TrafficPolicy.idl

Go to the documentation of this file.

/**
 * @file     TrafficPolicy.idl
 * @brief    API for Traffic Policy
 * @version  5
 */

#import <kerio/web/idl/SharedStructures.idl>
#import <common.idl>
#import <Interfaces.idl>
#import <Users.idl>
#import <IpServices.idl>

module webadmin {

/**
 * Mode of source address NAT
 */
enum SourceNatMode {
   NatDefault,
   NatInterface,
   NatIpAddress
};

/**
 * Balancing mode of source address NAT
 */
enum NatBalancing {
   BalancingPerHost,
   BalancingPerConnection
};

/**
 * IP version
 */
enum TrafficIpVersion {
   Ipv4,
   Ipv6,
   IpAll
};

/**
 * Type of interface in rule
 */
enum InterfaceConditionType {
   InterfaceInternet,
   InterfaceTrusted,
   InterfaceGuest,
   InterfaceSelected
};

/**
 * One interface in rule
 */
struct InterfaceCondition {
   InterfaceConditionType type;
   InterfaceType interfaceType;     ///< @see InterfaceManager, used values: Ethernet, Ras
   IdReference selectedInterface;   ///< invalid - interface is no more in the configuration (nothing)
   boolean enabled;                 ///< interface is present, but disabled/down
};

/**
 * Type of VPN in rule
 */
enum VpnConditionType {
   IncomingClient,
   SelectedTunnel,
   AllTunnels
};

/**
 * One VPN in rule
 */
struct VpnCondition {
   VpnConditionType type;
   IdReference tunnel;    ///< invalid - tunnel is no more in the configuration (nothing)
   boolean enabled;       ///< tunnel is present, but disabled/down
};

/**
 * Type of Traffic Entity in TrafficEntityList
 */
enum TrafficEntityType {
  TrafficEntityHost,
  TrafficEntityNetwork,
  TrafficEntityRange,
  TrafficEntityAddressGroup,
  TrafficEntityPrefix,
  TrafficEntityInterface,
  TrafficEntityVpn,
  TrafficEntityUsers
};

/**
 * One entity if there is list of entities in rule's Source or Destination
 */
struct TrafficEntity {

   TrafficEntityType type;

   /*@{ host */
   string host;   /**< name or IP or Prefix */
   /*@}*/

   /*@{ network, range */
   kerio::web::IpAddress addr1;  /**< network/from, e.g. 192.168.0.0 */
   kerio::web::IpAddress addr2;    /**< mask/to, e.g. 255.255.0.0 */
   /*@}*/

   /*@{ IP address group */
   IdReference addressGroup;
   /*@}*/

   /*@{ interface */
   InterfaceCondition interfaceCondition;
   /*@}*/

   /*@{ vpn */
   VpnCondition vpnCondition;
   /*@}*/

   /*@{ users */
   UserConditionType userType; ///< @see Users.idl, used values: AuthenticatedUsers, SelectedUsers
   UserReference user; ///< @see UserManager
   /*@}*/
};

/**
 * All entities in rule's Source or Destination
 */
typedef sequence<TrafficEntity> TrafficEntityList;

/**
 * Rule's Source or Destination
 */
struct TrafficCondition {
   RuleConditionType type;
   boolean firewall;
   TrafficEntityList entities;
};

/**
 * One service if there is list of services
 */
struct TrafficServiceEntity {
   boolean definedService;
   IpServiceReference service;
   long protocol;     ///< TCP - 6, UDP - 17 @see IpServiceManager
   PortCondition port;
};

/**
 * List of services
 */
typedef sequence<TrafficServiceEntity> TrafficServiceEntityList;

/**
 * Rule's Services properties
 */
struct TrafficService {
   RuleConditionType type;
   TrafficServiceEntityList entries;
};

/**
 * List of logEnabled values, order:
 * 1. logPackets
 * 2. logConnections
 */
typedef sequence<boolean> LogEnabled;

/**
 * One traffic policy rule
 */
struct TrafficRule {
   kerio::web::KId id;

