From 27c51e0ec53e9d22a36bc95a010bdd3a9377b2d0 Mon Sep 17 00:00:00 2001 From: Jean-Gabriel Gill-Couture Date: Wed, 20 Aug 2025 21:54:46 -0400 Subject: [PATCH] feat(wip): Support opnsense 25.7 which defaults to dnsmasq instead of isc dhcp --- Cargo.lock | 19 +- harmony/src/domain/topology/ha_cluster.rs | 6 +- harmony/src/modules/tftp.rs | 2 +- opnsense-config-xml/src/data/dnsmasq.rs | 111 + opnsense-config-xml/src/data/interfaces.rs | 2 + opnsense-config-xml/src/data/mod.rs | 1 + opnsense-config-xml/src/data/opnsense.rs | 17 +- opnsense-config/src/config/config.rs | 18 +- opnsense-config/src/modules/dhcp.rs | 166 -- opnsense-config/src/modules/dhcp_legacy.rs | 166 ++ opnsense-config/src/modules/dnsmasq.rs | 69 + opnsense-config/src/modules/mod.rs | 4 +- ...config-full-25.7-dummy-dnsmasq-options.xml | 867 ++++++ .../src/tests/data/config-full-25.7.xml | 826 ++++++ .../src/tests/data/config-full-ncd0.xml | 2572 +++++++++++++++++ 15 files changed, 4661 insertions(+), 185 deletions(-) create mode 100644 opnsense-config-xml/src/data/dnsmasq.rs create mode 100644 opnsense-config/src/modules/dhcp_legacy.rs create mode 100644 opnsense-config/src/modules/dnsmasq.rs create mode 100644 opnsense-config/src/tests/data/config-full-25.7-dummy-dnsmasq-options.xml create mode 100644 opnsense-config/src/tests/data/config-full-25.7.xml create mode 100644 opnsense-config/src/tests/data/config-full-ncd0.xml diff --git a/Cargo.lock b/Cargo.lock index d08a31f..27a97f8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -105,7 +105,7 @@ dependencies = [ "futures-core", "futures-util", "mio 1.0.4", - "socket2", + "socket2 0.5.10", "tokio", "tracing", ] @@ -167,7 +167,7 @@ dependencies = [ "serde_json", "serde_urlencoded", "smallvec", - "socket2", + "socket2 0.5.10", "time", "tracing", "url", @@ -1655,6 +1655,21 @@ dependencies = [ "url", ] +[[package]] +name = "example-pxe" +version = "0.1.0" +dependencies = [ + "cidr", + "env_logger", + "harmony", + "harmony_cli", + "harmony_macros", + "harmony_types", + "log", + "tokio", + "url", +] + [[package]] name = "example-rust" version = "0.1.0" diff --git a/harmony/src/domain/topology/ha_cluster.rs b/harmony/src/domain/topology/ha_cluster.rs index 737419f..598ef5b 100644 --- a/harmony/src/domain/topology/ha_cluster.rs +++ b/harmony/src/domain/topology/ha_cluster.rs @@ -1,6 +1,7 @@ use async_trait::async_trait; use harmony_macros::ip; use harmony_types::net::MacAddress; +use log::debug; use log::info; use crate::executors::ExecutorError; @@ -49,9 +50,10 @@ impl Topology for HAClusterTopology { "HAClusterTopology" } async fn ensure_ready(&self) -> Result { - todo!( + debug!( "ensure_ready, not entirely sure what it should do here, probably something like verify that the hosts are reachable and all services are up and ready." - ) + ); + Ok(PreparationOutcome::Noop) } } diff --git a/harmony/src/modules/tftp.rs b/harmony/src/modules/tftp.rs index 357e480..6763ec0 100644 --- a/harmony/src/modules/tftp.rs +++ b/harmony/src/modules/tftp.rs @@ -12,7 +12,7 @@ use crate::{ #[derive(Debug, new, Clone, Serialize)] pub struct TftpScore { - files_to_serve: Url, + pub files_to_serve: Url, } impl Score for TftpScore { diff --git a/opnsense-config-xml/src/data/dnsmasq.rs b/opnsense-config-xml/src/data/dnsmasq.rs new file mode 100644 index 0000000..a246e74 --- /dev/null +++ b/opnsense-config-xml/src/data/dnsmasq.rs @@ -0,0 +1,111 @@ +use yaserde::MaybeString; +use yaserde_derive::{YaDeserialize, YaSerialize}; + +// This is the top-level struct that represents the entire element. +#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] +pub struct DnsMasq { + #[yaserde(attribute = true)] + pub version: String, + #[yaserde(attribute = true)] + pub persisted_at: Option, + + pub enable: u8, + pub regdhcp: u8, + pub regdhcpstatic: u8, + pub dhcpfirst: u8, + pub strict_order: u8, + pub domain_needed: u8, + pub no_private_reverse: u8, + pub no_resolv: Option, + pub log_queries: u8, + pub no_hosts: u8, + pub strictbind: u8, + pub dnssec: u8, + pub regdhcpdomain: MaybeString, + pub interface: Option, + pub port: Option, + pub dns_forward_max: MaybeString, + pub cache_size: MaybeString, + pub local_ttl: MaybeString, + pub add_mac: Option, + pub add_subnet: Option, + pub strip_subnet: Option, + pub no_ident: Option, + pub dhcp: Option, + pub dhcp_ranges: Vec, + pub dhcp_options: Vec, + pub dhcp_boot: Vec, +} + +// Represents the element and its nested fields. +#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] +#[yaserde(rename = "dhcp")] +pub struct Dhcp { + pub no_interface: MaybeString, + pub fqdn: u8, + pub domain: MaybeString, + pub lease_max: MaybeString, + pub authoritative: u8, + pub default_fw_rules: u8, + pub reply_delay: MaybeString, + pub enable_ra: u8, + pub nosync: u8, +} + +// Represents a single element. +#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] +#[yaserde(rename = "dhcp_ranges")] +pub struct DhcpRange { + #[yaserde(attribute = true)] + pub uuid: String, + pub interface: String, + pub set_tag: MaybeString, + pub start_addr: String, + pub end_addr: String, + pub subnet_mask: MaybeString, + pub constructor: MaybeString, + pub mode: MaybeString, + pub prefix_len: MaybeString, + pub lease_time: MaybeString, + pub domain_type: String, + pub domain: MaybeString, + pub nosync: u8, + pub ra_mode: MaybeString, + pub ra_priority: MaybeString, + pub ra_mtu: MaybeString, + pub ra_interval: MaybeString, + pub ra_router_lifetime: MaybeString, + pub description: MaybeString, +} + +// Represents a single element. +#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] +#[yaserde(rename = "dhcp_boot")] +pub struct DhcpBoot { + #[yaserde(attribute = true)] + pub uuid: String, + pub interface: MaybeString, + pub tag: MaybeString, + pub filename: String, + pub servername: String, + pub address: String, + pub description: String, +} + +// Represents a single element. +#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] +#[yaserde(rename = "dhcp_options")] +pub struct DhcpOptions { + #[yaserde(attribute = true)] + pub uuid: String, + #[yaserde(rename = "type")] + pub _type: String, + pub option: MaybeString, + pub option6: MaybeString, + pub interface: MaybeString, + pub tag: MaybeString, + pub set_tag: MaybeString, + pub value: String, + pub force: u8, + pub description: MaybeString, +} diff --git a/opnsense-config-xml/src/data/interfaces.rs b/opnsense-config-xml/src/data/interfaces.rs index e0a84d3..b06f392 100644 --- a/opnsense-config-xml/src/data/interfaces.rs +++ b/opnsense-config-xml/src/data/interfaces.rs @@ -8,10 +8,12 @@ pub struct Interface { #[yaserde(rename = "if")] pub physical_interface_name: String, pub descr: Option, + pub mtu: Option, pub enable: MaybeString, pub lock: Option, #[yaserde(rename = "spoofmac")] pub spoof_mac: Option, + pub mss: Option, pub ipaddr: Option, pub dhcphostname: Option, #[yaserde(rename = "alias-address")] diff --git a/opnsense-config-xml/src/data/mod.rs b/opnsense-config-xml/src/data/mod.rs index 68cee6b..6bd3ccd 100644 --- a/opnsense-config-xml/src/data/mod.rs +++ b/opnsense-config-xml/src/data/mod.rs @@ -3,6 +3,7 @@ mod dhcpd; mod haproxy; mod interfaces; mod opnsense; +pub mod dnsmasq; pub use caddy::*; pub use dhcpd::*; pub use haproxy::*; diff --git a/opnsense-config-xml/src/data/opnsense.rs b/opnsense-config-xml/src/data/opnsense.rs index 8ffe3e2..32a548b 100644 --- a/opnsense-config-xml/src/data/opnsense.rs +++ b/opnsense-config-xml/src/data/opnsense.rs @@ -1,3 +1,4 @@ +use crate::dnsmasq::DnsMasq; use crate::HAProxy; use crate::{data::dhcpd::DhcpInterface, xml_utils::to_xml_str}; use log::error; @@ -22,7 +23,7 @@ pub struct OPNsense { pub load_balancer: Option, pub rrd: Option, pub ntpd: Ntpd, - pub widgets: Widgets, + pub widgets: Option, pub revision: Revision, #[yaserde(rename = "OPNsense")] pub opnsense: OPNsenseXmlSection, @@ -45,7 +46,7 @@ pub struct OPNsense { #[yaserde(rename = "Pischem")] pub pischem: Option, pub ifgroups: Ifgroups, - pub dnsmasq: Option, + pub dnsmasq: Option, } impl From for OPNsense { @@ -165,9 +166,9 @@ pub struct Sysctl { #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] pub struct SysctlItem { - pub descr: MaybeString, - pub tunable: String, - pub value: MaybeString, + pub descr: Option, + pub tunable: Option, + pub value: Option, } #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] @@ -182,8 +183,8 @@ pub struct System { pub domain: String, pub group: Vec, pub user: Vec, - pub nextuid: