/* Hook show run/start */
int cli_event_handler (onep_cli_event_t *event, void *client_data, char** sync_reply, onep_cli_destroy_reply_cb *destroy_cb) {
int exit_code = EXIT_SUCCESS;
onep_status_t rc;
onep_event_handle_t ehdl;
char *msg = NULL;
rc = onep_cli_event_get_event_handle(event, &ehdl);
if (ONEP_OK != rc) {
fprintf(stderr, "\n onep_cli_event_get_event_handle : %d, %s",
rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
onep_cli_event_get_message(event, &msg);
if (ONEP_OK != rc) {
fprintf(stderr, "\n onep_cli_event_get_message : %d, %s",
rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
*sync_reply = client_data;
clean:
onep_cli_event_destroy(&event);
return exit_code;
}
/**
* Reads properties from the network element.
*
* @param[in] ne A pointer to the network element structure
*/
void
read_properties (onep_network_element_t* ne)
{
onep_status_t rc;
char *description = NULL;
char *product_id = NULL;
char *serial_number = NULL;
onep_element_property_t *property = NULL;
/*
* Get network element properties
*/
rc = onep_element_get_property(ne, &property);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get property of network element:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
return;
}
rc = onep_element_property_get_sys_descr(property, &description);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get property system description:"
" errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
goto cleanup;
}
rc = onep_element_property_get_product_id(property, &product_id);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get property product ID:"
" errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
goto cleanup;
}
rc = onep_element_property_get_serial_no(property, &serial_number);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get property serial no.:"
" errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
goto cleanup;
}
fprintf(stderr, "\n----- SysDescr %s -----"
"\n----- ProductId %s -----"
"\n----- Serial No %s -----",
description, product_id, serial_number);
cleanup:
rc = onep_element_property_destroy(&property);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to destroy element property:"
" errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
}
free(description);
free(product_id);
free(serial_number);
}
/**
* Disconnects the application from the network element.
*
* @param [in,out] ne Address to the onep_network_element_t pointer to be destroyed.
* @param [in,out] session_handle Address to the onep_session_handle_t pointer
* to be destroyed as returned from
* onep_element_connect().
*/
void
disconnect_network_element (onep_network_element_t **ne,
onep_session_handle_t **session_handle)
{
onep_network_application_t* myapp = NULL;
onep_status_t rc;
if ((ne) && (*ne)) {
/* Done with Network Element, disconnect it. */
rc = onep_element_disconnect(*ne);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to disconnect network element:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
}
/* Free the network element resource on presentation. */
rc = onep_element_destroy(ne);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to destroy network element:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
}
}
/* Free the onePK resource on presentation. */
if (session_handle && *session_handle) {
rc = onep_session_handle_destroy(session_handle);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to destroy session handle:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
}
}
/* Gets the singleton instance of onep_network_application_t. */
rc = onep_application_get_instance(&myapp);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get the instance of the application:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
}
if (myapp) {
/* Destroys the onep_network_application_t and frees its memory resource. */
rc = onep_application_destroy(&myapp);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to destroy application:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
}
}
}
TApiStatus SetInterfaceOnNetworkElement(TNetworkElement* element,
