD</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Disable Duplicate Address Dectection (DAD)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--non-negative"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/port-number.xml.i b/interface-definitions/include/port-number.xml.i new file mode 100644 index 000000000..78eb4b7af --- /dev/null +++ b/interface-definitions/include/port-number.xml.i @@ -0,0 +1,12 @@ +<leafNode name="port">
+ <properties>
+ <help>Port number used to establish connection</help>
+ <valueHelp>
+ <format>1-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+</leafNode>
diff --git a/interface-definitions/include/radius-server.xml.i b/interface-definitions/include/radius-server.xml.i new file mode 100644 index 000000000..047728233 --- /dev/null +++ b/interface-definitions/include/radius-server.xml.i @@ -0,0 +1,56 @@ +<node name="radius"> + <properties> + <help>RADIUS based user authentication</help> + </properties> + <children> + <leafNode name="source-address"> + <properties> + <help>RADIUS client source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source-address of RADIUS queries</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Temporary disable this server</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="key"> + <properties> + <help>Shared secret key</help> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Authentication port</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port (default: 1812)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</node> diff --git a/interface-definitions/include/vif-s.xml.i b/interface-definitions/include/vif-s.xml.i index 2120aa32d..ab2dcd955 100644 --- a/interface-definitions/include/vif-s.xml.i +++ b/interface-definitions/include/vif-s.xml.i @@ -58,6 +58,7 @@ #include <include/interface-disable.xml.i> #include <include/interface-mac.xml.i> #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-vrf.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i index 85e901852..819534dc1 100644 --- a/interface-definitions/include/vif.xml.i +++ b/interface-definitions/include/vif.xml.i @@ -16,6 +16,7 @@ #include <include/dhcp-dhcpv6-options.xml.i> #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="egress-qos"> <properties> <help>VLAN egress QoS</help> @@ -50,6 +51,13 @@ #include <include/interface-enable-proxy-arp.xml.i> </children> </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> #include <include/interface-mac.xml.i> #include <include/interface-mtu-68-9000.xml.i> </children> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 586a8437d..07a6abd30 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -7,7 +7,7 @@ <help>Bonding Interface/Link Aggregation</help> <priority>320</priority> <constraint> - <regex>bond[0-9]+$</regex> + <regex>^bond[0-9]+$</regex> </constraint> <constraintErrorMessage>Bonding interface must be named bondN</constraintErrorMessage> <valueHelp> @@ -53,6 +53,7 @@ #include <include/dhcp-dhcpv6-options.xml.i> #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="hash-policy"> <properties> <help>Bonding transmit hash policy</help> @@ -88,6 +89,13 @@ #include <include/interface-proxy-arp-pvlan.xml.i> </children> </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> #include <include/interface-mac.xml.i> <leafNode name="mode"> <properties> diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index e8285b16c..818bc9c0e 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -5,9 +5,9 @@ <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces-bridge.py"> <properties> <help>Bridge Interface</help> - <priority>470</priority> + <priority>489</priority> <constraint> - <regex>br[0-9]+$</regex> + <regex>^br[0-9]+$</regex> </constraint> <constraintErrorMessage>Bridge interface must be named brN</constraintErrorMessage> <valueHelp> @@ -37,6 +37,7 @@ #include <include/dhcp-dhcpv6-options.xml.i> #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="forwarding-delay"> <properties> <help>Forwarding delay</help> @@ -85,6 +86,13 @@ #include <include/interface-disable-arp-filter.xml.i> </children> </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> #include <include/interface-mac.xml.i> <leafNode name="max-age"> <properties> diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in index 39809a610..135adfc10 100644 --- a/interface-definitions/interfaces-dummy.xml.in +++ b/interface-definitions/interfaces-dummy.xml.in @@ -7,7 +7,7 @@ <help>Dummy Interface</help> <priority>300</priority> <constraint> - <regex>dum[0-9]+$</regex> + <regex>^dum[0-9]+$</regex> </constraint> <constraintErrorMessage>Dummy interface must be named dumN</constraintErrorMessage> <valueHelp> @@ -19,6 +19,7 @@ #include <include/address-ipv4-ipv6.xml.i> #include <include/interface-description.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index 8f5d7355b..f8ec26d04 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -7,7 +7,7 @@ <help>Ethernet Interface</help> <priority>318</priority> <constraint> - <regex>((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$</regex> + <regex>^((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$</regex> </constraint> <constraintErrorMessage>Invalid Ethernet interface name</constraintErrorMessage> <valueHelp> @@ -31,6 +31,7 @@ </leafNode> #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="duplex"> <properties> <help>Duplex mode</help> @@ -78,6 +79,13 @@ #include <include/interface-proxy-arp-pvlan.xml.i> </children> </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> #include <include/interface-mac.xml.i> #include <include/interface-mtu-68-9000.xml.i> <node name="offload-options"> diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in index a6406ffc9..31a3ebb7a 100644 --- a/interface-definitions/interfaces-geneve.xml.in +++ b/interface-definitions/interfaces-geneve.xml.in @@ -7,7 +7,7 @@ <help>Generic Network Virtualization Encapsulation (GENEVE) Interface</help> <priority>460</priority> <constraint> - <regex>gnv[0-9]+$</regex> + <regex>^gnv[0-9]+$</regex> </constraint> <constraintErrorMessage>GENEVE interface must be named gnvN</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index a408e58c1..30dd9b604 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -5,9 +5,9 @@ <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces-l2tpv3.py"> <properties> <help>Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface</help> - <priority>800</priority> + <priority>485</priority> <constraint> - <regex>l2tpeth[0-9]+$</regex> + <regex>^l2tpeth[0-9]+$</regex> </constraint> <constraintErrorMessage>L2TPv3 interface must be named l2tpethN</constraintErrorMessage> <valueHelp> @@ -51,6 +51,13 @@ <constraintErrorMessage>Encapsulation must be UDP or IP</constraintErrorMessage> </properties> </leafNode> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> <leafNode name="local-ip"> <properties> <help>Local IP address for L2TPv3 tunnel</help> diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in index ddbfad763..97d5bab90 100644 --- a/interface-definitions/interfaces-loopback.xml.in +++ b/interface-definitions/interfaces-loopback.xml.in @@ -7,7 +7,7 @@ <help>Loopback Interface</help> <priority>300</priority> <constraint> - <regex>lo$</regex> + <regex>^lo$</regex> </constraint> <constraintErrorMessage>Loopback interface must be named lo</constraintErrorMessage> <valueHelp> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index bc1a159a9..92bac3fab 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -7,7 +7,7 @@ <help>OpenVPN Tunnel Interface</help> <priority>460</priority> <constraint> - <regex>vtun[0-9]+$</regex> + <regex>^vtun[0-9]+$</regex> </constraint> <constraintErrorMessage>OpenVPN tunnel interface must be named vtunN</constraintErrorMessage> <valueHelp> @@ -162,6 +162,13 @@ </leafNode> </children> </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> <leafNode name="hash"> <properties> <help>Hashing Algorithm</help> @@ -611,6 +618,18 @@ </constraint> </properties> </leafNode> + <leafNode name="crypt-file"> + <properties> + <help>File containing encryption key to authenticate control channel</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> <leafNode name="tls-version-min"> <properties> <help>Specify the minimum required TLS version</help> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index b6b54c915..d69e0b42c 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -7,13 +7,12 @@ <help>Point-to-Point Protocol over Ethernet (PPPoE)</help> <priority>321</priority> <constraint> - <regex>pppoe[0-9]+$</regex> - <validator name="numeric" argument="--range 1-99"/> + <regex>^pppoe[0-9]+$</regex> </constraint> <constraintErrorMessage>PPPoE interface must be named pppoeN</constraintErrorMessage> <valueHelp> <format>pppoeN</format> - <description>PPPoE interface name (1-15)</description> + <description>PPPoE dialer interface name</description> </valueHelp> </properties> <children> @@ -75,6 +74,7 @@ </leafNode> #include <include/interface-description.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="idle-timeout"> <properties> <help>Delay before disconnecting idle session (in seconds)</help> diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in index c2dea438a..c6e61d19a 100644 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in @@ -7,7 +7,7 @@ <help>Pseudo Ethernet</help> <priority>319</priority> <constraint> - <regex>peth[0-9]+$</regex> + <regex>^peth[0-9]+$</regex> </constraint> <constraintErrorMessage>Pseudo Ethernet interface must be named pethN</constraintErrorMessage> <valueHelp> @@ -21,6 +21,7 @@ #include <include/dhcp-dhcpv6-options.xml.i> #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <node name="ip"> <children> #include <include/interface-arp-cache-timeout.xml.i> @@ -32,9 +33,16 @@ #include <include/interface-proxy-arp-pvlan.xml.i> </children> </node> - <leafNode name="link"> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="source-interface"> <properties> - <help>Lower link device</help> + <help>Physical Interface used for this device</help> <valueHelp> <format>interface</format> <description>Interface used for VXLAN underlay</description> diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in new file mode 100644 index 000000000..e1ac60319 --- /dev/null +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -0,0 +1,280 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces-tunnel.py"> + <properties> + <help>Tunnel interface</help> + <priority>380</priority> + <constraint> + <regex>^tun[0-9]+$</regex> + </constraint> + <constraintErrorMessage>tunnel interface must be named tunN</constraintErrorMessage> + <valueHelp> + <format>tunN</format> + <description>Tunnel interface name</description> + </valueHelp> + </properties> + <children> + #include <include/interface-description.xml.i> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-vrf.xml.i> + #include <include/interface-mtu-64-8024.xml.i> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="local-ip"> + <properties> + <help>Local IP address for this tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Local IPv4 address for this tunnel</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Local IPv6 address for this tunnel [NOTICE: unavailable for mGRE tunnels]</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_local.py</script> + </completionHelp> + <constraint> + <!-- does it need fixing/changing to be more restrictive ? --> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="remote-ip"> + <properties> + <help>Remote IP address for this tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Remote IPv4 address for this tunnel</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Remote IPv6 address for this tunnel</description> + </valueHelp> + <constraint> + <!