u32, - pub nextgid: u32, + pub nextuid: Option, + pub nextgid: Option, pub timezone: String, pub timeservers: String, pub webgui: WebGui, @@ -242,6 +243,7 @@ pub struct Ssh { pub passwordauth: u8, pub keysig: MaybeString, pub permitrootlogin: u8, + pub rekeylimit: Option, } #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] @@ -271,6 +273,7 @@ pub struct Group { pub member: Vec, #[yaserde(rename = "priv")] pub priv_field: String, + pub source_networks: Option, } #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)] diff --git a/opnsense-config/src/config/config.rs b/opnsense-config/src/config/config.rs index f99159a..95c5430 100644 --- a/opnsense-config/src/config/config.rs +++ b/opnsense-config/src/config/config.rs @@ -4,8 +4,7 @@ use crate::{ config::{SshConfigManager, SshCredentials, SshOPNSenseShell}, error::Error, modules::{ - caddy::CaddyConfig, dhcp::DhcpConfig, dns::DnsConfig, load_balancer::LoadBalancerConfig, - tftp::TftpConfig, + caddy::CaddyConfig, dhcp_legacy::DhcpConfigLegacyISC, dns::DnsConfig, dnsmasq::DhcpConfigDnsMasq, load_balancer::LoadBalancerConfig, tftp::TftpConfig }, }; use log::{debug, info, trace, warn}; @@ -43,8 +42,12 @@ impl Config { }) } - pub fn dhcp(&mut self) -> DhcpConfig { - DhcpConfig::new(&mut self.opnsense, self.shell.clone()) + pub fn dhcp_legacy_isc(&mut self) -> DhcpConfigLegacyISC { + DhcpConfigLegacyISC::new(&mut self.opnsense, self.shell.clone()) + } + + pub fn dhcp(&mut self) -> DhcpConfigDnsMasq { + DhcpConfigDnsMasq::new(&mut self.opnsense, self.shell.clone()) } pub fn dns(&mut self) -> DnsConfig { @@ -200,7 +203,7 @@ impl Config { #[cfg(test)] mod tests { use crate::config::{DummyOPNSenseShell, LocalFileConfigManager}; - use crate::modules::dhcp::DhcpConfig; + use crate::modules::dhcp_legacy::DhcpConfigLegacyISC; use std::fs; use std::net::Ipv4Addr; @@ -215,6 +218,9 @@ mod tests { "src/tests/data/config-vm-test.xml", "src/tests/data/config-structure.xml", "src/tests/data/config-full-1.xml", + "src/tests/data/config-full-ncd0.xml", + "src/tests/data/config-full-25.7.xml", + "src/tests/data/config-full-25.7-dummy-dnsmasq-options.xml", ] { let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR")); test_file_path.push(path); @@ -257,7 +263,7 @@ mod tests { println!("Config {:?}", config); - let mut dhcp_config = DhcpConfig::new(&mut config.opnsense, shell); + let mut dhcp_config = DhcpConfigLegacyISC::new(&mut config.opnsense, shell); dhcp_config .add_static_mapping( "00:00:00:00:00:00", diff --git a/opnsense-config/src/modules/dhcp.rs b/opnsense-config/src/modules/dhcp.rs index 6b2d752..c0560a4 100644 --- a/opnsense-config/src/modules/dhcp.rs +++ b/opnsense-config/src/modules/dhcp.rs @@ -1,19 +1,3 @@ -use log::info; -use opnsense_config_xml::MaybeString; -use opnsense_config_xml::StaticMap; -use std::net::Ipv4Addr; -use std::sync::Arc; - -use opnsense_config_xml::OPNsense; - -use crate::config::OPNsenseShell; -use crate::Error; - -pub struct DhcpConfig<'a> { - opnsense: &'a mut OPNsense, - opnsense_shell: Arc, -} - #[derive(Debug)] pub enum DhcpError { InvalidMacAddress(String), @@ -42,153 +26,3 @@ impl std::fmt::Display for DhcpError { } impl std::error::Error for DhcpError {} - -impl<'a> DhcpConfig<'a> { - pub fn new(opnsense: &'a mut OPNsense, opnsense_shell: Arc) -> Self { - Self { - opnsense, - opnsense_shell, - } - } - - pub fn remove_static_mapping(&mut self, mac: &str) { - let lan_dhcpd = self.get_lan_dhcpd(); - lan_dhcpd - .staticmaps - .retain(|static_entry| static_entry.mac != mac); - } - - fn get_lan_dhcpd(&mut self) -> &mut opnsense_config_xml::DhcpInterface { - &mut self - .opnsense - .dhcpd - .elements - .iter_mut() - .find(|(name, _config)| name == "lan") - .expect("Interface lan should have dhcpd activated") - .1 - } - - pub fn add_static_mapping( - &mut self, - mac: &str, - ipaddr: Ipv4Addr, - hostname: &str, - ) -> Result<(), DhcpError> { - let mac = mac.to_string(); - let hostname = hostname.to_string(); - let lan_dhcpd = self.get_lan_dhcpd(); - let existing_mappings: &mut Vec = &mut lan_dhcpd.staticmaps; - - if !Self::is_valid_mac(&mac) { - return Err(DhcpError::InvalidMacAddress(mac)); - } - - // TODO validate that address is in subnet range - - if existing_mappings.iter().any(|m| { - m.ipaddr - .parse::() - .expect("Mapping contains invalid ipv4") - == ipaddr - && m.mac == mac - }) { - info!("Mapping already exists for {} [{}], skipping", ipaddr, mac); - return Ok(()); - } - - if existing_mappings.iter().any(|m| { - m.ipaddr - .parse::() - .expect("Mapping contains invalid ipv4") - == ipaddr - }) { - return Err(DhcpError::IpAddressAlreadyMapped(ipaddr.to_string())); - } - - if existing_mappings.iter().any(|m| m.mac == mac) { - return Err(DhcpError::MacAddressAlreadyMapped(mac)); - } - - let static_map = StaticMap { - mac, - ipaddr: ipaddr.to_string(), - hostname, - descr: Default::default(), - winsserver: Default::default(), - dnsserver: Default::default(), - ntpserver: Default::default(), - }; - - existing_mappings.push(static_map); - Ok(()) - } - - fn is_valid_mac(mac: &str) -> bool { - let parts: Vec<&str> = mac.split(':').collect(); - if parts.len() != 6 { - return false; - } - - parts - .iter() - .all(|part| part.len() <= 2 && part.chars().all(|c| c.is_ascii_hexdigit())) - } - - pub async fn get_static_mappings(&self) -> Result, Error> { - let list_static_output = self - .opnsense_shell - .exec("configctl dhcpd list static") - .await?; - - let value: serde_json::Value = serde_json::from_str(&list_static_output) - .unwrap_or_else(|_| panic!("Got invalid json from configctl {list_static_output}")); - let static_maps = value["dhcpd"] - .as_array() - .ok_or(Error::Command(format!( - "Invalid DHCP data from configctl command, got {list_static_output}" - )))? - .iter() - .map(|entry| StaticMap { - mac: entry["mac"].as_str().unwrap_or_default().to_string(), - ipaddr: entry["ipaddr"].as_str().unwrap_or_default().to_string(), - hostname: entry["hostname"].as_str().unwrap_or_default().to_string(), - descr: entry["descr"].as_str().map(MaybeString::from), - winsserver: MaybeString::default(), - dnsserver: MaybeString::default(), - ntpserver: MaybeString::default(), - }) - .collect(); - - Ok(static_maps) - } - pub fn enable_netboot(&mut self) { - self.get_lan_dhcpd().netboot = Some(1); - } - - pub fn set_next_server(&mut self, ip: Ipv4Addr) { - self.enable_netboot(); - self.get_lan_dhcpd().nextserver = Some(ip.to_string()); - self.get_lan_dhcpd().tftp = Some(ip.to_string()); - } - - pub fn set_boot_filename(&mut self, boot_filename: &str) { - self.enable_netboot(); - self.get_lan_dhcpd().bootfilename = Some(boot_filename.to_string()); - } - - pub fn set_filename(&mut self, filename: &str) { - self.enable_netboot(); - self.get_lan_dhcpd().filename = Some(filename.to_string()); - } - - pub fn set_filename64(&mut self, filename64: &str) { - self.enable_netboot(); - self.get_lan_dhcpd().filename64 = Some(filename64.to_string()); - } - - pub fn set_filenameipxe(&mut self, filenameipxe: &str) { - self.enable_netboot(); - self.get_lan_dhcpd().filenameipxe = Some(filenameipxe.to_string()); - } -} diff --git a/opnsense-config/src/modules/dhcp_legacy.rs b/opnsense-config/src/modules/dhcp_legacy.rs new file mode 100644 index 0000000..1d36ac6 --- /dev/null +++ b/opnsense-config/src/modules/dhcp_legacy.rs @@ -0,0 +1,166 @@ +use crate::modules::dhcp::DhcpError; +use log::info; +use opnsense_config_xml::MaybeString; +use opnsense_config_xml::StaticMap; +use std::net::Ipv4Addr; +use std::sync::Arc; + +use opnsense_config_xml::OPNsense; + +use crate::config::OPNsenseShell; +use crate::Error; + +pub struct DhcpConfigLegacyISC<'a> { + opnsense: &'a mut OPNsense, + opnsense_shell: Arc, +} + +impl<'a> DhcpConfigLegacyISC<'a> { + pub fn new(opnsense: &'a mut OPNsense, opnsense_shell: Arc) -> Self { + Self { + opnsense, + opnsense_shell, + } + } + + pub fn remove_static_mapping(&mut self, mac: &str) { + let lan_dhcpd = self.get_lan_dhcpd(); + lan_dhcpd + .staticmaps + .retain(|static_entry| static_entry.mac != mac); + } + + fn get_lan_dhcpd(&mut self) -> &mut opnsense_config_xml::DhcpInterface { + &mut self + .opnsense + .dhcpd + .elements + .iter_mut() + .find(|(name, _config)| name == "lan") + .expect("Interface lan should have dhcpd activated") + .1 + } + + pub fn add_static_mapping( + &mut self, + mac: &str, + ipaddr: Ipv4Addr, + hostname: &str, + ) -> Result<(), DhcpError> { + let mac = mac.to_string(); + let hostname = hostname.to_string(); + let lan_dhcpd = self.get_lan_dhcpd(); + let existing_mappings: &mut Vec = &mut lan_dhcpd.staticmaps; + + if !Self::is_valid_mac(&mac) { + return Err(DhcpError::InvalidMacAddress(mac)); + } + + // TODO validate that address is in subnet range + + if existing_mappings.iter().any(|m| { + m.ipaddr + .parse::() + .expect("Mapping contains invalid ipv4") + == ipaddr + && m.mac == mac + }) { + info!