char* interface)
{
onep_status_t rc;
// Discover active interfaces if needed
if(element->interfaces == NULL)
{
TApiStatus s = GetInterfacesOnNetworkElement(element);
if(s != API_OK)
{
PrintErrorMessage("SetInterfaceOnNetworkElement", "get interfaces");
return API_ERROR;
}
}
// Set interface
TInterfaceItem* intf_item = (TInterfaceItem*)(malloc(sizeof(TInterfaceItem)));
rc = onep_element_get_interface_by_name(element->ne, interface, &(intf_item->interface));
if (rc != ONEP_OK) {
PrintErrorMessage("SetInterfaceOnNetworkElement", onep_strerror(rc));
return API_ERROR;
}
// Add it to list
intf_item->next = element->interface_list;
element->interface_list = intf_item;
return API_OK;
}
TApiStatus GetInterfacesOnNetworkElement(TNetworkElement* element)
{
onep_status_t rc;
unsigned count = 0;
onep_interface_filter_t* intf_filter = NULL;
rc = onep_interface_filter_new(&intf_filter);
if (rc != ONEP_OK)
{
PrintErrorMessage("GetInterfacesOnNetworkElement", onep_strerror(rc));
return API_ERROR;
}
rc = onep_element_get_interface_list(element->ne, intf_filter, &(element->interfaces));
if (rc != ONEP_OK)
{
PrintErrorMessage("GetInterfacesOnNetworkElement", onep_strerror(rc));
return API_ERROR;
}
rc = onep_collection_get_size(element->interfaces, &count);
if (rc != ONEP_OK)
{
PrintErrorMessage("GetInterfacesOnNetworkElement", onep_strerror(rc));
return API_ERROR;
}
if (count <= 0)
{
PrintErrorMessage("GetInterfacesOnNetworkElement", "no interfaces available");
return API_ERROR;
}
if(intf_filter)
{
rc = onep_interface_filter_destroy(&intf_filter);
if(rc != ONEP_OK)
{
// Only warning
PrintErrorMessage("GetInterfacesOnNetworkElement", "Destroy: interface filter");
}
}
return API_OK;
}
void class_map_add_acl( onep_policy_match_holder_t *mh, // Match holder
onep_policy_access_list_t *acl ) // Name of L7 protocol
{
// 0. Local variables
onep_policy_match_t *match = 0;
onep_status_t rc = ONEP_OK;
// 1. Set ACL
rc = onep_policy_match_add_access_list( mh, acl, &match);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_match_add_access_list: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
cleanup:
return;
}
void class_map_add_l7_protocol( onep_policy_match_holder_t *mh, // Match holder
char* protocol_name ) // Name of L7 protocol
{
// 0. Local variables
onep_policy_match_t *match = 0;
onep_status_t rc = ONEP_OK;
// 1. Set NBAR rule
rc = onep_policy_match_add_application(mh, protocol_name, NULL, NULL, &match);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_match_add_application: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
cleanup:
return;
}
void class_map_finish( onep_policy_table_cap_t *table_cap, // Traffic action table
onep_policy_op_list_t *cmap_op_list, // Operation list
onep_policy_cmap_op_t *cmap_op, // Operation
onep_policy_entry_op_t **entry_op ) // RETURN | Entry operation
{
// 0. Local variables
onep_collection_t *result_list = 0;
onep_iterator_t *iter = 0;
onep_policy_cmap_handle_t cmap_handle;
onep_policy_entry_op_t *entry_op_tmp = *entry_op;
onep_status_t rc = ONEP_OK;
// 1. Only for class map support
if (! onep_policy_table_cap_supports_cmap(table_cap))
{
return;
}
// 2. Update class map
rc = onep_policy_op_update(cmap_op_list);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_op_update 1: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 3. Find the cmap_handle we just created
rc = onep_policy_op_list_get_list(cmap_op_list, &result_list);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_op_list_get_list: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
rc = onep_collection_get_iterator(result_list, &iter);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_collection_get_iterator: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
cmap_op = (onep_policy_cmap_op_t *)onep_iterator_next(iter);
if (!cmap_op) {
fprintf(stderr, "\nError in getting policy op\n");
goto cleanup;
}
rc = onep_policy_cmap_op_get_handle(cmap_op, &cmap_handle);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in creating class map : %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 4. Set the cmap on the entry