-- does it need fixing/changing to be more restrictive ? --> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="6rd-prefix"> + <properties> + <help>6rd network prefix</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="6rd-relay-prefix"> + <properties> + <help>6rd relay prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix of interface for 6rd</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dhcp-interface"> + <properties> + <help>dhcp interface</help> + <valueHelp> + <format>interface</format> + <description>DHCP interface that supplies the local IP address for this tunnel</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <constraint> + <regex>(en|eth|br|bond|gnv|vxlan|wg|tun)[0-9]+</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="encapsulation"> + <properties> + <help>Encapsulation of this tunnel interface</help> + <completionHelp> + <list>gre gre-bridge ipip sit ipip6 ip6ip6 ip6gre</list> + </completionHelp> + <valueHelp> + <format>gre-bridge</format> + <description>Generic Routing Encapsulation bridge interface</description> + </valueHelp> + <valueHelp> + <format>ipip</format> + <description>IP in IP encapsulation</description> + </valueHelp> + <valueHelp> + <format>sit</format> + <description>Simple Internet Transition encapsulation</description> + </valueHelp> + <valueHelp> + <format>ipip6</format> + <description>IP in IP6 encapsulation</description> + </valueHelp> + <valueHelp> + <format>ip6ip6</format> + <description>IP6 in IP6 encapsulation</description> + </valueHelp> + <valueHelp> + <format>ip6gre</format> + <description>GRE over IPv6 network</description> + </valueHelp> + <constraint> + <regex>(gre|gre-bridge|ipip|sit|ipip6|ip6ip6|ip6gre)</regex> + </constraint> + <constraintErrorMessage>Must be one of 'gre' 'gre-bridge' 'ipip' 'sit' 'ipip6' 'ip6ip6' 'ip6gre'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="multicast"> + <properties> + <help>Multicast operation over tunnel</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable Multicast</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable Multicast (default)</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + <constraintErrorMessage>Must be 'disable' or 'enable'</constraintErrorMessage> + </properties> + </leafNode> + <node name="parameters"> + <properties> + <help>Tunnel parameters</help> + </properties> + <children> + <node name="ip"> + <properties> + <help>IPv4 specific tunnel parameters</help> + </properties> + <children> + <leafNode name="ttl"> + <properties> + <help>Time to live field</help> + <valueHelp> + <format>0-255</format> + <description>Time to live (default 255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>TTL must be between 0 and 255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="tos"> + <properties> + <help>Type of Service (TOS)</help> + <valueHelp> + <format>0-99</format> + <description>Type of Service (TOS)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-99"/> + </constraint> + <constraintErrorMessage>TOS must be between 0 and 99</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="key"> + <properties> + <help>Tunnel key</help> + <valueHelp> + <format>0-4294967295</format> + <description>Tunnel key</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>key must be between 0-4294967295</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <node name="ipv6"> + <properties> + <help>IPv6 specific tunnel parameters</help> + </properties> + <children> + <leafNode name="encaplimit"> + <properties> + <help>Encaplimit field</help> + <valueHelp> + <format>0-255</format> + <description>Encaplimit (default 4)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>key must be between 0-255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="flowlabel"> + <properties> + <help>Flowlabel</help> + <valueHelp> + <format>0x0-0x0FFFFF</format> + <description>Tunnel key, 'inherit' or hex value</description> + </valueHelp> + <constraint> + <regex>(0x){0,1}(0?[0-9A-Fa-f]{1,5})</regex> + </constraint> + <constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="hoplimit"> + <properties> + <help>Hoplimit</help> + <valueHelp> + <format>0-255</format> + <description>Hoplimit (default 64)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>hoplimit must be between 0-255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="tclass"> + <properties> + <help>Traffic class (Tclass)</help> + <valueHelp> + <format>0x0-0x0FFFFF</format> + <description>Traffic class, 'inherit' or hex value</description> + </valueHelp> + <constraint> + <regex>(0x){0,1}(0?[0-9A-Fa-f]{1,2})</regex> + </constraint> + <constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index 16cb2c169..fdde57525 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -7,7 +7,7 @@ <help>Virtual Extensible LAN (VXLAN) Interface</help> <priority>460</priority> <constraint> - <regex>vxlan[0-9]+$</regex> + <regex>^vxlan[0-9]+$</regex> </constraint> <constraintErrorMessage>VXLAN interface must be named vxlanN</constraintErrorMessage> <valueHelp> @@ -45,9 +45,28 @@ #include <include/interface-enable-proxy-arp.xml.i> </children> </node> - <leafNode name="link"> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="source-address"> + <properties> + <help>VXLAN source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source-address of VXLAN tunnel</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="source-interface"> <properties> - <help>Underlay device of VXLAN interface</help> + <help>Physical Interface used for this connection</help> <valueHelp> <format>interface</format> <description>Interface used for VXLAN underlay</description> diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index dd4a73efd..9db608afb 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -7,7 +7,7 @@ <help>WireGuard Interface</help> <priority>459</priority> <constraint> - <regex>wg[0-9]+$</regex> + <regex>^wg[0-9]+$</regex> </constraint> <constraintErrorMessage>WireGuard interface must be named wgN</constraintErrorMessage> <valueHelp> @@ -19,22 +19,9 @@ #include <include/address-ipv4-ipv6.xml.i> #include <include/interface-description.xml.i> #include <include/interface-disable.xml.i> - <leafNode name="port"> - <properties> - <help>Local port number to accept connections</help> - <constraint> - <validator name="numeric" argument="--range 1024-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="mtu"> - <properties> - <help>interface mtu size(default: 1420)</help> - <constraint> - <validator name="numeric" argument="--range 68-9000"/> - </constraint> - </properties> - </leafNode> + #include <include/interface-vrf.xml.i> + #include <include/port-number.xml.i> + #include <include/interface-mtu-68-9000.xml.i> <leafNode name="fwmark"> <properties> <help>A 32-bit fwmark value set on all outgoing packets</help> @@ -97,12 +84,19 @@ <multi/> </properties> </leafNode> - <!