("Mapping already exists for {} [{}], skipping", ipaddr, mac); + return Ok(()); + } + + if existing_mappings.iter().any(|m| { + m.ipaddr + .parse::() + .expect("Mapping contains invalid ipv4") + == ipaddr + }) { + return Err(DhcpError::IpAddressAlreadyMapped(ipaddr.to_string())); + } + + if existing_mappings.iter().any(|m| m.mac == mac) { + return Err(DhcpError::MacAddressAlreadyMapped(mac)); + } + + let static_map = StaticMap { + mac, + ipaddr: ipaddr.to_string(), + hostname, + descr: Default::default(), + winsserver: Default::default(), + dnsserver: Default::default(), + ntpserver: Default::default(), + }; + + existing_mappings.push(static_map); + Ok(()) + } + + fn is_valid_mac(mac: &str) -> bool { + let parts: Vec<&str> = mac.split(':').collect(); + if parts.len() != 6 { + return false; + } + + parts + .iter() + .all(|part| part.len() <= 2 && part.chars().all(|c| c.is_ascii_hexdigit())) + } + + pub async fn get_static_mappings(&self) -> Result, Error> { + let list_static_output = self + .opnsense_shell + .exec("configctl dhcpd list static") + .await?; + + let value: serde_json::Value = serde_json::from_str(&list_static_output) + .unwrap_or_else(|_| panic!("Got invalid json from configctl {list_static_output}")); + let static_maps = value["dhcpd"] + .as_array() + .ok_or(Error::Command(format!( + "Invalid DHCP data from configctl command, got {list_static_output}" + )))? + .iter() + .map(|entry| StaticMap { + mac: entry["mac"].as_str().unwrap_or_default().to_string(), + ipaddr: entry["ipaddr"].as_str().unwrap_or_default().to_string(), + hostname: entry["hostname"].as_str().unwrap_or_default().to_string(), + descr: entry["descr"].as_str().map(MaybeString::from), + winsserver: MaybeString::default(), + dnsserver: MaybeString::default(), + ntpserver: MaybeString::default(), + }) + .collect(); + + Ok(static_maps) + } + pub fn enable_netboot(&mut self) { + self.get_lan_dhcpd().netboot = Some(1); + } + + pub fn set_next_server(&mut self, ip: Ipv4Addr) { + self.enable_netboot(); + self.get_lan_dhcpd().nextserver = Some(ip.to_string()); + self.get_lan_dhcpd().tftp = Some(ip.to_string()); + } + + pub fn set_boot_filename(&mut self, boot_filename: &str) { + self.enable_netboot(); + self.get_lan_dhcpd().bootfilename = Some(boot_filename.to_string()); + } + + pub fn set_filename(&mut self, filename: &str) { + self.enable_netboot(); + self.get_lan_dhcpd().filename = Some(filename.to_string()); + } + + pub fn set_filename64(&mut self, filename64: &str) { + self.enable_netboot(); + self.get_lan_dhcpd().filename64 = Some(filename64.to_string()); + } + + pub fn set_filenameipxe(&mut self, filenameipxe: &str) { + self.enable_netboot(); + self.get_lan_dhcpd().filenameipxe = Some(filenameipxe.to_string()); + } +} diff --git a/opnsense-config/src/modules/dnsmasq.rs b/opnsense-config/src/modules/dnsmasq.rs new file mode 100644 index 0000000..2bb03ea --- /dev/null +++ b/opnsense-config/src/modules/dnsmasq.rs @@ -0,0 +1,69 @@ +use crate::modules::dhcp::DhcpError; +use log::info; +use opnsense_config_xml::MaybeString; +use opnsense_config_xml::StaticMap; +use std::net::Ipv4Addr; +use std::sync::Arc; + +use opnsense_config_xml::OPNsense; + +use crate::config::OPNsenseShell; +use crate::Error; + +pub struct DhcpConfigDnsMasq<'a> { + opnsense: &'a mut OPNsense, + opnsense_shell: Arc, +} + +impl<'a> DhcpConfigDnsMasq<'a> { + pub fn new(opnsense: &'a mut OPNsense, opnsense_shell: Arc) -> Self { + Self { + opnsense, + opnsense_shell, + } + } + + pub fn remove_static_mapping(&mut self, mac: &str) { + todo!() + } + + fn get_lan_dhcpd(&mut self) -> &mut opnsense_config_xml::DhcpInterface { + todo!() + } + + pub fn add_static_mapping( + &mut self, + mac: &str, + ipaddr: Ipv4Addr, + hostname: &str, + ) -> Result<(), DhcpError> { + todo!() + } + + pub async fn get_static_mappings(&self) -> Result, Error> { + todo!() + } + pub fn enable_netboot(&mut self) { + todo!() + } + + pub fn set_next_server(&mut self, ip: Ipv4Addr) { + todo!() + } + + pub fn set_boot_filename(&mut self, boot_filename: &str) { + todo!() + } + + pub fn set_filename(&mut self, filename: &str) { + todo!() + } + + pub fn set_filename64(&mut self, filename64: &str) { + todo!() + } + + pub fn set_filenameipxe(&mut self, filenameipxe: &str) { + todo!() + } +} diff --git a/opnsense-config/src/modules/mod.rs b/opnsense-config/src/modules/mod.rs index dc3fd7c..307e481 100644 --- a/opnsense-config/src/modules/mod.rs +++ b/opnsense-config/src/modules/mod.rs @@ -1,5 +1,7 @@ pub mod caddy; -pub mod dhcp; +pub mod dhcp_legacy; pub mod dns; pub mod load_balancer; pub mod tftp; +pub mod dhcp; +pub mod dnsmasq; diff --git a/opnsense-config/src/tests/data/config-full-25.7-dummy-dnsmasq-options.xml b/opnsense-config/src/tests/data/config-full-25.7-dummy-dnsmasq-options.xml new file mode 100644 index 0000000..5e22137 --- /dev/null +++ b/opnsense-config/src/tests/data/config-full-25.7-dummy-dnsmasq-options.xml @@ -0,0 +1,867 @@ + + + opnsense + + + + + 115200 + serial + normal + OPNsense + internal + 1 + + + 1999 + admins + system + System Administrators + page-all + 0 + + + + 0 + root + 0 + system + + + + + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + + + + + + + + System Administrator + + + Etc/UTC + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + 68a5faf1685db + + + + + + yes + 1 + 1 + 1 + 1 + 1 + 1 + 1 + hadp + hadp + hadp + + monthly + + 1 + 1 + + admins + 1 + + + + + + + + enabled + 1 + 1 + + -1 + -1 + + + + + + + 0 + + + en_US + + + + 1 + vtnet0 + + dhcp + dhcp6 + + + 0 + 1 + + + 0 + + + + + + 1 + vtnet1 + 192.168.1.1 + 24 + track6 + 64 + + + wan + 0 + + + 1 + Loopback + 1 + lo0 + 127.0.0.1 + ::1 + 8 + 128 + none + 1 + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + lan + 0 + + + + + 0 + 0 + + + 1 + + + 0 + 1 + + 0 + 0 + + 1 + + lan + + 192.168.1.41 + 192.168.1.245 + + + + + + range + + 0 + + + + + + + + + set + + + lan + + + test/boot/filename + 0 + + + + set + + + lan + + + test some pxe setting vendor specific 128 + 0 + + + + set + + + + + + pxelinux magic what is this (on any interface) + 0 + + + + + + boot options filename + boot servername +
boot server address
+ boot description + + + + + + public + + + + automatic + + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + + + + + 0.opnsense.pool.ntp.org + + + root@192.168.1.5 + /api/dnsmasq/settings/set made changes + + + + + + + + + 0 + + + + + + + + + 0 + 0 + + + + + + + 16 + 32 + 4 + 1000 + 1 + 0 + 0 + 0 + + + + + + + + 1 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + + + + + + + + + + 0 + + + + + + + 0 + 0 + + + ipsec + 0 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + v9 + + + + 0 + + 1800 + 15 + + + + + + + + + 0 + 0 + 0 + wan + 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 + + + W0D23 + 4 + + + + + + + 0 + 0 + 0 + + + + 0 + 0 + + + + 0 + 0 + 0 + + + + + + + + + + + + + + 0 + 127.0.0.1 + 8000 + + + + + 0 + 0 + + 4000 + 1 + raw + + + 0 + + 2 + + + + + + + + 0 + 0 + + 4000 + 1 + + + 0 + + 2 + + + + + + + + + + 0 + 120 + 120 + 127.0.0.1 + 25 + + + 0 + auto + 1 + + + + + 0 + root + + 2812 + + + 5 + 1 + + + 0 + root@localhost.local + 0 + + + + + + + 1 + $HOST + + system + + + + 300 + 30 +
+ + + + 02014be3-fc31-4af3-a0d5-061eaa67d28a,ebfd0d97-ae21-45d5-8b42-5220c75ce46f,d37f25f0-89e3-44b6-8ad2-280ac83a8904,37afd0d9-990c-4f03-a817-45691461e3d0 + + + + + 1 + RootFs + + filesystem + + + / + 300 + 30 +
+ + + + b44b859c-bc72-4c2e-82c9-4f56d84a5497 + + + + + 0 + carp_status_change + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/carp_status + 300 + 30 +
+ + + + 0909801b-cd11-41c8-afeb-369396247308 + + + + + 0 + gateway_alert + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert + 300 + 30 +