rc = onep_policy_entry_op_add_cmap(entry_op_tmp, cmap_handle);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_entry_op_add_cmap: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 5. Prepare out values
*entry_op = entry_op_tmp;
cleanup:
return;
}
void class_map_begin( onep_network_element_t *elem, // Network element
onep_policy_table_cap_t *table_cap, // Traffic action table
onep_policy_cmap_attr_e attribute, // Logical AND or OR between rules
onep_policy_entry_op_t *entry_op, // Entry operation
char* cmap_name, // Class map name
onep_policy_op_list_t **cmap_op_list, // RETURN | Operation list
onep_policy_cmap_op_t **cmap_op, // RETURN | Operation
onep_policy_match_holder_t **mh ) // RETURN | Match holder
{
// 0. Local variables
onep_policy_op_list_t *cmap_op_list_tmp = NULL;
onep_policy_cmap_op_t *cmap_op_tmp = NULL;
onep_policy_match_holder_t *mh_tmp = NULL;
onep_status_t rc = ONEP_OK;
if (onep_policy_table_cap_supports_cmap(table_cap))
{
// 1. Create the op_list
rc = onep_policy_cmap_op_list_new(&cmap_op_list_tmp);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_cmap_op_list_new: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 2. Add the network element
rc = onep_policy_op_add_network_element(cmap_op_list_tmp, elem);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_op_add_network_element: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 3. Create a specific operation on the list
rc = onep_policy_cmap_op_create(cmap_op_list_tmp, table_cap, &cmap_op_tmp);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_cmap_op_create: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 4. Logical ANR or OR
rc = onep_policy_cmap_op_set_attribute(cmap_op_tmp, attribute);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_cmap_op_set_attribute: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 5.
if (onep_policy_table_cap_supports_persistent(table_cap)) {
rc = onep_policy_cmap_op_set_persistent(cmap_op_tmp, cmap_name);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_cmap_op_set_persistent: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
}
// 6. Get the match holder for the operation instance
rc = onep_policy_cmap_op_get_match_holder(cmap_op_tmp, &mh_tmp);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_cmap_op_get_match_holder: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 7. Prepare out values
*cmap_op_list = cmap_op_list_tmp;
*cmap_op = cmap_op_tmp;
*mh = mh_tmp;
}
else
{
// 1. Create match holder
rc = onep_policy_entry_op_get_match_holder(entry_op, &mh_tmp);
if(rc != ONEP_OK) {
fprintf(stderr, "\nError in onep_policy_entry_op_get_match_holder: %d, %s\n",
rc, onep_strerror(rc));
goto cleanup;
}
// 2. Prepare out values
*mh = mh_tmp;
}
cleanup:
return;
}
int changeRouterConfig(char* element_hostname)
{
int ec = EXIT_SUCCESS;
onep_status_t rc = ONEP_OK;
onep_network_application_t *nwapp = NULL;
onep_network_element_t *ne = NULL;
onep_session_handle_t *sh = NULL;
onep_element_property_t *property = NULL;
char *hostname = NULL;
onep_session_config_t* config = NULL;
rc = onep_application_get_instance(&nwapp);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get network application: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
ec = EXIT_FAILURE;
goto cleanup;
}
rc = onep_application_set_name(nwapp, appname);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to set application name: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
}
rc = onep_application_get_network_element_by_name(nwapp,
element_hostname,
&ne);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get network element: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
ec = EXIT_FAILURE;
goto cleanup;
}
printf("Connecting with onep transport type TLS. \n");
rc = onep_session_config_new(ONEP_SESSION_TLS, &config);
if (ONEP_OK != rc) {
fprintf(stderr, "\nFailed to get config: "
"errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
(void)onep_session_config_destroy(&config);
return rc;
}
rc = onep_session_config_set_port(config, 15002);
if (ONEP_OK != rc) {