-- eventually check format IP:port --> - <leafNode name="endpoint"> + <leafNode name="address"> <properties> - <help>Remote endpoint (IP:port)</help> + <help>IP address of tunnel remote end</help> + <valueHelp> + <format>ipv4</format> + <description>IP address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> </properties> </leafNode> + #include <include/port-number.xml.i> <leafNode name="persistent-keepalive"> <properties> <help>how often send keep alives in seconds</help> diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index d6b257978..194669f77 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -7,7 +7,7 @@ <help>Wireless (WiFi/WLAN) Network Interface</help> <priority>400</priority> <constraint> - <regex>wlan[0-9]+$</regex> + <regex>^wlan[0-9]+$</regex> </constraint> <constraintErrorMessage>Wireless interface must be named wlanN</constraintErrorMessage> <valueHelp> @@ -208,11 +208,11 @@ <properties> <help>Number of antennas on this card</help> <valueHelp> - <format>1-9</format> + <format>1-8</format> <description>Number of antennas for this card</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-9"/> + <validator name="numeric" argument="--range 1-8"/> </constraint> </properties> </leafNode> @@ -320,7 +320,7 @@ <properties> <help>VHT link adaptation capabilities</help> <completionHelp> - <list>single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee</list> + <list>unsolicited both</list> </completionHelp> <valueHelp> <format>unsolicited</format> @@ -454,6 +454,7 @@ </leafNode> #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="expunge-failing-stations"> <properties> <help>Disassociate stations based on excessive transmission failures</help> @@ -468,6 +469,13 @@ #include <include/interface-enable-arp-ignore.xml.i> </children> </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> <leafNode name="hw-id"> <properties> <help>Media Access Control (MAC) address</help> @@ -666,28 +674,10 @@ <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> </leafNode> + #include <include/radius-server.xml.i> <node name="radius"> - <properties> - <help>RADIUS specific configuration</help> - </properties> <children> - <leafNode name="source-address"> - <properties> - <help>RADIUS client forced local IP address</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of RADIUS server</description> - </valueHelp> - </properties> - </leafNode> <tagNode name="server"> - <properties> - <help>IP address of RADIUS server</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of RADIUS server</description> - </valueHelp> - </properties> <children> <leafNode name="accounting"> <properties> @@ -695,23 +685,6 @@ <valueless/> </properties> </leafNode> - <leafNode name="port"> - <properties> - <help>RADIUS server port (default: 1812)</help> - <valueHelp> - <format>1-65535</format> - <description>RADIUS server port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="key"> - <properties> - <help>RADIUS shared secret key</help> - </properties> - </leafNode> </children> </tagNode> </children> diff --git a/interface-definitions/interfaces-wirelessmodem.xml.in b/interface-definitions/interfaces-wirelessmodem.xml.in new file mode 100644 index 000000000..6bec34b56 --- /dev/null +++ b/interface-definitions/interfaces-wirelessmodem.xml.in @@ -0,0 +1,81 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="wirelessmodem" owner="${vyos_conf_scripts_dir}/interfaces-wirelessmodem.py"> + <properties> + <help>Wireless Modem (WWAN) Interface</help> + <priority>350</priority> + <constraint> + <regex>^wlm[0-9]+$</regex> + </constraint> + <constraintErrorMessage>Wireless Modem interface must be named wlmN</constraintErrorMessage> + <valueHelp> + <format>wlmN</format> + <description>Wireless modem interface name</description> + </valueHelp> + </properties> + <children> + <leafNode name="apn"> + <properties> + <help>Access Point Name (APN)</help> + </properties> + </leafNode> + <node name="backup"> + <properties> + <help>Insert backup default route</help> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Distance backup default route</help> + <valueHelp> + <format>1-255</format> + <description>Distance of the backup route (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <constraintErrorMessage>Must be between (1-255)</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="device"> + <properties> + <help>System device name (default: ttyUSB0)</help> + <valueHelp> + <format>ttyXXX</format> + <description>System TTY device name</description> + </valueHelp> + </properties> + </leafNode> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-mtu-68-9000.xml.i> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="no-peer-dns"> + <properties> + <help>Do not use peer supplied DNS server information</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ondemand"> + <properties> + <help>Only dial when traffic is available</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-igmp.xml.in b/interface-definitions/protocols-igmp.xml.in new file mode 100644 index 000000000..a9b11e1a3 --- /dev/null +++ b/interface-definitions/protocols-igmp.xml.in @@ -0,0 +1,88 @@ +<?xml version="1.0"?> +<!-- Internet Group Management Protocol (IGMP) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="igmp" owner="${vyos_conf_scripts_dir}/protocols_igmp.py"> + <properties> + <help>Internet Group Management Protocol (IGMP)</help> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>IGMP interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <tagNode name="join"> + <properties> + <help>IGMP join multicast group</help> + <valueHelp> + <format>ipv4</format> + <description>Multicast group address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="source"> + <properties> + <help>Source address</help> + <valueHelp> + <format>ipv4</format> + <description>Source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="version"> + <properties> + <help>IGMP version</help> + <valueHelp> + <format>2-3</format> + <description>IGMP version</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-3"/> + </constraint> + </properties> + </leafNode> + <leafNode name="query-interval"> + <properties> + <help>IGMP host query interval</help> + <valueHelp> + <format>1-1800</format> + <description>Query interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1800"/> + </constraint> + </properties> + </leafNode> + <leafNode name="query-max-response-time"> + <properties> + <help>IGMP max query response time</help> + <valueHelp> + <format>10-250</format> + <description>Query response value in deci-seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-250"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in new file mode 100644 index 000000000..376323855 --- /dev/null +++ b/interface-definitions/protocols-mpls.xml.in @@ -0,0 +1,98 @@ +<?xml version="1.0"?