+ + + + 56e67d76-cef6-4167-a51e-2c69a921ebc9 + + + + + Ping + NetworkPing + failed ping + alert + + + + NetworkLink + NetworkInterface + failed link + alert + + + + NetworkSaturation + NetworkInterface + saturation is greater than 75% + alert + + + + MemoryUsage + SystemResource + memory usage is greater than 75% + alert + + + + CPUUsage + SystemResource + cpu usage is greater than 75% + alert + + + + LoadAvg1 + SystemResource + loadavg (1min) is greater than 4 + alert + + + + LoadAvg5 + SystemResource + loadavg (5min) is greater than 3 + alert + + + + LoadAvg15 + SystemResource + loadavg (15min) is greater than 2 + alert + + + + SpaceUsage + SpaceUsage + space usage is greater than 75% + alert + + + + ChangedStatus + ProgramStatus + changed status + alert + + + + NonZeroStatus + ProgramStatus + status != 0 + alert + + + + + + + 1 + 1 + 31 + + + + + + + + + + + + 0 + 0 + 0 + 1 + 0 + + + + + + + + + + + 1 + 53 + 0 + + 0 + 0 + + 0 + 0 + + 0 + 0 + 0 + 0 + 0 + transparent + + 0 + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + + 0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10 + + + + + + + + + + + + + + 0 + + + + + allow + + + 0 + 0 + + + + + +
+ 0 + + + 0 + + + + + + + + 0 + 0 + + + 1400 + + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 68a5faf1685db + Web GUI TLS certificate + + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhFakNDQlBxZ0F3SUJBZ0lVQlpQYjUwMXNaM3hhTTZzSDVUM1ZNRG9mcnlNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZWXhHakFZQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWlRBZUZ3MHkKTlRBNE1qQXhOalF5TWpaYUZ3MHlOakE1TWpFeE5qUXlNalphTUlHR01Sb3dHQVlEVlFRRERCRlBVRTV6Wlc1egpaUzVwYm5SbGNtNWhiREVMTUFrR0ExVUVCaE1DVGt3eEZUQVRCZ05WQkFnTURGcDFhV1F0U0c5c2JHRnVaREVWCk1CTUdBMVVFQnd3TVRXbGtaR1ZzYUdGeWJtbHpNUzB3S3dZRFZRUUtEQ1JQVUU1elpXNXpaU0J6Wld4bUxYTnAKWjI1bFpDQjNaV0lnWTJWeWRHbG1hV05oZEdVd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJSwpBb0lDQVFEQVozZk1lakdOckZYVFhZd24vTUp5YXBYMDdVOTVWZ0JERzZmWU1wZkZEU1NXeFRValRLRlNvR3JRCkpDb0ZyQ0NRQ3BsWnlua0ZjVFZvWVAraGszcndWWmxHZVFyL0RyR2ZiM1lPc2RGbEtublo5YzRTOGVrSkc2WTIKYWI0eFJTcnBja0hoTWQ4MHNENUFRdks1Skc2MS9UMEhNRXVMcGlraUF3MFpCempWbjlVUUpSRTJiS29kOW9IdgpEbG5DVGNTV1FUNWYrV3A0Sll0anVBVHBZMUlRVW4wbkxuWDBHUC9JRGtsWjFrdEZOczRPOGcrQmRVWFU0MUdvCjNGTFpCc1hQVm90WFVrRVl2R0ZldjJRMlBwSnNib25aWEpoR255amREUlZkZFZGOGhacGJua0wwU2xJTVFNeFQKSTRXK051ZmUvUTZGRDdmZnFRa0toemZ3SlJ2N0dGM2RTRlEwWldPUGNTZVZXY3lWTlVVMTMvcnBteUpvNXZhWQpYR000THcxb1d2c1FjUWxaUllnSkxhSWMzM0dnMGQySHhvZTIvdytIeFRXOEw4ZldqbzgxK250YWJXTlZhV0IwCnd6TXNFNGRBOWtxR2dmcWZjbm96ckovamJtNEFBTTB6QTlVZFh0SUJtRGdpeFNkVzB4eHNQNlZWRTdMdnlURTgKWnBJTjRoL1FCYURyc2hhRXJ6TXhUd01IZXJ1RlV4bFpxZEdSa3ErQXRJU1VwRE05VXB0YWZZMk5ydzgxVDFhSwoycFduVFlFQktCUnVwdk00TzFHNXN5NU5GZm13NFRTc0pqRUhtMFEvVTZ4ZU45bVg0OFhIYUZFNnhvQTJEZEMrCjJHS2lKWFlrYi9nZm13cmp1Y3NGWGpBS2tDNWF6ZXFqaERXeGxDbmJNS1YwSTQxOWp3SURBUUFCbzRJQmREQ0MKQVhBd0NRWURWUjBUQkFJd0FEQVJCZ2xnaGtnQmh2aENBUUVFQkFNQ0JrQXdOQVlKWUlaSUFZYjRRZ0VOQkNjVwpKVTlRVG5ObGJuTmxJRWRsYm1WeVlYUmxaQ0JUWlhKMlpYSWdRMlZ5ZEdsbWFXTmhkR1V3SFFZRFZSME9CQllFCkZMK2YzU0tCM0tMSi9nWStBUTJIZDBhTzVPRU1NSUd3QmdOVkhTTUVnYWd3Z2FXaGdZeWtnWWt3Z1lZeEdqQVkKQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVk1CTUdBMVVFQ0F3TQpXblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyQmdOVkJBb01KRTlRClRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUJaUGI1MDFzWjN4YU02c0gKNVQzVk1Eb2ZyeU13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01Bc0dBMVVkRHdRRQpBd0lGb0RBY0JnTlZIUkVFRlRBVGdoRlBVRTV6Wlc1elpTNXBiblJsY201aGJEQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBZ0VBY3F3VEN0RmVwWDlFOEFMYXRaWEE4dkN2b1YwZkxuaElPM0lWT2tZNEhYMTRRRU9NUGo4KzVXMXoKc3hyUGNscEJQVU5tbXJRb0hWUHBuWTRFM2hFanlYY1JWSzZtTEFrSkpRUDJPOEE2NFFpL3FNSkhCYUlEU0MzKwpqMHdkMGYyODRvcEppQ0F2UnF0SGh1bDd3akd4QzNZUXRxWTFMODNWUHBOWGRjOVVsZExTUGZ6WWluMlBPekMrClFDWU9qN3VQUDlCVGExTURudkdPdkdrOHdQeUJGaFZQWVFBWjYwb1ZaS2psOUI2R1piRzF1SG1ON3p3a3k0eEIKNk1RSlF3cHFscDdXQ09QSHJlZTFiVGZaMkJMZFQrZzJHakVMT0xNRGJMTHAzNUw0blBDUmNGRkJZNEszMHBncQpVWjdncEtNTmhuR3huQ29lR3dHUk54ZHFoZnNlT3FqaURVM0hBVDEya3FReU1vOEZNT1g1bG9EaVpXSGZTS0JrClVRaG5Tc1BTMG0vZ2dSRVgwNVQzYWM2NUxNOVVXMEs2MXppZUs5WFhTcjNXWlQ1TkhNV2JmU0VScUR4SGRtZ0YKeGt3YXkxZWpCZTFoZzdGMGpicTVDMGo1ZXB5ZDNOc1BTVUtDY2FDNi9aWTNkUHVYWVZZL0J2dnFsZHZJSzRBeAo0R1BLQ0xzaStGRjliSXZRWG4zbTV2KzJoQWF2WlpxcmJOTFUzVFQ0aDd2QllBOVRNcXpwd3lEaW5BR3RhaEE3CnhDSW5IU01kZXpQcnNkZDJrTW5TckhPdWtGeGdKb2lNZ3krVlJmdTdvZk9NMjhYQ1FySWF6djBFYmFhTU1ZMTcKRzlXOFd3SXZUb2lYY1ZWNTk3K1NUNHRsSTVIM3lDZFBtSk1kRm5GcDg1K2JzbW42MFQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRREFaM2ZNZWpHTnJGWFQKWFl3bi9NSnlhcFgwN1U5NVZnQkRHNmZZTXBmRkRTU1d4VFVqVEtGU29HclFKQ29GckNDUUNwbFp5bmtGY1RWbwpZUCtoazNyd1ZabEdlUXIvRHJHZmIzWU9zZEZsS25uWjljNFM4ZWtKRzZZMmFiNHhSU3JwY2tIaE1kODBzRDVBClF2SzVKRzYxL1QwSE1FdUxwaWtpQXcwWkJ6alZuOVVRSlJFMmJLb2Q5b0h2RGxuQ1RjU1dRVDVmK1dwNEpZdGoKdUFUcFkxSVFVbjBuTG5YMEdQL0lEa2xaMWt0Rk5zNE84ZytCZFVYVTQxR28zRkxaQnNYUFZvdFhVa0VZdkdGZQp2MlEyUHBKc2JvblpYSmhHbnlqZERSVmRkVkY4aFpwYm5rTDBTbElNUU14VEk0VytOdWZlL1E2RkQ3ZmZxUWtLCmh6ZndKUnY3R0YzZFNGUTBaV09QY1NlVldjeVZOVVUxMy9ycG15Sm81dmFZWEdNNEx3MW9XdnNRY1FsWlJZZ0oKTGFJYzMzR2cwZDJIeG9lMi93K0h4VFc4TDhmV2pvODErbnRhYldOVmFXQjB3ek1zRTRkQTlrcUdnZnFmY25vegpySi9qYm00QUFNMHpBOVVkWHRJQm1EZ2l4U2RXMHh4c1A2VlZFN0x2eVRFOFpwSU40aC9RQmFEcnNoYUVyek14ClR3TUhlcnVGVXhsWnFkR1JrcStBdElTVXBETTlVcHRhZlkyTnJ3ODFUMWFLMnBXblRZRUJLQlJ1cHZNNE8xRzUKc3k1TkZmbXc0VFNzSmpFSG0wUS9VNnhlTjltWDQ4WEhhRkU2eG9BMkRkQysyR0tpSlhZa2IvZ2Ztd3JqdWNzRgpYakFLa0M1YXplcWpoRFd4bENuYk1LVjBJNDE5andJREFRQUJBb0lDQUNVVkRBTE4zalVXN09leTFPdDBES251Cm52NDRxcU9SRHJYZ1k2WUlnalhKUmE4RlRTdURmbWdsWU5EQzE1S0dUVFJWeHA2R3BuS0ZFaTBPM05Yd1RiWjYKV1BNN0t3SmplNXBsNmhRRTgzMlRCUzhiNzk2NDN4Z1JTeVNibHJ0NlFENEQ5bXlIcHlSSmY0WDFJVURMbzhiUgppdXlTdzB5ajlyT0djUVRNM29oVnFNUFcwUTF6UGdwT1UxYVdwbmdMY3dNZWlmNEhYUnpRNTUrTmZPemFacHVjCnVtQk4xUS81clhxS1BscmhNVnFpcUc0Nit3QVJjU2NKdE5oZHRsMzdyeTQ1Mk5zNGtERkxSVnowZUVUNEpGSmYKcjVQRUE5bEFuYWlVOS9RdVEwbERtcTlqdmpYRkNURXhYKy82SGJHK2RVd0Y2OEY3ZVEzVFQxbkhHK0hkMVJsbgpOWm1JM0p2d0Z1cG9JeU9VdlpJb3VGVmo2ak8ra0JLejkza1BHWmdMbnNmUUw5WDhRbTU3cjh4K3Z1eFNudGI1CjV4WVBxRkdrOWQrbDUwbTlQakdkekxGT3UwYnJ5TmQ4MFVMS2tuUlFtUVpvTngxck5GTUxpSjNlZENWUS9lclUKT1BDQ0Z0WEJMemJGTjR2ZzVWRjZMUkhvZGxqcEgxRzJOSXNoSzJhc1FuWS9RWDFpUUNLSk1tWERSUndMTWVsNQp3MUF4T2FqYVkzbWx2ZlRVd2xqdkE3a0tFUDBvZzRPeXZldDA2WTVRWk1EQXc1V00yT0pZVDVxcmFlYjZDbTdMCjlNckk4bG50TGp3WFVSZG4yU3U2RCtCWXNpcC9KK3BvOFNqYlJBaGJIc0lJbkJ1QWJnbGxqdTB2QXRXZmFkQlQKOTg4YnUwK3VUb1Q2T1Jkbk84Y1JBb0lCQVFEcStWYkVUQWVpSHN6K29jZnFWV3VwVHJrc2FNNm1wUUMwb0tqZApwb1FzWGVuTmNiNThHQ3FhWHkvdTJHWmNKUnR1QXRHamEyUVpEUUFUSjQyVTFmaTFhWm90Y053eXhPdmlud1NjCmVLZyt0ZGcwdW9LeGs2aXJKRFptaDBIK3Ewblg2RFJYK25RNDVmWVNmRkRFK0ZLd1lac0dQMkhYV3dKaVZ6OE0KU2NkL2pETTFRTWV2OXIzZWx1dS9DWFlvZ1N0N00wMklyczVoNjRuNjFmdVZjNHI4YmUwdFkrUTVsUnlwWk9NVwpkQ2VkWGFOV3RaNjF2bEFxamNiWkpkdXFBUjJjNzAyR3NML201TXA4Zmd3YmY2aG51TXJLaVlpQjlZalZxalc2CmYyUW1PclZtMUk0MFJBMC9OaFBTR2NXejBkNXZrdXY0VHUra2JFbERZTCsxaHY1M0FvSUJBUURSbnZaTmJaa1UKTXpmUTRLWEdML3dLUXJEbjNvL0RENWVBR1ZDTGcwTUkyYlAxYWpubHNVTjE4NCs1UWF6cVVOaWlZT3laODczeQpQYkw0cTBOZWFDYXdxby9WbjJMSkVIUFVTTVhUWjB4ckxTa1hPUjFuMDUwT2tDWXhVbFpOUXFvZU1xcHJGNXZLCm1NNlJxalN4NS8ydU9IUlR1SDRVV2RETEpwTDVUN2RpUCtXcFUwSDlSUWhrNDdkQUJaUjZEZjNxaDJEYmVxUWoKdWcxY0hWUVNqaldhUGpVZGlLR2dHemdvdlE2UkdNZDA1UVUzdkRMdzBCSkNPQ25XV2x0VXkvMW1jMUpPUHR2ZQp4UGltV2tRNmlkRHZ4RGZFRGg5U05zY1FPMnBTVjZxNnhCTWlqVGgvTldGN2NsOU1LYUhJWGxzTmt0RFVXWHZyCmNKRlM4eE1TcDhlcEFvSUJBUUNtWktVTjRxMHhIOUNZckdYT1Nta3Yvc0JnYzJPTFhLTXdSZWp1OVFENkRoTUgKMmZsREZUWHVGV1B6SmlqdUxaVE1CWkVBd1lhanVySUgzbVdETlRhbStMNG1XWnFGRlMvWlRqUk12YUNlcjlVSQpHZDk4OG94cGpQNDlBcUU0UDRIT00vQUZNU1ZtT1dwVTB0VzdkZ0hRUjM0cElXOGV1cUxva3RIaDJNaytTRURuCkFCV29SUGxWaTlncmN2N0tWaFk5YXlvSGxZb3VpMFl0YTZSNXc5VnpSa0REZU01Zi9Iak1kOVhieTZ0VjQ3NU0KSTliYzZvVUliVmVYNUJnMnZnMkRXVzZ6NTZ3dFRHMGJWWU1yWWU0V2JTU2w0bGpaZHM5TVJ2ay9OUUR0bFh0cAo4ekUwVDlCMXA4ekhabHE3S08zMFlyMVpIRVRWVVoxYjZrSTN3UDJuQW9JQkFFZ1VGKzlCMjF4RnpGQ0hucGtLClVPa2FTNGcvVUVHcmI5VzlYcVBLUzllVVBEd0wvY0tNZEh6dmRpRW1neFhESE9xZzExcU1wR2pTYkdMelNPUUMKZmlOTFV0QUswVVgvNFVSQ2pidUdqcEZmNHZ3NFNITTJJWkFyWXVhY3dFNHF1U0pQRzZoZFl0V0VPNnQ4MGtmRwpWTVYrWmdtUHE5TEZtM1R2VzZSY2s5czF5M3V3eEVVWllxeUdYTEduK1lrS25KL3pVd3ZGSFFHbjdRWWFrNWtaCnl6YXhZMFEzZ2hQeXFCbmlBRXRHTVBkeDlKeFltMCtRekdaMnQzUWNkOEV0cjRGMTcvdzF3eGJUdGdoRmk2WngKVXlYTzI3b1BmUmVnL0V3SmtpS2tRSEdlRUZKV0t2SWE0ZDAzMDZyMXVjcVRIMDRJaU1RcnpOK0ZRb002VC9tZgpOWmtDZ2dFQUsrRVJNVVdJZTE3V1k3VDIycy9lOEplN0xxSXlUcU9mSGovaWFUUjhHbXhqcU1HNEdod1RpVXJsCkh0Skhud3BMVGFjVmdYUjV3UmtYcEhRT2JqSUFzeVNBUGxwSzBvZUkyK2kvS0cyQjZ2U0cza0V2b1VZY0RlRk4KdzhHd0oxNDNTd21LQXM4eUtWMmd1RjhmRXNNVitEQzNzVHFlZXJmMy82bFprMUVCVFF0QTZqVHdqK0picXgwVgpaalZJUXBwUE8vc1VHdi9LZVE3MW5ockJpT0lXclJ0dDRTUDJ2aWx2em9DUTQxVjFqZ09wS3VwU3E1Y2J3VDRxCmp1bkJIMkx5VnNQaUc4M0Vha1JSUEhDK0craTk1MFJxckxVRUJOeVdHNGlMNTdUdU9xYVJuSmRnN2ZFb2lVLzMKNld4TjlvR2VRWjV0NjZkdTJEL01WSUZ4ZzJ1cXRBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + + + diff --git