fprintf(stderr, "\nFailed to set port: "
"errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
(void)onep_session_config_destroy(&config);
return rc;
}
rc = onep_session_config_set_tls(
config, /* Pointer to onep_session_config_t */
app_cert, /* Client certificate file path */
app_private_key, /* Client private key file path */
app_private_key_password, /* SSL certificate passcode */
network_element_root_cert); /* Root certificate file path */
if (ONEP_OK != rc) {
fprintf(stderr, "\nFailed to set TLS: errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
if (config)
(void)onep_session_config_destroy(&config);
goto disconnect;
return rc;
}
rc = onep_element_connect(ne, username, password, config, &sh);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to connect to network element: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
ec = EXIT_FAILURE;
goto cleanup;
}
rc = onep_element_get_property(ne, &property);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get element property: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
ec = EXIT_FAILURE;
goto disconnect;
}
rc = onep_element_property_get_sys_name(property, &hostname);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get system name: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
ec = EXIT_FAILURE;
goto disconnect;
}
onep_vty_t *vty = NULL;
uint32_t timeout;
char *response = NULL;
rc = onep_vty_new(ne, &vty);
if (rc != ONEP_OK) {
printf("\nFailed to get vty instance: %d %s", rc, onep_strerror(rc));
return EXIT_FAILURE;
}
rc = onep_vty_open(vty);
if (rc != ONEP_OK) {
printf("\nFailed to open vty to Network Element: %d %s", rc,
onep_strerror(rc));
return EXIT_FAILURE;
}
rc = onep_vty_get_timeout(vty, &timeout);
if (rc != ONEP_OK) {
printf("\nFailed to get timeout of vty to Network Element: %d %s", rc,
onep_strerror(rc));
return EXIT_FAILURE;
}
/* Test command
char *showCommand = "show access-list DENYACCESS";
printf("\nWriting a command VTY to the Network Element ... \"%s\"\n",
showCommand);
rc = onep_vty_write(vty, showCommand, &response);
if (rc != ONEP_OK) {
printf("\nFailed to get response for first from vty: %d %s", rc,
onep_strerror(rc));
return EXIT_FAILURE;
}
//printf("\n\nResponse for %s is - %s", showCommand, response);
*/
char command[1000] = "";
if ((strncmp(allow, "a", strlen(allow)) == 0) || (strncmp(allow, "A", strlen(allow)) == 0))
sprintf(command, "configure terminal \r \n ip access-list standard DENYACCESS \r\n no permit %s \r\n end \r\n", ipMask);
else
sprintf(command, "configure terminal \r \n ip access-list standard DENYACCESS \r\n permit %s \r\n end \r\n", ipMask);
//printf("\n\ncommand is - %s\n", command);
printf("\nWriting a command VTY to the Network Element ... \"%s\"\n",
command);
rc = onep_vty_write(vty, command, &response);
if (rc != ONEP_OK) {
printf("\nFailed to get response for first from vty: %d %s", rc,
onep_strerror(rc));
return EXIT_FAILURE;
}
printf("\n\nResponse for %s is - %s", command, response);
printf("\n Save config changes \n");
rc = onep_vty_write(vty, "write memory", &response);
if (rc != ONEP_OK) {
printf("\nFailed to get response for first from vty: %d %s", rc,
onep_strerror(rc));
return EXIT_FAILURE;
}
if (hostname)
free(hostname);
disconnect:
rc = onep_element_disconnect(ne);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to disconnect from network element: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
ec = EXIT_FAILURE;
goto cleanup;
}
cleanup:
if (property)
(void)onep_element_property_destroy(&property);
if (sh)
(void)onep_session_handle_destroy(&sh);
if (ne)
(void)onep_element_destroy(&ne);
if (nwapp)
(void)onep_application_destroy(&nwapp);
return ec;
}
/**
* Connects the application to a network element.
*
* @param [in] hostname This is the hostname of the network element.
* @param [in] username Username
* @param [in] password Password
* @param [in] app_name Application Name
* @param [out] ne Address to the onep_network_element_t pointer
*
* @retval NULL if a connection could not be established. Otherwise, a
* onep_session_handle_t pointer is returned.