> +<!-- Multiprotocol Label Switching (MPLS) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="mpls" owner="${vyos_conf_scripts_dir}/protocols_mpls.py"> + <properties> + <help>Multiprotocol Label Switching (MPLS)</help> + <priority>299</priority> + </properties> + <children> + <node name="ldp"> + <properties> + <help>LDP options</help> + </properties> + <children> + <leafNode name="router-id"> + <properties> + <help>x.x.x.x Label Switch Router (LSR) id</help> + <valueHelp> + <format>ipv4</format> + <description>LSR ipv4 id</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <tagNode name="neighbor"> + <properties> + <help>LDP Id of neighbor</help> + <valueHelp> + <format>ipv4</format> + <description>neighbor IPv4 id</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="password"> + <properties> + <help>Peer password</help> + </properties> + </leafNode> + </children> + </tagNode> + <node name="discovery"> + <properties> + <help>Discovery parameters</help> + <valueHelp> + <format>ipv4</format> + <description>Discovery parameters</description> + </valueHelp> + </properties> + <children> + <leafNode name="transport-ipv4-address"> + <properties> + <help>Transport ipv4 address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 bind as transport</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="transport-ipv6-address"> + <properties> + <help>Transport ipv6 address</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 bind as transport</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="interface"> + <properties> + <help>Listen interface for LDP</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition>
\ No newline at end of file diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols-pim.xml.in new file mode 100644 index 000000000..6152045a7 --- /dev/null +++ b/interface-definitions/protocols-pim.xml.in @@ -0,0 +1,96 @@ +<?xml version="1.0"?> +<!-- Protocol Independent Multicast (PIM) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="pim" owner="${vyos_conf_scripts_dir}/protocols_pim.py"> + <properties> + <help>Protocol Independent Multicast (PIM)</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>PIM interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="dr-priority"> + <properties> + <help>Designated Router Election Priority</help> + <valueHelp> + <format>1-4294967295</format> + <description>Value of the new DR Priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="hello"> + <properties> + <help>Hello Interval</help> + <valueHelp> + <format>1-180</format> + <description>Hello Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-180"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <node name="rp"> + <properties> + <help>Rendezvous Point</help> + </properties> + <children> + <tagNode name="address"> + <properties> + <help>Rendezvous Point address</help> + <valueHelp> + <format>ipv4</format> + <description>Rendezvous Point address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Group Address range</help> + <valueHelp> + <format>ipv4net</format> + <description>Group Address range RFC 3171</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="keep-alive-timer"> + <properties> + <help>Keep alive Timer</help> + <valueHelp> + <format>31-60000</format> + <description>Keep alive Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 31-60000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/salt-minion.xml.in new file mode 100644 index 000000000..9aa60249a --- /dev/null +++ b/interface-definitions/salt-minion.xml.in @@ -0,0 +1,85 @@ +<?xml version="1.0"?> +<!--Salt-minion configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="salt-minion" owner="${vyos_conf_scripts_dir}/salt-minion.py"> + <properties> + <help>Salt Minion</help> + <priority>500</priority> + </properties> + <children> + <leafNode name="hash_type"> + <properties> + <help>The hash_type is the hash to use when discovering the hash of a file on the master server.</help> + </properties> + </leafNode> + <leafNode name="log_file"> + <properties> + <help>The location of the minion log file.</help> + </properties> + </leafNode> + <leafNode name="log_level"> + <properties> + <help>Log level</help> + <valueHelp> + <format>garbage</format> + <description>log garbage info</description> + </valueHelp> + <valueHelp> + <format>trace</format> + <description>log trace info</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>log debug info</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>log info</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>log warning info</description> + </valueHelp> + <valueHelp> + <format>error</format> + <description>log error info</description> + </valueHelp> + <valueHelp> + <format>critical</format> + <description>log critical info</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="master"> + <properties> + <help>The hostname or IP address of the master.</help> + <multi/> + </properties> + </leafNode> + <leafNode name="id"> + <properties> + <help>Explicitly declare the id for this minion to use.</help> + </properties> + </leafNode> + <leafNode name="user"> + <properties> + <help>The user to run the Salt processes.</help> + </properties> + </leafNode> + <leafNode name="mine_interval"> + <properties> + <help>The number of minutes between mine updates.</help> + </properties> + </leafNode> + <leafNode name="master-key"> + <properties> + <help>Enables verification of the master-public-signature returned by the master in auth-replies.