   /*@{ name */
   boolean enabled;
   string name;
   string description;
   string color;

   /*@{ rule Sourc, Destination */
   TrafficCondition source;
   TrafficCondition destination;

   /*@{ service */
   TrafficService service;

   /*@{ IP verison */
   TrafficIpVersion ipVersion;

   /*@{ action */
   RuleAction action; ///< @see common; possible values: allow, deny, drop
   LogEnabled logEnabled;
   boolean graphEnabled;
   kerio::web::OptionalLong dscp;

   /*@{ NAT IP version */
   boolean natIpv4Only;

   /*@{ source NAT */
   boolean enableSourceNat;
   SourceNatMode natMode;
   boolean allowReverseConnection;
   /*@{ properties of NatDefault */
   NatBalancing  balancing;
   /*@{ properties of NatInterface */
   IdReference natInterface;
   boolean allowFailover;
   /*@{ properties of NatIpAddress */
   string ipAddress;
   string ipv6Address;

   /*@{ destination NAT */
   boolean enableDestinationNat;
   string translatedHost;
   string translatedIpv6Host;
   kerio::web::OptionalLong translatedPort;

   /*@{ valid time */
   IdReference validTimeRange;

   /*@{ protocol inspector */
   string inspector;         ///< name of Protocol Inspector, @see InspectorManager + values: default, none

   TimeSpan lastUsed;        ///< last time when connection matched, read-only

};

/**
 * All traffic policy rules
 */
typedef sequence<TrafficRule> TrafficRuleList;

struct TrafficPolicyFilter {
   kerio::web::IpAddress sourceIp;
   kerio::web::IpAddress destinationIp;
   long port;
};

/**
 * Manager for Traffic Policy
 */
interface TrafficPolicy {
   /**
    * Get the list of Traffic Policy rules
    *
    * @param  list - list of Traffic Policy rules
    * @param  totalItems - count of all rules in Traffic Policy
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void get(out TrafficRuleList list, out long totalItems);

   /**
    * Stores the list of Traffic Policy rules
    *
    * @param  errors - list of errors \n
    *          8002  Database error.   - "Unable to modify rule '%1'." \n
    *          8002  Database error.   - "Unable to create rule '%1'." \n
    *          8002  Database error.   - "Unable to delete rule '%1'."
    * @param  rules - list of Traffic Policy rules
    * @param  defaultRule - properties of default rule
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void set(out kerio::web::ErrorList errors, in TrafficRuleList rules, in TrafficRule defaultRule);

   /**
    * Return list of overlappped rules
    * @param collisions - list of collisions
    * @throws kerio::web::ApiException on error:
    *         -32001 Session expired. - "The user is not logged in."
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void getCollisions(out CollisionList list);

   /**
    * Get properties of default rule
    *
    * @param  rule - properties of default rule
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired. - "The user is not logged in." \n
    *          1004  Access denied.   - "Insufficient rights to perform the requested operation."
    */
   void getDefaultRule(out TrafficRule rule);

   /**
    * Return all rules, that matches given criteria in time, when this method was called.
    *
    * @param  list - IDs of rules
    * @param  condition - Filter parameters. Empty parameter (0 for numbers) in condition means 'any'.
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired.    - "The user is not logged in." \n
    *          1004  Access denied.      - "Insufficient rights to perform the requested operation." \n
    *          8001    Invalid parameters. - "Invalid parameters."
    */
   void filterRules(out kerio::web::KIdList idList, in TrafficPolicyFilter condition);
   
   /**
    * Normalize TrafficEntity.
    *
    * @param  input - TrafficEntity
    * @throws kerio::web::ApiException \n
    *         -32001 Session expired.    - "The user is not logged in." \n
    *          1004  Access denied.      - "Insufficient rights to perform the requested operation." \n
    *          8001    Invalid parameters. - "Invalid parameters."
    */
   void normalizeTrafficEntity(out kerio::web::ErrorList errors, out TrafficEntity result, in TrafficEntity input);
};

}; //webadmin