*/
onep_session_handle_t *
connect_network_element (char* hostname, char *username, char* password,
char* app_name, char *transport,
onep_network_element_t **ne)
{
// START SNIPPET: c_variables
onep_network_application_t* myapp = NULL;
onep_network_element_t* local_ne = NULL;
onep_session_handle_t* session_handle = NULL;
onep_status_t rc;
onep_transport_mode_e mode;
onep_session_config_t* config = NULL;
// END SNIPPET: c_variables
// START SNIPPET: get_instance
/* Obtain a onep_network_application_t instance. */
rc = onep_application_get_instance(&myapp);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get network instance:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
return NULL;
}
// END SNIPPET: get_instance
// START SNIPPET: set_app_name
/* Set the name of the network application. */
if(!app_name_initialized)
{
rc = onep_application_set_name(myapp, app_name);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get network application name:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
disconnect_network_element(NULL, NULL);
return NULL;
}
app_name_initialized = true;
}
// END SNIPPET: set_app_name
// START SNIPPET: get_network_element
/* Get the network element at the given hostname. */
rc = onep_application_get_network_element_by_name(myapp,
hostname,
&local_ne);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to get network element:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
disconnect_network_element(NULL, NULL);
return NULL;
}
// END SNIPPET: get_network_element
// START SNIPPET: connect
/* Create a session configuration. */
if (strcasecmp(transport, "tipc") == 0
|| strcmp(transport, "2") == 0) {
mode = ONEP_SESSION_LOCAL;
} else {
mode = ONEP_SESSION_TLS;
}
rc = create_session_config(mode, &config);
if (rc != ONEP_OK) {
fprintf(stderr,
"\ncreate_session_config failed\n\n");
disconnect_network_element(&local_ne, NULL);
return NULL;
}
/* Connect to the network element. */
rc = onep_element_connect(
local_ne, username, password, config, &session_handle);
if (rc != ONEP_OK) {
/**
* Failed to connect to network element.
*/
fprintf(stderr, "\nFailed to connect to network element:"
" errocode = %d, errormsg = %s",
rc, onep_strerror(rc));
disconnect_network_element(&local_ne, NULL);
return NULL;
}
*ne = local_ne;
return session_handle;
// END SNIPPET: connect
}
/**
* Creates an instance of onep_session_config_t with the given transport mode.
*
* @param [in] mode Transport type to use for the session.
* @param [out] config Address of the pointer to the onep_session_config_t
* to be created.
*
* @retval ONEP_OK In the case of success. Otherwise, a onep_status_t error
* value is returned. Calling onep_strerror() on the return
* value will convert the error number into an error message.
*/
onep_status_t
create_session_config (onep_transport_mode_e mode, onep_session_config_t **config)
{
onep_status_t rc;
onep_status_t destroy_rc;
onep_session_config_t *local_config = NULL;
/* Create a new onep_session_config_t with the given transport mode. */
rc = onep_session_config_new(mode, &local_config);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to construct session local_config: "
"errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
return rc;
}
/* Set the port to connect to on the network element.