</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service-router-advert.xml.in new file mode 100644 index 000000000..bd63b15a3 --- /dev/null +++ b/interface-definitions/service-router-advert.xml.in @@ -0,0 +1,266 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="router-advert" owner="${vyos_conf_scripts_dir}/service-router-advert.py"> + <properties> + <help>IPv6 Router Advertisements (RAs) service</help> + <priority>900</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Interface to send DDNS updates for [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="hop-limit"> + <properties> + <help>Set Hop Count field of the IP header for outgoing packets (default: 64)</help> + <valueHelp> + <format>1-255</format> + <description>Value should represent current diameter of the Internet</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Unspecified (by this router)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>Hop count must be between 0 and 255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="default-lifetime"> + <properties> + <help>Lifetime associated with the default router in units of seconds</help> + <valueHelp> + <format>4-9000</format> + <description>Router Lifetime in seconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Not a default router</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 4-9000"/> + </constraint> + <constraintErrorMessage>Default router livetime bust be 0 or between 4 and 9000</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="default-preference"> + <properties> + <help>Preference associated with the default router,</help> + <completionHelp> + <list>low medium high</list> + </completionHelp> + <valueHelp> + <format>low</format> + <description>Default router has low preference</description> + </valueHelp> + <valueHelp> + <format>medium</format> + <description>Default router has medium preference (default)</description> + </valueHelp> + <valueHelp> + <format>high</format> + <description>Default router has high preference</description> + </valueHelp> + <constraint> + <regex>(low|medium|high)</regex> + </constraint> + <constraintErrorMessage>Default preference must be low, medium or high</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="dnssl"> + <properties> + <help>DNS search list</help> + <multi/> + </properties> + </leafNode> + <leafNode name="link-mtu"> + <properties> + <help>Link MTU value placed in RAs, exluded in RAs if unset</help> + <valueHelp> + <format>1280-9000</format> + <description>Link MTU value in RAs</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1280-9000"/> + </constraint> + <constraintErrorMessage>Link MTU must be between 1280 and 9000</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="managed-flag"> + <properties> + <help>Hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using SLAAC</help> + <valueless/> + </properties> + </leafNode> + <node name="interval"> + <properties> + <help>Set interval between unsolicited multicast RAs</help> + </properties> + <children> + <leafNode name="max"> + <properties> + <help>Maximum interval between unsolicited multicast RAs (default: 600)</help> + <valueHelp> + <format>4-1800</format> + <description>Maximum interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 4-1800"/> + </constraint> + <constraintErrorMessage>Maximum interval must be between 4 and 1800 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="min"> + <properties> + <help>Minimum interval between unsolicited multicast RAs</help> + <valueHelp> + <format>3-1350</format> + <description>Minimum interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 3-1350"/> + </constraint> + <constraintErrorMessage>Minimum interval must be between 3 and 1350 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="name-server"> + <properties> + <help>IPv6 address of recursive DNS server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of DNS name server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="other-config-flag"> + <properties> + <help>Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>IPv6 prefix to be advertised in Router Advertisements (RAs)</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to be advertized</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="no-autonomous-flag"> + <properties> + <help>Prefix can not be used for stateless address auto-configuration</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-on-link-flag"> + <properties> + <help>Prefix can not be used for on-link determination</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="preferred-lifetime"> + <properties> + <help>Time in seconds that the prefix will remain preferred (default 4 hours)</help> + <completionHelp> + <list>infinity</list> + </completionHelp> + <valueHelp> + <format>0-4294967295</format> + <description>Time in seconds that the prefix will remain preferred</description> + </valueHelp> + <valueHelp> + <format>infinity</format> + <description>Prefix will remain preferred forever</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <regex>(infinity)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="valid-lifetime"> + <properties> + <help>Time in seconds that the prefix will remain valid (default: 30 days)</help> + <completionHelp> + <list>infinity</list> + </completionHelp> + <valueHelp> + <format>1-4294967295</format> + <description>Time in seconds that the prefix will remain valid</description> + </valueHelp> + <valueHelp> + <format>infinity</format> + <description>Prefix will remain preferred forever</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <regex>(infinity)</regex> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="reachable-time"> + <properties> + <help>Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation</help> + <valueHelp> + <format>1-3600000</format> + <description>Reachable Time value in RAs (in milliseconds)</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Reachable Time unspecified by this router</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 1-3600000"/> + </constraint> + <constraintErrorMessage>Reachable time must be 0 or between 1 and 3600000 milliseconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="retrans-timer"> + <properties> + <help>Time in milliseconds between retransmitted Neighbor Solicitation messages</help> + <valueHelp> + <format>1-4294967295</format> + <description>Minimum interval in milliseconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Time, in milliseconds, between retransmitted Neighbor Solicitation messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 1-4294967295"/> + </constraint> + <constraintErrorMessage>Retransmit interval must be 0 or between 1 and 4294967295 milliseconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="no-send-advert"> + <properties> + <help>Do not send router adverts</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in index 