a/opnsense-config/src/tests/data/config-full-25.7.xml b/opnsense-config/src/tests/data/config-full-25.7.xml new file mode 100644 index 0000000..1cd4909 --- /dev/null +++ b/opnsense-config/src/tests/data/config-full-25.7.xml @@ -0,0 +1,826 @@ + + + opnsense + + + + + 115200 + serial + normal + OPNsense + internal + 1 + + + 1999 + admins + system + System Administrators + page-all + 0 + + + + 0 + root + 0 + system + + + + + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + + + + + + + + System Administrator + + + Etc/UTC + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + 68a5faf1685db + + + + + + yes + 1 + 1 + 1 + 1 + 1 + 1 + 1 + hadp + hadp + hadp + + monthly + + 1 + 1 + + admins + 1 + + + + + + + + enabled + 1 + 1 + + -1 + -1 + + + + + + + 0 + + + en_US + + + + 1 + vtnet0 + + dhcp + dhcp6 + + + 0 + 1 + + + 0 + + + + + + 1 + vtnet1 + 192.168.1.1 + 24 + track6 + 64 + + + wan + 0 + + + 1 + Loopback + 1 + lo0 + 127.0.0.1 + ::1 + 8 + 128 + none + 1 + + + + 1 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + lan + 0 + + + + + 0 + 0 + + + 1 + + + 0 + 1 + + 0 + 0 + + 1 + + lan + + 192.168.1.41 + 192.168.1.245 + + + + + + range + + 0 + + + + + + + + + + + + public + + + + automatic + + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + + + + + 0.opnsense.pool.ntp.org + + + root@192.168.1.5 + /system_advanced_admin.php made changes + + + + + + + + + 0 + + + + + + + + + 0 + 0 + + + + + + + 16 + 32 + 4 + 1000 + 1 + 0 + 0 + 0 + + + + + + + + 1 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + + + + + + + + + + 0 + + + + + + + 0 + 0 + + + ipsec + 0 + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + v9 + + + + 0 + + 1800 + 15 + + + + + + + + + 0 + 0 + 0 + wan + 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 + + + W0D23 + 4 + + + + + + + 0 + 0 + 0 + + + + 0 + 0 + + + + 0 + 0 + 0 + + + + + + + + + + + + + + 0 + 127.0.0.1 + 8000 + + + + + 0 + 0 + + 4000 + 1 + raw + + + 0 + + 2 + + + + + + + + 0 + 0 + + 4000 + 1 + + + 0 + + 2 + + + + + + + + + + 0 + 120 + 120 + 127.0.0.1 + 25 + + + 0 + auto + 1 + + + + + 0 + root + + 2812 + + + 5 + 1 + + + 0 + root@localhost.local + 0 + + + + + + + 1 + $HOST + + system + + + + 300 + 30 +
+ + + + 02014be3-fc31-4af3-a0d5-061eaa67d28a,ebfd0d97-ae21-45d5-8b42-5220c75ce46f,d37f25f0-89e3-44b6-8ad2-280ac83a8904,37afd0d9-990c-4f03-a817-45691461e3d0 + + + + + 1 + RootFs + + filesystem + + + / + 300 + 30 +
+ + + + b44b859c-bc72-4c2e-82c9-4f56d84a5497 + + + + + 0 + carp_status_change + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/carp_status + 300 + 30 +
+ + + + 0909801b-cd11-41c8-afeb-369396247308 + + + + + 0 + gateway_alert + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert + 300 + 30 +
+ + + + 56e67d76-cef6-4167-a51e-2c69a921ebc9 + + + + + Ping + NetworkPing + failed ping + alert + + + + NetworkLink + NetworkInterface + failed link + alert + + + + NetworkSaturation + NetworkInterface + saturation is greater than 75% + alert + + + + MemoryUsage + SystemResource + memory usage is greater than 75% + alert + + + + CPUUsage + SystemResource + cpu usage is greater than 75% + alert + + + + LoadAvg1 + SystemResource + loadavg (1min) is greater than 4 + alert + + + + LoadAvg5 + SystemResource + loadavg (5min) is greater than 3 + alert + + + + LoadAvg15 + SystemResource + loadavg (15min) is greater than 2 + alert + + + + SpaceUsage + SpaceUsage + space usage is greater than 75% + alert + + + + ChangedStatus + ProgramStatus + changed status + alert + + + + NonZeroStatus + ProgramStatus + status != 0 + alert + + + + + + + 1 + 1 + 31 + + + + + + + + + + + + 0 + 0 + 0 + 1 + 0 + + + + + + + + + + + 1 + 53 + 0 + + 0 + 0 + + 0 + 0 + + 0 + 0 + 0 + 0 + 0 + transparent + + 0 + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 1 + 0 + + 0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10 + + + + + + + + + + + + + + 0 + + + + + allow + + + 0 + 0 + + + + + +
+ 0 + + + 0 + + + + + + + + 0 + 0 + + + 1400 + + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 68a5faf1685db + Web GUI TLS certificate + + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhFakNDQlBxZ0F3SUJBZ0lVQlpQYjUwMXNaM3hhTTZzSDVUM1ZNRG9mcnlNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZWXhHakFZQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWlRBZUZ3MHkKTlRBNE1qQXhOalF5TWpaYUZ3MHlOakE1TWpFeE5qUXlNalphTUlHR01Sb3dHQVlEVlFRRERCRlBVRTV6Wlc1egpaUzVwYm5SbGNtNWhiREVMTUFrR0ExVUVCaE1DVGt3eEZUQVRCZ05WQkFnTURGcDFhV1F0U0c5c2JHRnVaREVWCk1CTUdBMVVFQnd3TVRXbGtaR1ZzYUdGeWJtbHpNUzB3S3dZRFZRUUtEQ1JQVUU1elpXNXpaU0J6Wld4bUxYTnAKWjI1bFpDQjNaV0lnWTJWeWRHbG1hV05oZEdVd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJSwpBb0lDQVFEQVozZk1lakdOckZYVFhZd24vTUp5YXBYMDdVOTVWZ0JERzZmWU1wZkZEU1NXeFRValRLRlNvR3JRCkpDb0ZyQ0NRQ3BsWnlua0ZjVFZvWVAraGszcndWWmxHZVFyL0RyR2ZiM1lPc2RGbEtublo5YzRTOGVrSkc2WTIKYWI0eFJTcnBja0hoTWQ4MHNENUFRdks1Skc2MS9UMEhNRXVMcGlraUF3MFpCempWbjlVUUpSRTJiS29kOW9IdgpEbG5DVGNTV1FUNWYrV3A0Sll0anVBVHBZMUlRVW4wbkxuWDBHUC9JRGtsWjFrdEZOczRPOGcrQmRVWFU0MUdvCjNGTFpCc1hQVm90WFVrRVl2R0ZldjJRMlBwSnNib25aWEpoR255amREUlZkZFZGOGhacGJua0wwU2xJTVFNeFQKSTRXK051ZmUvUTZGRDdmZnFRa0toemZ3SlJ2N0dGM2RTRlEwWldPUGNTZVZXY3lWTlVVMTMvcnBteUpvNXZhWQpYR000THcxb1d2c1FjUWxaUllnSkxhSWMzM0dnMGQySHhvZTIvdytIeFRXOEw4ZldqbzgxK250YWJXTlZhV0IwCnd6TXNFNGRBOWtxR2dmcWZjbm96ckovamJtNEFBTTB6QTlVZFh0SUJtRGdpeFNkVzB4eHNQNlZWRTdMdnlURTgKWnBJTjRoL1FCYURyc2hhRXJ6TXhUd01IZXJ1RlV4bFpxZEdSa3ErQXRJU1VwRE05VXB0YWZZMk5ydzgxVDFhSwoycFduVFlFQktCUnVwdk00TzFHNXN5NU5GZm13NFRTc0pqRUhtMFEvVTZ4ZU45bVg0OFhIYUZFNnhvQTJEZEMrCjJHS2lKWFlrYi9nZm13cmp1Y3NGWGpBS2tDNWF6ZXFqaERXeGxDbmJNS1YwSTQxOWp3SURBUUFCbzRJQmREQ0MKQVhBd0NRWURWUjBUQkFJd0FEQVJCZ2xnaGtnQmh2aENBUUVFQkFNQ0JrQXdOQVlKWUlaSUFZYjRRZ0VOQkNjVwpKVTlRVG5ObGJuTmxJRWRsYm1WeVlYUmxaQ0JUWlhKMlpYSWdRMlZ5ZEdsbWFXTmhkR1V3SFFZRFZSME9CQllFCkZMK2YzU0tCM0tMSi9nWStBUTJIZDBhTzVPRU1NSUd3QmdOVkhTTUVnYWd3Z2FXaGdZeWtnWWt3Z1lZeEdqQVkKQmdOVkJBTU1FVTlRVG5ObGJuTmxMbWx1ZEdWeWJtRnNNUXN3Q1FZRFZRUUdFd0pPVERFVk1CTUdBMVVFQ0F3TQpXblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyQmdOVkJBb01KRTlRClRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUJaUGI1MDFzWjN4YU02c0gKNVQzVk1Eb2ZyeU13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQ01Bc0dBMVVkRHdRRQpBd0lGb0RBY0JnTlZIUkVFRlRBVGdoRlBVRTV6Wlc1elpTNXBiblJsY201aGJEQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBZ0VBY3F3VEN0RmVwWDlFOEFMYXRaWEE4dkN2b1YwZkxuaElPM0lWT2tZNEhYMTRRRU9NUGo4KzVXMXoKc3hyUGNscEJQVU5tbXJRb0hWUHBuWTRFM2hFanlYY1JWSzZtTEFrSkpRUDJPOEE2NFFpL3FNSkhCYUlEU0MzKwpqMHdkMGYyODRvcEppQ0F2UnF0SGh1bDd3akd4QzNZUXRxWTFMODNWUHBOWGRjOVVsZExTUGZ6WWluMlBPekMrClFDWU9qN3VQUDlCVGExTURudkdPdkdrOHdQeUJGaFZQWVFBWjYwb1ZaS2psOUI2R1piRzF1SG1ON3p3a3k0eEIKNk1RSlF3cHFscDdXQ09QSHJlZTFiVGZaMkJMZFQrZzJHakVMT0xNRGJMTHAzNUw0blBDUmNGRkJZNEszMHBncQpVWjdncEtNTmhuR3huQ29lR3dHUk54ZHFoZnNlT3FqaURVM0hBVDEya3FReU1vOEZNT1g1bG9EaVpXSGZTS0JrClVRaG5Tc1BTMG0vZ2dSRVgwNVQzYWM2NUxNOVVXMEs2MXppZUs5WFhTcjNXWlQ1TkhNV2JmU0VScUR4SGRtZ0YKeGt3YXkxZWpCZTFoZzdGMGpicTVDMGo1ZXB5ZDNOc1BTVUtDY2FDNi9aWTNkUHVYWVZZL0J2dnFsZHZJSzRBeAo0R1BLQ0xzaStGRjliSXZRWG4zbTV2KzJoQWF2WlpxcmJOTFUzVFQ0aDd2QllBOVRNcXpwd3lEaW5BR3RhaEE3CnhDSW5IU01kZXpQcnNkZDJrTW5TckhPdWtGeGdKb2lNZ3krVlJmdTdvZk9NMjhYQ1FySWF6djBFYmFhTU1ZMTcKRzlXOFd3SXZUb2lYY1ZWNTk3K1NUNHRsSTVIM3lDZFBtSk1kRm5GcDg1K2JzbW42MFQwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRREFaM2ZNZWpHTnJGWFQKWFl3bi9NSnlhcFgwN1U5NVZnQkRHNmZZTXBmRkRTU1d4VFVqVEtGU29HclFKQ29GckNDUUNwbFp5bmtGY1RWbwpZUCtoazNyd1ZabEdlUXIvRHJHZmIzWU9zZEZsS25uWjljNFM4ZWtKRzZZMmFiNHhSU3JwY2tIaE1kODBzRDVBClF2SzVKRzYxL1QwSE1FdUxwaWtpQXcwWkJ6alZuOVVRSlJFMmJLb2Q5b0h2RGxuQ1RjU1dRVDVmK1dwNEpZdGoKdUFUcFkxSVFVbjBuTG5YMEdQL0lEa2xaMWt0Rk5zNE84ZytCZFVYVTQxR28zRkxaQnNYUFZvdFhVa0VZdkdGZQp2MlEyUHBKc2JvblpYSmhHbnlqZERSVmRkVkY4aFpwYm5rTDBTbElNUU14VEk0VytOdWZlL1E2RkQ3ZmZxUWtLCmh6ZndKUnY3R0YzZFNGUTBaV09QY1NlVldjeVZOVVUxMy9ycG15Sm81dmFZWEdNNEx3MW9XdnNRY1FsWlJZZ0oKTGFJYzMzR2cwZDJIeG9lMi93K0h4VFc4TDhmV2pvODErbnRhYldOVmFXQjB3ek1zRTRkQTlrcUdnZnFmY25vegpySi9qYm00QUFNMHpBOVVkWHRJQm1EZ2l4U2RXMHh4c1A2VlZFN0x2eVRFOFpwSU40aC9RQmFEcnNoYUVyek14ClR3TUhlcnVGVXhsWnFkR1JrcStBdElTVXBETTlVcHRhZlkyTnJ3ODFUMWFLMnBXblRZRUJLQlJ1cHZNNE8xRzUKc3k1TkZmbXc0VFNzSmpFSG0wUS9VNnhlTjltWDQ4WEhhRkU2eG9BMkRkQysyR0tpSlhZa2IvZ2Ztd3JqdWNzRgpYakFLa0M1YXplcWpoRFd4bENuYk1LVjBJNDE5andJREFRQUJBb0lDQUNVVkRBTE4zalVXN09leTFPdDBES251Cm52NDRxcU9SRHJYZ1k2WUlnalhKUmE4RlRTdURmbWdsWU5EQzE1S0dUVFJWeHA2R3BuS0ZFaTBPM05Yd1RiWjYKV1BNN0t3SmplNXBsNmhRRTgzMlRCUzhiNzk2NDN4Z1JTeVNibHJ0NlFENEQ5bXlIcHlSSmY0WDFJVURMbzhiUgppdXlTdzB5ajlyT0djUVRNM29oVnFNUFcwUTF6UGdwT1UxYVdwbmdMY3dNZWlmNEhYUnpRNTUrTmZPemFacHVjCnVtQk4xUS81clhxS1BscmhNVnFpcUc0Nit3QVJjU2NKdE5oZHRsMzdyeTQ1Mk5zNGtERkxSVnowZUVUNEpGSmYKcjVQRUE5bEFuYWlVOS9RdVEwbERtcTlqdmpYRkNURXhYKy82SGJHK2RVd0Y2OEY3ZVEzVFQxbkhHK0hkMVJsbgpOWm1JM0p2d0Z1cG9JeU9VdlpJb3VGVmo2ak8ra0JLejkza1BHWmdMbnNmUUw5WDhRbTU3cjh4K3Z1eFNudGI1CjV4WVBxRkdrOWQrbDUwbTlQakdkekxGT3UwYnJ5TmQ4MFVMS2tuUlFtUVpvTngxck5GTUxpSjNlZENWUS9lclUKT1BDQ0Z0WEJMemJGTjR2ZzVWRjZMUkhvZGxqcEgxRzJOSXNoSzJhc1FuWS9RWDFpUUNLSk1tWERSUndMTWVsNQp3MUF4T2FqYVkzbWx2ZlRVd2xqdkE3a0tFUDBvZzRPeXZldDA2WTVRWk1EQXc1V00yT0pZVDVxcmFlYjZDbTdMCjlNckk4bG50TGp3WFVSZG4yU3U2RCtCWXNpcC9KK3BvOFNqYlJBaGJIc0lJbkJ1QWJnbGxqdTB2QXRXZmFkQlQKOTg4YnUwK3VUb1Q2T1Jkbk84Y1JBb0lCQVFEcStWYkVUQWVpSHN6K29jZnFWV3VwVHJrc2FNNm1wUUMwb0tqZApwb1FzWGVuTmNiNThHQ3FhWHkvdTJHWmNKUnR1QXRHamEyUVpEUUFUSjQyVTFmaTFhWm90Y053eXhPdmlud1NjCmVLZyt0ZGcwdW9LeGs2aXJKRFptaDBIK3Ewblg2RFJYK25RNDVmWVNmRkRFK0ZLd1lac0dQMkhYV3dKaVZ6OE0KU2NkL2pETTFRTWV2OXIzZWx1dS9DWFlvZ1N0N00wMklyczVoNjRuNjFmdVZjNHI4YmUwdFkrUTVsUnlwWk9NVwpkQ2VkWGFOV3RaNjF2bEFxamNiWkpkdXFBUjJjNzAyR3NML201TXA4Zmd3YmY2aG51TXJLaVlpQjlZalZxalc2CmYyUW1PclZtMUk0MFJBMC9OaFBTR2NXejBkNXZrdXY0VHUra2JFbERZTCsxaHY1M0FvSUJBUURSbnZaTmJaa1UKTXpmUTRLWEdML3dLUXJEbjNvL0RENWVBR1ZDTGcwTUkyYlAxYWpubHNVTjE4NCs1UWF6cVVOaWlZT3laODczeQpQYkw0cTBOZWFDYXdxby9WbjJMSkVIUFVTTVhUWjB4ckxTa1hPUjFuMDUwT2tDWXhVbFpOUXFvZU1xcHJGNXZLCm1NNlJxalN4NS8ydU9IUlR1SDRVV2RETEpwTDVUN2RpUCtXcFUwSDlSUWhrNDdkQUJaUjZEZjNxaDJEYmVxUWoKdWcxY0hWUVNqaldhUGpVZGlLR2dHemdvdlE2UkdNZDA1UVUzdkRMdzBCSkNPQ25XV2x0VXkvMW1jMUpPUHR2ZQp4UGltV2tRNmlkRHZ4RGZFRGg5U05zY1FPMnBTVjZxNnhCTWlqVGgvTldGN2NsOU1LYUhJWGxzTmt0RFVXWHZyCmNKRlM4eE1TcDhlcEFvSUJBUUNtWktVTjRxMHhIOUNZckdYT1Nta3Yvc0JnYzJPTFhLTXdSZWp1OVFENkRoTUgKMmZsREZUWHVGV1B6SmlqdUxaVE1CWkVBd1lhanVySUgzbVdETlRhbStMNG1XWnFGRlMvWlRqUk12YUNlcjlVSQpHZDk4OG94cGpQNDlBcUU0UDRIT00vQUZNU1ZtT1dwVTB0VzdkZ0hRUjM0cElXOGV1cUxva3RIaDJNaytTRURuCkFCV29SUGxWaTlncmN2N0tWaFk5YXlvSGxZb3VpMFl0YTZSNXc5VnpSa0REZU01Zi9Iak1kOVhieTZ0VjQ3NU0KSTliYzZvVUliVmVYNUJnMnZnMkRXVzZ6NTZ3dFRHMGJWWU1yWWU0V2JTU2w0bGpaZHM5TVJ2ay9OUUR0bFh0cAo4ekUwVDlCMXA4ekhabHE3S08zMFlyMVpIRVRWVVoxYjZrSTN3UDJuQW9JQkFFZ1VGKzlCMjF4RnpGQ0hucGtLClVPa2FTNGcvVUVHcmI5VzlYcVBLUzllVVBEd0wvY0tNZEh6dmRpRW1neFhESE9xZzExcU1wR2pTYkdMelNPUUMKZmlOTFV0QUswVVgvNFVSQ2pidUdqcEZmNHZ3NFNITTJJWkFyWXVhY3dFNHF1U0pQRzZoZFl0V0VPNnQ4MGtmRwpWTVYrWmdtUHE5TEZtM1R2VzZSY2s5czF5M3V3eEVVWllxeUdYTEduK1lrS25KL3pVd3ZGSFFHbjdRWWFrNWtaCnl6YXhZMFEzZ2hQeXFCbmlBRXRHTVBkeDlKeFltMCtRekdaMnQzUWNkOEV0cjRGMTcvdzF3eGJUdGdoRmk2WngKVXlYTzI3b1BmUmVnL0V3SmtpS2tRSEdlRUZKV0t2SWE0ZDAzMDZyMXVjcVRIMDRJaU1RcnpOK0ZRb002VC9tZgpOWmtDZ2dFQUsrRVJNVVdJZTE3V1k3VDIycy9lOEplN0xxSXlUcU9mSGovaWFUUjhHbXhqcU1HNEdod1RpVXJsCkh0Skhud3BMVGFjVmdYUjV3UmtYcEhRT2JqSUFzeVNBUGxwSzBvZUkyK2kvS0cyQjZ2U0cza0V2b1VZY0RlRk4KdzhHd0oxNDNTd21LQXM4eUtWMmd1RjhmRXNNVitEQzNzVHFlZXJmMy82bFprMUVCVFF0QTZqVHdqK0picXgwVgpaalZJUXBwUE8vc1VHdi9LZVE3MW5ockJpT0lXclJ0dDRTUDJ2aWx2em9DUTQxVjFqZ09wS3VwU3E1Y2J3VDRxCmp1bkJIMkx5VnNQaUc4M0Vha1JSUEhDK0craTk1MFJxckxVRUJOeVdHNGlMNTdUdU9xYVJuSmRnN2ZFb2lVLzMKNld4TjlvR2VRWjV0NjZkdTJEL01WSUZ4ZzJ1cXRBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + + + diff --git a/opnsense-config/src/tests/data/config-full-ncd0.xml b/opnsense-config/src/tests/data/config-full-ncd0.xml new file mode 100644 index 0000000..9243cf2 --- /dev/null +++ b/opnsense-config/src/tests/data/config-full-ncd0.xml @@ -0,0 +1,2572 @@ + + + opnsense + + + vfs.read_max + + Increase UFS read-ahead speeds to match the state of hard drives and NCQ. + + + net.inet.ip.portrange.first + + Set the ephemeral port range to be lower. + + + net.inet.tcp.blackhole + + Drop packets to closed TCP ports without returning a RST + + + net.inet.udp.blackhole + + Do not send ICMP port unreachable messages for closed UDP ports + + + net.inet.ip.random_id + + Randomize the ID field in IP packets + + + net.inet.ip.sourceroute + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + + net.inet.ip.accept_sourceroute + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + + net.inet.icmp.log_redirect + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + + net.inet.tcp.drop_synfin + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + + + net.inet6.ip6.redirect + + Enable sending IPv6 redirects + + + net.inet6.ip6.use_tempaddr + + Enable privacy settings for IPv6 (RFC 4941) + + + net.inet6.ip6.prefer_tempaddr + + Prefer privacy addresses and use them over the normal addresses + + + net.inet.tcp.syncookies + + Generate SYN cookies for outbound SYN-ACK packets + + + net.inet.tcp.recvspace + + Maximum incoming/outgoing TCP datagram size (receive) + + + net.inet.tcp.sendspace + + Maximum incoming/outgoing TCP datagram size (send) + + + net.inet.tcp.delayed_ack + + Do not delay ACK to try and piggyback it onto a data packet + + + net.inet.udp.maxdgram + + Maximum outgoing UDP datagram size + + + net.link.bridge.pfil_onlyip + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + + + net.link.bridge.pfil_local_phys + + Set to 1 to additionally filter on the physical interface for locally destined packets + + + net.link.bridge.pfil_member + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + + + net.link.bridge.pfil_bridge + + Set to 1 to enable filtering on the bridge interface + + + net.link.tap.user_open + + Allow unprivileged access to tap(4) device nodes + + + kern.randompid + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + + + hw.syscons.kbd_reboot + + Disable CTRL+ALT+Delete reboot from keyboard. + + + net.inet.tcp.log_debug + + Enable TCP extended debugging + + + net.inet.icmp.icmplim + + Set ICMP Limits + + + net.inet.tcp.tso + + TCP Offload Engine + + + net.inet.udp.checksum + + UDP Checksums + + + kern.ipc.maxsockbuf + + Maximum socket buffer size + + + vm.pmap.pti + + Page Table Isolation (Meltdown mitigation, requires reboot.) + + + hw.ibrs_disable + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + + + security.bsd.see_other_gids + + Hide processes running as other groups + + + security.bsd.see_other_uids + + Hide processes running as other users + + + net.inet.ip.redirect + + Enable/disable sending of ICMP redirects in response to IP packets for which a better, + and for the sender directly reachable, route and next hop is known. + + + net.local.dgram.maxdgram + + Maximum outgoing UDP datagram size + + + + 115200 + video + normal + fw0 + ncd0.harmony.mcd + + 1999 + admins + system + System Administrators + page-all + 0 + + + 0 + root + 0 + system + + + + + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + + + + + + + + System Administrator + + + 2000 + 2000 + America/Toronto + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + 6796970f3b58c + 8000 + + + + + 1 + yes + 1 + 1 + 1 + 1 + 1 + 1 + hadp + hadp + hadp + + monthly + + 1 + 1 + + admins + 1 + + + + + + enabled + 1 + + 1 + + -1 + -1 + + + + os-caddy,os-haproxy,os-tftp + + + + + en_US + 1.1.1.1 + 8.8.8.8 + none + none + none + none + none + none + none + none + 1 + + + + + igc3 + 1 + dhcp + dhcp6 + 0 + WAN_GW + + + WAN + + + igc0 + 1 + 192.168.33.1 + 24 + + + + + + + LAN + + + 1 + lo0 + Loopback + 1 + 127.0.0.1 + none + 1 + 8 + ::1 + 128 + + + 1 + WireGuard (Group) + wireguard + 1 + 1 + group + + + + wg0 + ncd0 + 1 + 1 + + + + + + 1 + 192.168.33.1 + 1 + 192.168.33.1 + ipxe.efi + undionly.kpxe + http://192.168.33.1:8080/boot.ipxe + hmac-md5 + + + + + 192.168.33.10 + 192.168.33.245 + + + + + + c4:62:37:02:60:fa + 192.168.33.20 + cp0 + + + + + + c4:62:37:02:61:1a + 192.168.33.21 + cp1 + + + + + + c4:62:37:01:bc:68 + 192.168.33.22 + cp2 + + + + + + c4:62:37:02:61:0f + 192.168.33.30 + wk0 + + + + + + c4:62:37:02:61:70 + 192.168.33.32 + wk2 + + + + + + c4:62:37:02:61:26 + 192.168.33.31 + wk1 + + + + + + + + + + + public + + + + + automatic + + + + + pass + wan + inet + keep state + Allow inbound traffic to wireguard + in + wireguard + 1 + udp + + 1 + + + wanip + 51821 + + + root@192.168.33.5 + + /firewall_rules_edit.php made changes + + + root@192.168.33.5 + + /firewall_rules_edit.php made changes + + + + pass + lan + inet + Default allow LAN to any rule + + lan + + + + + + + pass + lan + inet6 + Default allow LAN IPv6 to any rule + + lan + + + + + + + pass + opt1 + inet + keep state + Allow wireguard clients to use this interface for NAT + in + 1 + + opt1 + + + 1 + + + root@192.168.33.5 + + /firewall_rules_edit.php made changes + + + root@192.168.33.5 + + /firewall_rules_edit.php made changes + + + + + wireguard + any + any + 24 + any + 24 + 1380 + Wireguard MSS Clamping IPv4 + + root@192.168.33.5 + + /firewall_scrub_edit.php made changes + + + root@192.168.33.5 + + /firewall_scrub_edit.php made changes + + + + + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show + 2 + + + root@172.33.0.3 + /api/wireguard/general/set made changes + + + + + + + + + + + + + + + v9 + + + + 0 + + 1800 + 15 + + + + + + + + + wireguard + 1 + + + + + + + + + + + + + + + + + + + + + + + + + 0 + 0 + 0 + wan + 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 + + + W0D23 + 4 + + + + + + + 0 + 0 + 0 + + + + 0 + 0 + + + + 0 + 0 + 0 + + + + + + + + + 0 + 0 + + + + + + + + + 16 + 32 + 4 + 1000 + 1 + 0 + 0 + + + + + + + + + 1 + 0 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + + + + + + + + + + + 0 + + + + + + + 0 + 0 + + + ipsec + 0 + 1 + + + + + + + + + + + + + 0 + 127.0.0.1 + 8000 + + + + + 0 + + 4000 + 1 + raw + + + 0 + + 2 + + + + + + + + + 0 + 120 + 120 + 127.0.0.1 + 25 + + + 0 + auto + 1 + + + + + 0 + root + + 2812 + + + 5 + 1 + + + 0 + root@localhost.local + 0 + + + + + + + 1 + $HOST + + system + + + + 300 + 30 +