* The default ports are: ONEP_SESSION_TLS 15002
* ONEP_SESSION_LOCAL 15003
*
*/
switch (mode) {
case ONEP_SESSION_TLS:
rc = onep_session_config_set_port(local_config, 15002);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to set port: "
"errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
goto error_cleanup;
}
break;
case ONEP_SESSION_LOCAL:
rc = onep_session_config_set_port(local_config, 15003);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to set port: "
"errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
goto error_cleanup;
}
break;
default:
fprintf(stderr, "\nUnknown transport mode: %d", mode);
break;
}
/* Set the TLS attributes of the session. */
if (mode == ONEP_SESSION_TLS) {
rc = onep_session_config_set_tls(
local_config, /* Pointer to onep_session_config_t */
client_cert_path, /* Client certificate file path */
client_key_path, /* Client private key file path */
key_passphrase, /* Client private key passphrase */
root_cert_path); /* Root certificates file path */
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to set TLS: "
"errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
goto error_cleanup;
}
/* Enable pinning */
if (pin_file) {
rc = onep_session_config_set_tls_pinning(local_config, pin_file,
&accept_handler);
if (rc != ONEP_OK) {
fprintf(stderr, "\nFailed to enable TLS pinning: "
"errorcode = %d, errormsg = %s",
rc, onep_strerror(rc));
goto error_cleanup;
}
}
}
*config = local_config;
return ONEP_OK;
error_cleanup:
destroy_rc = onep_session_config_destroy(&local_config);
if (destroy_rc != ONEP_OK) {
fprintf(stderr, "\nFailed to destroy session config: "
"errorcode = %d, errormsg = %s",
destroy_rc, onep_strerror(destroy_rc));
}
return rc;
}
int main(int argc, char *argv[])
{
int exit_code = EXIT_SUCCESS;
char* running = NULL;
/* Temp */
char buffer[80];
/* onep arguments. Only some are used, the rest left as NULL */
onep_network_application_t* app = NULL;
onep_session_handle_t* session_handle = NULL;
onep_status_t rc;
onep_transport_mode_e mode = ONEP_SESSION_TLS;
onep_session_config_t* config = NULL;
onep_cli_filter_t* cli_filter;
onep_event_handle_t cliEvtId = ONEP_EVENT_HANDLE_INVALID;
onep_network_element_t* ne = NULL;
char *app_cert = NULL;
char *app_private_key = NULL;
char *app_private_key_password = NULL;
char *network_element_root_cert = NULL;
char *pin_file = NULL;
char *hostname = NULL;
char *username = NULL;
char *password = NULL;
int c;
while ((c = getopt (argc, argv, "h:u:p:d:c:P")) != -1)
{
switch (c)
{
case 'h':
hostname = optarg;
break;
case 'd':
printf ("Set debug flag\n");
debug = 1;
break;
case 'u':
username = optarg;
break;
case 'p':
password = optarg;
break;
case 'c':
network_element_root_cert = optarg;
case 'P':
pin_file = optarg;
break;
default:
abort();
}
}
if(debug) {
printf("Got arguments: \n%u: %s: %s: %s: %s\n", argc, hostname, username, password, network_element_root_cert);
}
if (argc < 4 || !hostname || !username || !password || !network_element_root_cert) {
printf( "Usage: %s -h <host> -u <username> -p <password> -c <root cert>\n", argv[0]);
return EXIT_FAILURE;
}
/* Register the application */
rc = onep_application_get_instance(&app);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to get network application: "
"errorcode = %d, errormsg = %s\n\n",
rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
} else if (debug) {
printf ("Got network application\n");
}
rc = onep_application_set_name(app, appname);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to set application name: "
"errorcode = %d, errormsg = %s\n",
rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
} else if (debug) {
printf ("Set network application name\n");
}
/* Register a connection */
rc = onep_application_get_network_element_by_name(app,
hostname,
&ne);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to get network element:"
" errocode = %d, errormsg = %s\n",
rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
} else if (debug) {
printf ("Got network element\n");
}
rc = onep_session_config_new(mode, &config);
if (rc != ONEP_OK) {
fprintf(stderr,
"\ncreate_session_config failed\n\n");
exit_code = EXIT_FAILURE;
goto clean;
} else if (debug) {
printf ("Got session config\n");
}
rc = onep_session_config_set_port(config, 15002);
if (ONEP_OK != rc) {
fprintf(stderr, "\nOMG GoT: Failed to set port: "