3ed85b8d3..2499a192c 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system-login.xml.in @@ -110,58 +110,11 @@ </leafNode> </children> </tagNode> + #include <include/radius-server.xml.i> <node name="radius"> - <properties> - <help>RADIUS based user authentication</help> - </properties> <children> - <leafNode name="source-address"> - <properties> - <help>RADIUS client source address</help> - <valueHelp> - <format>ipv4</format> - <description>TFTP IPv4 listen address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> <tagNode name="server"> - <properties> - <help>RADIUS server configuration</help> - <valueHelp> - <format>ipv4</format> - <description>RADIUS server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> <children> - <leafNode name="disable"> - <properties> - <help>Temporary disable this server</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="key"> - <properties> - <help>Shared secret key</help> - </properties> - </leafNode> - <leafNode name="port"> - <properties> - <help>Authentication port</help> - <valueHelp> - <format>1-65535</format> - <description>Numeric IP port (default: 1812)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> <leafNode name="timeout"> <properties> <help>Session timeout</help> diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in index 2079ec0ea..194cdb851 100644 --- a/interface-definitions/system-syslog.xml.in +++ b/interface-definitions/system-syslog.xml.in @@ -181,13 +181,17 @@ <properties> <help>Logging to a remote host</help> <constraint> - <validator name="ip-address" /> - <regex>(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)</regex> + <validator name="ip-address"/> + <validator name="fqdn"/> </constraint> - <constraintErrorMessage>Invalid host FQDN or IP address</constraintErrorMessage> + <constraintErrorMessage>Invalid host (FQDN or IP address)</constraintErrorMessage> <valueHelp> - <format>x.x.x.x or host.domain.tld</format> - <description>Remote host name or IP address</description> + <format>ipv4</format> + <description>Remote syslog server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Remote syslog server FQDN</description> </valueHelp> </properties> <children> diff --git a/interface-definitions/l2tp-server.xml.in b/interface-definitions/vpn-l2tp.xml.in index 7fc844054..7fc844054 100644 --- a/interface-definitions/l2tp-server.xml.in +++ b/interface-definitions/vpn-l2tp.xml.in diff --git a/interface-definitions/sstp.xml.in b/interface-definitions/vpn-sstp.xml.in index 10b97b833..b026417b3 100644 --- a/interface-definitions/sstp.xml.in +++ b/interface-definitions/vpn-sstp.xml.in @@ -1,11 +1,11 @@ <?xml version="1.0"?> <interfaceDefinition> - <node name="service"> + <node name="vpn"> <children> - <node name="sstp-server" owner="${vyos_conf_scripts_dir}/accel_sstp.py"> + <node name="sstp" owner="${vyos_conf_scripts_dir}/vpn_sstp.py"> <properties> - <help>Secure Socket Tunneling Protocol (SSTP) Server</help> - <priority>900</priority> + <help>Secure Socket Tunneling Protocol (SSTP) server</help> + <priority>901</priority> </properties> <children> <node name="authentication"> @@ -113,85 +113,96 @@ <multi /> </properties> </leafNode> - <tagNode name="radius-server"> - <properties> - <help>IP address of RADIUS server</help> - <valueHelp> - <format>ipv4</format> - <description>IP address of RADIUS server</description> - </valueHelp> - </properties> - <children> - <leafNode name="secret"> - <properties> - <help>Key for accessing the specified server</help> - </properties> - </leafNode> - <leafNode name="req-limit"> - <properties> - <help>Maximum number of simultaneous requests to server (default: unlimited)</help> - </properties> - </leafNode> - <leafNode name="fail-time"> - <properties> - <help>If server does not responds mark it as unavailable for this time (seconds)</help> - </properties> - </leafNode> - </children> - </tagNode> - <node name="radius-settings"> - <properties> - <help>RADIUS settings</help> - </properties> + #include <include/radius-server.xml.i> + <node name="radius"> <children> + <tagNode name="server"> + <children> + <leafNode name="fail-time"> + <properties> + <help>Mark server unavailable for <n> seconds on failure</help> + <valueHelp> + <format>0-600</format> + <description>Fail time penalty</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> <leafNode name="timeout"> <properties> - <help>Timeout to wait response from server (seconds)</help> + <help>Timeout in seconds to wait response from RADIUS server</help> + <valueHelp> + <format>1-60</format> + <description>Timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage> </properties> </leafNode> <leafNode name="acct-timeout"> <properties> - <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help> + <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help> + <valueHelp> + <format>0-60</format> + <description>Timeout in seconds, 0 to keep active</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage> </properties> </leafNode> <leafNode name="max-try"> <properties> - <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help> + <help>Number of tries to send Access-Request/Accounting-Request queries</help> + <valueHelp> + <format>1-20</format> + <description>Maximum tries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20"/> + </constraint> + <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage> </properties> </leafNode> <leafNode name="nas-identifier"> <properties> - <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help> + <help>NAS-Identifier attribute sent to RADIUS</help> </properties> </leafNode> <leafNode name="nas-ip-address"> <properties> - <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help> + <help>NAS-IP-Address attribute sent to RADIUS</help> <constraint> <validator name="ipv4-address"/> </constraint> - <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage> <valueHelp> <format>ipv4</format> - <description>NAS-IP-Address Attribute Value</description> + <description>NAS-IP-Address attribute</description> </valueHelp> - </properties> - </leafNode> - <node name="dae-server"> + </properties> + </leafNode> + <node name="dynamic-author"> <properties> - <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> + <help>Dynamic Authorization Extension/Change of Authorization server</help> </properties> <children> - <leafNode name="ip-address"> + <leafNode name="server"> <properties> <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> <constraint> <validator name="ipv4-address"/> </constraint> - <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage> <valueHelp> <format>ipv4</format> - <description>Specifies IP address for Dynamic Authorization Extension server (DM/CoA)</description> + <description>IPv4 address for aynamic authorization server</description> </valueHelp> </properties> </leafNode> @@ -207,9 +218,9 @@ </constraint> </properties> </leafNode> - <leafNode name="secret"> + <leafNode name="key"> <properties> - <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help> + <help>Shared secret for Dynamic Authorization Extension server</help> </properties> </leafNode> </children> @@ -221,17 +232,17 @@ <children> <leafNode name="attribute"> <properties> - <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help> + <help>Specifies RADIUS attribute containing rate information (default 'Filter-Id')</help> </properties> </leafNode> <leafNode name="vendor"> <properties> - <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help> + <help>Specifies vendor dictionary (needs to be in /usr/share/accel-ppp/radius)</help> </properties> </leafNode> <leafNode name="enable"> <properties> - <help>Enables Bandwidth shaping via RADIUS</help> + <help>Enable RADIUS bandwidth shaping</help> <valueless /> </properties> </leafNode> @@ -241,42 +252,46 @@ </node> </children> </node> - <node name="sstp-settings"> + <node name="ssl"> <properties> - <help>SSTP settings</help> + <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help> </properties> <children> - <node name="ssl-certs"> + <leafNode name="ca-cert-file"> <properties> - <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help> + <help>Certificate Authority certificate</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> </properties> - <children> - <leafNode name="ca"> - <properties> - <help>Certificate Authority certificate</help> - <completionHelp> - <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> - </completionHelp> - </properties> - </leafNode> - <leafNode name="server-cert"> - <properties> - <help>Server Certificate</help> - <completionHelp> - <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> - </completionHelp> - </properties> - </leafNode> - <leafNode name="server-key"> - <properties> - <help>Privat Key of the Server Certificate</help> - <completionHelp> - <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script> - </completionHelp> - </properties> - </leafNode> - </children> - </node> + </leafNode> + <leafNode name="cert-file"> + <properties> + <help>Server Certificate</help> + <completionHelp> + <script>ls /config</script> + </completionHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="key-file"> + <properties> + <help>Privat Key of the Server Certificate</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> </children> </node> <node name="network-settings"> @@ -318,14 +333,9 @@ </leafNode> </children> </node> - <node name="dns-server"> + <leafNode name="name-server"> <properties> <help>DNS servers propagated to clients</help> - </properties> - <children> - <leafNode name="primary-dns"> - <properties> - <help>Primary DNS Server</help> <valueHelp> <format>ipv4</format> <description>IPv4 address</description> @@ -333,30 +343,10 @@ <constraint> <validator name="ipv4-address"/> </constraint> - </properties> - </leafNode> - <leafNode name="secondary-dns"> - <properties> - <help>Secondary DNS Server</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="mtu"> - <properties> - <help>Maximum Transmission Unit (MTU)</help> - <constraint> - <validator name="numeric" argument="--range 128-16384"/> - </constraint> + <multi/> </properties> </leafNode> + #include <include/interface-mtu-68-1500.xml.i> </children> </node> <node name="ppp-settings"> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in new file mode 100644 index 000000000..7c75bf824 --- /dev/null +++ b/interface-definitions/vrf.xml.in @@ -0,0 +1,47 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vrf" owner="${vyos_conf_scripts_dir}/vrf.py"> + <properties> + <help>Virtual Routing and Forwarding</help> + <!-- must be before any interface creation --> + <priority>210</priority> + </properties> + <children> + <leafNode name="bind-to-all"> + <properties> + <help>Enable binding services to all VRFs</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="name"> + <properties> + <help>VRF instance name</help> + <constraint> + <validator name="vrf-name"/> + </constraint> + <constraintErrorMessage>VRF instance name must be 16 characters or less and can not\nbe named as regular network interfaces</constraintErrorMessage> + <valueHelp> + <format>name</format> + <description>Instance name</description> + </valueHelp> + </properties> + <children> + <leafNode name="table"> + <properties> + <help>Routing table associated with this instance</help> + <valueHelp> + <format>100-2147483647</format> + <description>Routing table ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-2147483647"/> + </constraint> + <constraintErrorMessage>VRF routing table must be in range from 100 to 2147483647</constraintErrorMessage> + </properties> + </leafNode> + #include <include/interface-description.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vrrp.xml.in b/interface-definitions/vrrp.xml.in index 89d22f79f..120c7d218 100644 --- a/interface-definitions/vrrp.xml.in +++ b/interface-definitions/vrrp.xml.in @@ -254,6 +254,45 @@ </completionHelp> </properties> </leafNode> + <node name="transition-script"> + <properties> + <help>VRRP transition scripts</help> + </properties> + <children> + <leafNode name="master"> + <properties> + <help>Script to run on VRRP state transition to master</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="backup"> + <properties> + <help>Script to run on VRRP state transition to backup</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="fault"> + <properties> + <help>Script to run on VRRP state transition to fault</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Script to run on VRRP state transition to stop</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> </children> </tagNode> </children> |