+ + + + b9a4410c-bc95-4de6-ac83-567dd8cf60c0,c1ec5aac-2fda-45f5-a0d8-9bea7db470d6,f1a4fa3a-65a2-43da-b6e0-18b0361ac43b,76c03880-d148-413e-8097-3ee0aa33cb2c + + + + + 1 + RootFs + + filesystem + + + / + 300 + 30 +
+ + + + f24e0d56-0445-4e5f-9b58-3af0f246b80d + + + + + 0 + carp_status_change + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/carp_status + 300 + 30 +
+ + + + f48cfab6-de1e-4006-bcd7-c8f8990d25d6 + + + + + 0 + gateway_alert + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert + 300 + 30 +
+ + + + 5e0dc1c7-90ac-48cc-944e-e0b20c482656 + + + + + Ping + NetworkPing + failed ping + alert + + + + NetworkLink + NetworkInterface + failed link + alert + + + + NetworkSaturation + NetworkInterface + saturation is greater than 75% + alert + + + + MemoryUsage + SystemResource + memory usage is greater than 75% + alert + + + + CPUUsage + SystemResource + cpu usage is greater than 75% + alert + + + + LoadAvg1 + SystemResource + loadavg (1min) is greater than 8 + alert + + + + LoadAvg5 + SystemResource + loadavg (5min) is greater than 6 + alert + + + + LoadAvg15 + SystemResource + loadavg (15min) is greater than 4 + alert + + + + SpaceUsage + SpaceUsage + space usage is greater than 75% + alert + + + + ChangedStatus + ProgramStatus + changed status + alert + + + + NonZeroStatus + ProgramStatus + status != 0 + alert + + + + + + + + + 1 + 1 + 31 + + + + + + + + + + + + 1 + 53 + + + + + + + 1 + + 1 + + + + + transparent + + + + + 0 + 0 + 0 + 0 + 0 + 1 + 0 + + + 0 + + 0 + 0 + 0 + 0 + 0 + + + 1 + 0 + + 0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10 + + + + + + + + + + + + + + + + + + + allow + + + 0 + + + + + + +
+ 0 + + + 0 + + + + + 1 + api + ncd0.harmony.mcd + A + + + + 192.168.33.1 + + + 1 + api-int + ncd0.harmony.mcd + A + + + + 192.168.33.1 + + + 1 + * + apps.ncd0.harmony.mcd + A + + + + 192.168.33.1 + + + + + + + + 0 + 0 + 0 + 1 + 0 + + + + + + + + + + + 1 + 192.168.33.1 + + + + + 1 + + + + + 1 + ncd0 + 0 + PFmk/jbPetnRN1r+eyu4yg8UWnexz1UeYFUHIa6j4XA= + aM7qq2KOKpqhrR/PM1SUob9O6c+YeOKhLk9SeLGrKFo= + 51821 + + + 172.33.0.1/24 + 0 + + + 28494fc4-f207-449e-9a52-9aa2084ac631,3ec7612c-20cf-446b-a9fe-c06478eec225,e97ec826-3256-4544-95a5-90bb6a36da03 + ncd0.nationtech.io:51821 + 192.168.33.1,ncd0.harmony.mcd + + + + + + + 1 + jg-liliane2 + T+AMURuCUmkTnZln7bLzpJTBaUzbvBFIgyIKix1RByI= + + 172.33.0.3/24 + + + + + + 1 + ianletourneau + OLH36I5q6uFWKiiKuV63QzKarsUuc+YKzSh25H3+cmY= + + 172.33.0.2/32 + + + + + + 1 + wrolleman + qExmit/3m6QamjJ2azpYRvKVFtWsbjRpxlvrveLoYWQ= + + 172.33.0.4/32 + + + + + + + + + + + + + + + + + + + + + + + + 0 + WAN_GW + WAN Gateway + wan + inet + + 1 + + 1 + + + + 255 + 1 + + + + + + + + + + + + + 1 + 0 + 60s + + 0 + 0 + 1 + + 0 + + + 1024 + + + 1024 + + + 0 + + 1 + ipv4 + ignore + 2048 + 16384 + 2 + 0 + 0 + + 0 + 300 + 3600 + 0 + prefer-client-ciphers + TLSv1.2 + + ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 + TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + + + + + + + + + + + 30s + 30s + + 30s + 3 + x-1 + last,libc + + + + 127.0.0.1 + local0 + info + + + + 0 + 8822 + 0 + + 0 + + + + + 0 + *:8404 + /metrics + + + 0 + 4 + 60 + + 0 + 10 + + + + + 894e544289f1d829.3f0193d7 + 1 + frontend_192.168.33.1:80 + + 192.168.33.1:80 + + tcp + b58293a8-01a7-400b-b1a6-f6c598a198cf + 0 + + + + 0 + + + + + + 0 + 0 + 0 + 0 + 0 + + + + 0 + + + + + + + + + 0 + 0 + 0 + 0 + 0 + + + + + 0 + + + + + + + + + 0 + 0 + + 0 + 0 + + + + + + + + 1fdcee9ce32000ee.6720f746 + 1 + frontend_192.168.33.1:443 + + 192.168.33.1:443 + + tcp + 2ce6372e-30d8-4808-8683-7ff059b346b3 + 0 + + + + 0 + + + + + + 0 + 0 + 0 + 0 + 0 + + + + 0 + + + + + + + + + 0 + 0 + 0 + 0 + 0 + + + + + 0 + + + + + + + + + 0 + 0 + + 0 + 0 + + + + + + + + b2b0821e71423fd9.bb87bdb2 + 1 + frontend_192.168.33.1:22623 + + 192.168.33.1:22623 + + tcp + 284a9201-f139-4622-809b-f876a5812d61 + 0 + + + + 0 + + + + + + 0 + 0 + 0 + 0 + 0 + + + + 0 + + + + + + + + + 0 + 0 + 0 + 0 + 0 + + + + + 0 + + + + + + + + + 0 + 0 + + 0 + 0 + + + + + + + + 98fdab464008b9d0.26152082 + 1 + frontend_192.168.33.1:6443 + + 192.168.33.1:6443 + + tcp + 48380579-d54b-41fd-91b7-22f1a065be10 + 0 + + + + 0 + + + + + + 0 + 0 + 0 + 0 + 0 + + + + 0 + + + + + + + + + 0 + 0 + 0 + 0 + 0 + + + + + 0 + + + + + + + + + 0 + 0 + + 0 + 0 + + + + + + + + + + e59d902d1ed09be4.d164b0e3 + 1 + backend_192.168.33.1_80 + + tcp + roundrobin + 2 + + 2dd9cace-32ab-4e19-a59c-26744ee9531d,79a8d772-3814-4ade-9c12-b6ad5e1ec9da,b13c0744-2ca3-440d-b572-ad3357bca2d2,a3be6e26-095e-4af3-ba59-54f3e5732b6c,a0c71f9b-51d0-46a1-8686-1a7a24f89ed0,432001e4-eddd-4cc7-97a8-8c8d68049b1f + + + + + + 1 + 41663990-0ffc-46a0-8c56-1c194dde8dc4 + 0 + + + + + + 0 + 0 + + 0 + 0 + + sticktable + piggyback + + 0 + + + 30m + 50k + + + 10s + 10s + 10s + 10s + 1m + 1m + 0 + + + + + + + + + 0 + + 0 + + + + + b18b8d840ac79ebe.44a5f27f + 1 + backend_192.168.33.1_443 + + tcp + roundrobin + 2 + + 621f9277-3351-462e-ac79-0a50d9297daa,613de55f-0f04-4b3b-9cfe-4bc720686c17,2778f5cc-f347-4506-bcb3-8b7beaee43b3,2c670f2a-576d-4d57-ac1c-402229ceaebe,dc3d126a-2368-4fd2-b5ba-e1ddf550cdc0,9d966027-c3e9-4253-b771-89ea9954f25d + + + + + + 1 + 943bb69a-c19e-461c-9755-c05b8e860eb1 + 0 + + + + + + 0 + 0 + + 0 + 0 + + sticktable + piggyback + + 0 + + + 30m + 50k + + + 10s + 10s + 10s + 10s + 1m + 1m + 0 + + + + + + + + + 0 + + 0 + + + + + d876f8143ec06bdd.d8c8f390 + 1 + backend_192.168.33.1_22623 + + tcp + roundrobin + 2 + + d69299da-ae0a-406c-8658-319f01906c6c,cfffecc2-b3ee-45aa-be2d-c0d2bd224ff4,976922b3-bc0b-4745-b319-fbdd61321379 + + + + + + 1 + 4a6a2a77-b35e-4bf0-8639-31fadafa2d81 + 0 + + + + + + 0 + 0 + + 0 + 0 + + sticktable + piggyback + + 0 + + + 30m + 50k + + + 10s + 10s + 10s + 10s + 1m + 1m + 0 + + + + + + + + + 0 + + 0 + + + + + dedd33d162fc85de.36a7389d + 1 + backend_192.168.33.1_6443 + + tcp + roundrobin + 2 + + 85c6a978-63f1-4af3-afac-9009ce5483b8,9415acdf-bb7e-4e97-b61e-b85bbabe397a,b0da12c3-5199-4c7e-b224-69836b1eebe9 + + + + + + 1 + 943bb69a-c19e-461c-9755-c05b8e860eb1 + 0 + + + + + + 0 + 0 + + 0 + 0 + + sticktable + piggyback + + 0 + + + 30m + 50k + + + 10s + 10s + 10s + 10s + 1m + 1m + 0 + + + + + + + + + 0 + + 0 + + + + + + + 68c8ff6c38f62657.41d2104d + 1 + 192.168.33.20_80 + +
192.168.33.20
+ 80 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 9d3e1b4532081cde.9604f10f + 1 + 192.168.33.21_80 + +
192.168.33.21
+ 80 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + fb02e85101a55583.442e22e2 + 1 + 192.168.33.22_80 + +
192.168.33.22
+ 80 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + d7c1cfbc58cde8cf.a44d6720 + 1 + 192.168.33.30_443 + +
192.168.33.30
+ 443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 1fdd6caa0d234653.f072d6a4 + 1 + 192.168.33.21_443 + +
192.168.33.21
+ 443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + c983cc4193bcfe6f.b365aa92 + 1 + 192.168.33.22_443 + +
192.168.33.22
+ 443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 807c6a5a6d827047.6a59b632 + 1 + 192.168.33.20_22623 + +
192.168.33.20
+ 22623 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 1b58748e4092d03a.a6b8e9f7 + 1 + 192.168.33.21_22623 + +
192.168.33.21
+ 22623 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + f1022774f9bb613f.5eaaf49f + 1 + 192.168.33.22_22623 + +
192.168.33.22
+ 22623 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 8651865f070701d8.7820f31b + 1 + 192.168.33.20_6443 + +
192.168.33.20
+ 6443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + b41297ac041c49f8.5898a56d + 1 + 192.168.33.21_6443 + +