"errorcode = %d, errormsg = %s\n", rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
rc = onep_session_config_set_tls(
config,
app_cert, /* NULL */
app_private_key, /* NULL */
app_private_key_password, /* NULL */
network_element_root_cert);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to set TLS: errorcode = %d, errormsg = %s\n", rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
/* I'm going to go ahead and assume you don't care if the router has a valid cert. We can even just pass this a null pin_file */
rc = onep_session_config_set_tls_pinning(
config,
pin_file,
&accept_handler);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to enable TLS pinning: "
"errorcode = %d, errormsg = %s\n", rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
/* Blah blah blah */
rc = onep_element_connect(
ne, username, password, config, &session_handle);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to connect to network element:"
" errocode = %d, errormsg = %s\n",
rc, onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
/* Hook show run */
rc = onep_cli_filter_new("show run.*", &cli_filter);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to create cli filter: %d %s", rc,
onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
rc = onep_cli_filter_set_sync(cli_filter, true);
if (rc != ONEP_OK) {
fprintf(stderr, "\nOMG GoT: Failed to set cli sync: %d %s", rc,
onep_strerror(rc));
exit_code = EXIT_FAILURE;
goto clean;
}
char *fmt_string = "%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.\
%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.\
%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.\
%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.\
%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.\
%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.\
%08x.%08x.%08x.%08x.%08x";
running = (char *)malloc(strlen(fmt_string) + 1);
strncpy(running, fmt_string, strlen(fmt_string));
printf("Running: %d", strlen(running));
rc = onep_element_add_cli_listener( ne,
cli_event_handler,
cli_filter,
running,
&cliEvtId);
while(1) {
sleep(5); /* Sleep this thread for 20 seconds */
printf("\nDo you want to continue to run this application [y/n]?");
if (fgets(buffer, sizeof(buffer), stdin)) {
if (buffer[0] == 'n' || buffer[0] == 'N') {
break;
}
}
}
rc = onep_element_remove_cli_listener(ne, cliEvtId);
if (ONEP_OK != rc) {
fprintf(stderr, "\nOMG GoT: Error while removing CLI listener: %d, %s",
rc, onep_strerror(rc));
goto clean;
}
clean:
if(cliEvtId)
onep_element_remove_cli_listener(ne, cliEvtId);
if(ne)
onep_element_disconnect(ne);
return exit_code;
}
TApiStatus DeployFiltersToElement(TNetworkElement* element)
{
onep_status_t rc;
// Create filtering rules
TApiStatus s = GenerateFilters(element);
if(s != API_OK)
{
PrintErrorMessage("DeployFiltersToElement", "generate filters");
return API_ERROR;
}
// Create operation list and set it to interface
rc = onep_policy_target_op_list_new(&(element->target_op_list));
if(rc != ONEP_OK) {
PrintErrorMessage("DeployFiltersToElement", onep_strerror(rc));
return API_ERROR;
}
rc = onep_policy_op_add_network_element(element->target_op_list, element->ne);
if(rc != ONEP_OK) {
PrintErrorMessage("DeployFiltersToElement", onep_strerror(rc));
return API_ERROR;
}
// Bind policy to interfaces
TInterfaceItem* next = element->interface_list;
while(next != NULL)
{
onep_policy_target_op_t *target_op = NULL;
rc = onep_policy_target_op_activate(element->target_op_list, &target_op);
if(rc != ONEP_OK) {
PrintErrorMessage("DeployFiltersToElement", onep_strerror(rc));
return API_ERROR;
}
rc = onep_policy_target_op_add_pmap(target_op, FilterList.pmap_handle);
if(rc != ONEP_OK) {
PrintErrorMessage("DeployFiltersToElement", onep_strerror(rc));
return API_ERROR;
}
rc = onep_policy_target_op_add_interface(target_op, next->interface);
if(rc != ONEP_OK) {
PrintErrorMessage("DeployFiltersToElement", onep_strerror(rc));
return API_ERROR;
}
// direction of packets
rc = onep_policy_target_op_set_direction(target_op, ONEP_DIRECTION_IN);
if(rc != ONEP_OK) {
PrintErrorMessage("DeployFiltersToElement", onep_strerror(rc));
return API_ERROR;
}
next = next->next;
}
// Update policy on router
rc = onep_policy_op_update(element->target_op_list);
if(rc != ONEP_OK) {
PrintErrorMessage("DeployFiltersToElement", onep_strerror(rc));
return API_ERROR;
}
return API_OK;
}