192.168.33.21
+ 6443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 3bdec82af2c6071d.a288e254 + 1 + 192.168.33.22_6443 + +
192.168.33.22
+ 6443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 68818e55a5d8e8.27621290 + 1 + 192.168.33.30_80 + +
192.168.33.30
+ 80 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 68818e64139dd6.41162612 + 1 + 192.168.33.31_80 + +
192.168.33.31
+ 80 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 68818e6e488d45.84039549 + 1 + 192.168.33.32_80 + +
192.168.33.32
+ 80 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 68818e90906b75.70067928 + 1 + 192.168.33.20_443 + +
192.168.33.20
+ 443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 68818e9c9fc677.25194625 + 1 + 192.168.33.31_443 + +
192.168.33.31
+ 443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + 68818ea887e1b7.80748222 + 1 + 192.168.33.32_443 + +
192.168.33.32
+ 443 + + active + + static + + + + + + 0 + + 0 + + + + + + + + + + + + + + + TCP_serverport + + tcp + 2s + nopref + + 0 + + + + + + 0 + + + + + + + + + + + + + + + + + + + + TCP_serverport + + tcp + 2s + nopref + + 0 + + + + + + 0 + + + + + + + + + + + + + + + + + + + + TCP_serverport + + tcp + 2s + nopref + + 0 + + + + + + 0 + + + + + + + + + + + + + + + + + + + + HTTP_GET_/readyz + + http + 2s + nopref + + 0 + + GET + /readyz + + + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 0 + + 0 + + 0 + + 0 + + + + + + + + + + + 6796970f3b58c + Web GUI TLS certificate + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVR3B1ZFZqRzR5a0JVYS9NUWxyU2ZBcWs5VCtRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5UQXhNall5TURFeU1EWmFGdzB5TmpBeU1qY3lNREV5TURaYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUUM0alhjOXE4VENxMmZzc05zRU94dktuZm1FVjRNTzFRWDZNdmRReVN2QXIzNmRlNXVMCmZ3bkJSRnVkRC9zQ1B0ZzhXajVCaCtiNGF3WC9mOUdnQnNJbnhKNVB2SWFXMlBtWThpS0Q1Q01WQXhxUE1lMlQKT0VxaEYvWkJxZlNNUWk2RkVhTTRFS0J6bllMbzhnMlAyTW93VjBDbmI3aXVJVWlKRFF3a2JWOVZESG55VkhGaApkVVlONjlpTXRYMEZiSHVtY2tKWHJwQTVQcGFSdVdsaUNnNHl4dWxEOGRsL3dJOXAzZENQY2tNaXgvYjQ1aWdJCjZHbC9GUmhhZmx5VWJ2WWxSMEw5d1pVMmNpcHFQemJJR0tlZ2pkRVdIcGRzVW5sTnJiR1I0azZieWQ4ZGd1a0YKWlNVNUlUSkZRSFdNN3ZNNkZuMTloUE51NG94TEtVUTc1b1YwZDdHV2RaQ1RIYnU3R1hqekhhVHJKYnhTTjMyVApIcDFEMlhUQ1BPTEs1NjNMc2YrNm12Ty9BQSt5SWQyZ0tvWllsdG9GUDdGcHNwWmIwYnhqeWt1amxvOUg0TW1iCmpDeCtWTVkwWUozelVTU3NCOE5IdHpyS0hyVW9oMG9oNTZPNzBNQjZpUWt5dTNaZzNlL1lTUnJwOVJwMTFMMWwKU2F3NmIzMEtFOUh6VHkxWDVXczJlQmxYajFvS2FBVktlTEN4dzlnRDJuSFdqaHViTlFwSmhmdFY2S3F0TjFVeQp4NXBWUTRrL0l1VUNTRlRMK3JOTThWOEc1NCsxTlFTaWZlWVpLdzF4bGRIMlpDbjA1QURrWUhEaFI3VUtkSGhCCncycjkrTjNjdENSaVM1V1BlRTBhQzJ5bFU2czdtU0RwWGM1cy84SnA2QlN5c1ZYL3dpZGRFMWl4N1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkhIMGNpYU9qNXdrKzBLeFlYUFNtL1pveFpHT01JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUdwdWQKVmpHNHlrQlVhL01RbHJTZkFxazlUK1F3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUhwcjZXQ2RmMzFWblR2RlMwUjA4RTUySHJvZHc3TjVJMGpwNkYrdHMKR2xsdGxaMDdvOWxvN2E5VFNBK1FnSGFQK1VOMkZUZmlFeHZ0RG0vdDZEQjhSald4ZnV4eloyOTMxeE8wWEhUNwp1Vll3OGpaYnlhOVQyU1VjTGR2ZFpyUHZFajJscnExYXRnc2UwMmhUUTdOSGhpd0hrbEdWTHR5K0FpaVc1STBPCkpPNGFiUHdBU3Z0SEtTU2hYTEhJY1NqWTIwLzF0TjUvdFRMTTFKUUFHZFM1NWU4YVpkdWRHWkVJdHlTZk0ya3kKY21zVnNMS0ZsL1ZLRmUrQnQySmd0d0FPUk0xbzM5WTZLQ2RHTkJPYThGUS9GQWhqZ2JrM1IwYVk3MEFBRDlyNQpXT0dPeEFxS0g5YmdhUUhrY05zSnNWekJlTFZzd3NPYnI2dktqUkUzSm1jTC9COGsxNVJaeXdMV2YxV2N6QzhwCjd5VDNUcW5vRXhQUlZZa3AzSmFQRkNncDN1YzQ0S01UZ1laQW4xeHJLS3hQdUV3NE0rSisyNzBGRzhqckJPN1UKdENMajVPMVpVMXBoVDBEckswVGloOHJlbkgrWDZkVUY4UmY4WDA0QXd5a3MzbjYramNoT3E2azFaaWVYT0NVYwppclM5eTFnNnZCM25YdW1kU05JdEZvQVhTWXRtOE5KaVUxN3kyanlnOWRHK3B4K1FpZTV2YjBMNE5xdzVoMFZhCldiWVpsMjA2cVpFenpFVEJtTHNuaWYydHB0aUlkbWh0UEZPYXBvT3hTL1ByV0V3VXc4NXdNQ0ZLcW1tZ3QzeVYKRUVlRXVRVTJIMFE5NS8wWGJOZnhKcVJSUXltOTBHeTlmTTUzU2VGbnpwVlU2VzJ6WTQyd3AwQktBZGxDdW9CdAplTjg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + + + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQzRqWGM5cThUQ3EyZnMKc05zRU94dktuZm1FVjRNTzFRWDZNdmRReVN2QXIzNmRlNXVMZnduQlJGdWREL3NDUHRnOFdqNUJoK2I0YXdYLwpmOUdnQnNJbnhKNVB2SWFXMlBtWThpS0Q1Q01WQXhxUE1lMlRPRXFoRi9aQnFmU01RaTZGRWFNNEVLQnpuWUxvCjhnMlAyTW93VjBDbmI3aXVJVWlKRFF3a2JWOVZESG55VkhGaGRVWU42OWlNdFgwRmJIdW1ja0pYcnBBNVBwYVIKdVdsaUNnNHl4dWxEOGRsL3dJOXAzZENQY2tNaXgvYjQ1aWdJNkdsL0ZSaGFmbHlVYnZZbFIwTDl3WlUyY2lwcQpQemJJR0tlZ2pkRVdIcGRzVW5sTnJiR1I0azZieWQ4ZGd1a0ZaU1U1SVRKRlFIV003dk02Rm4xOWhQTnU0b3hMCktVUTc1b1YwZDdHV2RaQ1RIYnU3R1hqekhhVHJKYnhTTjMyVEhwMUQyWFRDUE9MSzU2M0xzZis2bXZPL0FBK3kKSWQyZ0tvWllsdG9GUDdGcHNwWmIwYnhqeWt1amxvOUg0TW1iakN4K1ZNWTBZSjN6VVNTc0I4Tkh0enJLSHJVbwpoMG9oNTZPNzBNQjZpUWt5dTNaZzNlL1lTUnJwOVJwMTFMMWxTYXc2YjMwS0U5SHpUeTFYNVdzMmVCbFhqMW9LCmFBVktlTEN4dzlnRDJuSFdqaHViTlFwSmhmdFY2S3F0TjFVeXg1cFZRNGsvSXVVQ1NGVEwrck5NOFY4RzU0KzEKTlFTaWZlWVpLdzF4bGRIMlpDbjA1QURrWUhEaFI3VUtkSGhCdzJyOStOM2N0Q1JpUzVXUGVFMGFDMnlsVTZzNwptU0RwWGM1cy84SnA2QlN5c1ZYL3dpZGRFMWl4N1FJREFRQUJBb0lDQUJ4UldLS1Y0TE1lS2V3Zmx2dW5OalI0CjJQaDlsUmFKaVVsQzJNQUVuam9LczVybWhJOTdCcndwQ1FXb2xoTmFJVVBoZFB3SkpsK256RnZQK1JKYzl4MnoKQmJlbWJlQm5tcVRsUW5hS1l2ZXVhanplcEYyYW5aanFYRmJuQlNjZ1lKTDZpZGpvZERaSlRQVUJieU5MV0hyaQphSUZJbTBYY3hZeUIvQUw2NVUzZmhEYXl6bEx0ODduZkhuTTR4ZDQzTHlIekZrcnQ5aU5TZnpnTkF5YVA5RzNHCko3VE5QMXBpNlo2TThwdVFKTTBKY2RQdlBPVmhCQThENWFDOUV1ZVR2eUVwTmhaSnhlTjgwUlZNYmROMk5RSmwKd0Zkc2lqK015Q0FyTHJ2N3hhUVI3YkpSaS8vUDdVNCswYi9lakNyNzMwWmlmUTd0ZjR6Y0pqckNNajRldVF0SwowSHdmYll0L2NLVWc0aTlTd0hCRlg4QUxva2M1WkNkOXkxVEQzSU1LVlpDS0pFY24rT2gvMGRTT0pDWlFoTDdKClN1czBtUU1BVDYwTGkwZXhyMC92NjZ2dWJqTWpNcHhQVjlIY2RDbTRSbVU3aFMvQlJpaGpBc0ZqelhOVlFXQzMKSUVWVTNNRC92Q1hQRzZKb284bi9UOGhQWHc0T3U0NkE5RXF5dnR4VzFlWDgrMERFVFBreCtkbzJ2R0ZWRGtRMQpoNmNLSGVmMFFGSUViaHV2V1FKRTRWNE9VdEYyRlp6VjliS3laWE5jQnNTNWdkTlFKRmt1ZkYvOFV2SlFLT0tHCi9VeVYvejZrY01xMHNUc2JSRjNVSzM2QnUxSENudldoVlVvV3NBb2JKV3pBemRpRkt0V1BpclBJNW9TUWFob24Kc2JqejAwdUJJQkFhdk5rUVhiY0JBb0lCQVFEemF5bHc1VEFWYnBza3A1WUpnaWppTzVhRUNPQlNka1FwZ1Jodwo1Y0VWenZhbUlZZ2NDMVBjSE1DeUUvMjFITFF3OUtpcVRqSGJrTWhOMEs0TW1HeWJwM1hKL2hHYkd6UzRVSGFKClQrdyt4NDRWTUxxN2l4Q2dmc3JXRHNOU2RhOUFGYnEzYWg4REpaVjNIcHplRVlOR3BIZ2hzM041STNNckR2Q2QKeXowWjhNOStWdUpIVDBjYXVqa0JlTWtZbEhYVEdabnFtYzBoaFlUdDlZVGxTTXNMV1JEdUpkdDNoQjkyTDZLOApOa082Z2lxeURteWswbHZWejhSdFZBdUQ2TWtJaDEwT3lCRksyaEpCaVhQa0R5dmM4b1JSa2xpSmxaR3UzN2VXCmVacENYSmJ4MU5meGhnckhBbnhtbU91N3dVUG5oUUNGRW1RMmZicnNZcVkxZGVrMUFvSUJBUURDRjJoV0YwQjgKc0dUMVBoek0zR3RiVkpyVFh3bXFxb3BVYjlTVi9IU1JGMkJiWUUxNWFFMy9vMmVQVmovNDVoaUlyYVhweklVeQpaWkV4Yml4WkhoZy9Qa2NqeG1oTllmTUJrdFdQZHBvMFh6ZVBWQ1hFV0J2VXNBclc4RDI1ZzlkbHEzTlEyd0hqCktDQUtoZGJudU9OeUllT25DZ0tTTEdNbjJMbGJ0dWFJcmcxUnFkOU5KOCszOVQrUXZmNHVvWmxTenpPRHgwaTEKRlFMUEgxcitRdVZYMUVqL08va3kvSzJxcWRZSXlyUHRGTXpjSVdTZ3EyTWErZ1c5T29CK3NhL2JwNWZOMEl4cAp4WjlKa2grNDRjaFgvVkE4dDJORk9HVW5TOXNXRTlsNE9wcEdxSDNtZmtLMk12SnRpS3FSTG43S0k3dnVhRnRtCnk1eFdXdXNURW5UWkFvSUJBQUYxcmd6d1F1YU9BRDRyQnhwTmZvTkV5alZHZkZuaVBheG1Dc2g2aURyaVA5WmwKTXhTLytLUEVSRitOQVNONTVaYTVrTjFjbEszMVkwNGNKejhLRnZTai8yL1RwelZmNTJRSGozNXBUVWhmRi9vRwpqY2djSUdCbUFqOWdYVWw4VFMyOE01OXY4bm1wV3drWTFPWDhBdWFFaS9mZnhKeUFXdXR5TG4wenY4ME5CYUdEClVkNE5tcWFOWVZRaDdrckljU0J2OGQxWFNNU2ZzVmxmOUlrUGM3QkF1M3BDSGR2TW5nZXVaM0pyZk9KOGIxY2MKQVFqSC9pYjlGUGQyM283TzhZMnNpaUZSajlEOEY4bnUwaFFYQnpOTy9QNGtPNFd2c096MGlIeE5oR0JMZjlnNQpaNFlhUUt4SzFvWWkrcDdvbk1paG9vd3B2UklhbE9sZitoRXVBTlVDZ2dFQkFMcWJpc01MQkFOZURSTUZMdWVBCkhPL29maHN2U3JuOTBaV3hGM0ZGRWtYVmRkMGswQmdrUXFuQVQzY3VjNzg0YXVvdUdsQ1pSSTdadkNrTVJqTkEKamd0d016R2dOdlAvY29aV3lHRndwSDRwOWQ4bUJsR3FiTWVtb2lWWlFkODFkVWpZK0x3S2ROd1QzZ3AvOThrKwpwOTg1MmdqbHhPY0pLaVJMYUp0WFZIcWc3VWxReTlNQXJlT3VOZmxSMGlxL1VBeWdEbVZxbXVzUFVtNFZOWVUwCmlCQlRtQU5kaEJDVGc5Mk1BSzdmUlBKeWh5dzJKdXViSEdQNWNyOG1taGcxZW1EejF5NFlqb2U3YTVSdW0zVkUKRHowWjNhVWlwSjBPeGFKc2VpM1YwOGFXZ1hIaDJYcGNkb042cEQ3UG9UNkl0M3BkdFBoWStWZng5MVBIZ2pBSwpGTEVDZ2dFQkFLeVVmRjBqK09TZWFSV3JtdnhCdSs2czF0Y3hFNG1IYzNtaTZuenp3WGxPRTFuSGR2b2lyNmtVCldscVRVcU5kbFF3NU9oUUlOeHMxWXpyNWdvVmlSZlhsSUd3VVFJOTRuY09XSWhNNXY5SXU4RUV4alY2TnNjUUoKRGIzNjdFamV2NWJnbFJ5ejExcmdQZTlBVzlWcXpzZHNMcjdJUVcybHlaRWR6VmEzRUVCbXpaTW00T1V6a1dkVQo5TVd4N2kyRFlWNVF2b1BSMzcwNzR2elNNeFYrZDhYZmp4MFcwbzl2WWU1UHNVMVRTaEp3SkVtWXc0bmNmL3h1CitBVzRNQWtISlRONm1FYXg4SUlpV2VIN3VZT3UveDZtazZBejVIK3UyK2ZRcHpyZEtVVm02SWFLT2I1THlLQzcKTnFrZnpXeXdTNXlUWmorN3FibVZ2b3ZLYjZubXczRT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 0 + + + 0 + 0 + + 1400 + + + + + + 1 + 0 + 8080 + 8443 + + + + + + + + + + + + + + + + 0 + 10 + h1,h2 + + + 10 + + + + + + + + + + + 0 + + + + + + + + + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + +