1. RESTful API Specification
1.1. Authentication
The default credentials are:
Username:
adminPassword:
admin
Please note that the HTTP basic access authentication should be used for authentication,
for example with curl it is possible to specify username and password with
-u <user>:<password> as in the command below:
curl -u <user>:<password> "http://192.168.1.1:8880/egress/aggregated/default?action=forward"
Please check the Examples section for more examples.
1.1.1. Changing the REST API Password
Credentials are stored in Redis (configured via --redis). Passwords are kept as MD5
hashes under the key cento.user.<username>.password.
To set or change the password for a user, compute the MD5 hash of the desired password and write it to Redis:
# Compute the MD5 hash of the new password
NEW_HASH=$(printf '%s' 'newpassword' | md5sum | awk '{print $1}')
# Store it in Redis (replace 'admin' with the actual username)
redis-cli SET cento.user.admin.password "$NEW_HASH"
If the Redis instance listens on a non-default host or port, supply the connection details
with -h and -p:
redis-cli -h 127.0.0.1 -p 6379 SET cento.user.admin.password "$NEW_HASH"
1.2. API
1.2.1. Aggregated Egress Queue
GET /egress/aggregated/[<Queue Index>/]default
Set the default policy for the aggregated egress queue
Description: Set the policy to be applied by default to the traffic directed to the aggregated egress queue or interface.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
action |
query |
Default action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
GET /egress/aggregated/[<Queue Index>/]ip
Set a subnet-based policy for the aggregated egress queue
Description: Set a policy to be applied to all traffic matching the provided subnet and directed to the aggregated egress queue or interface.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
subnet |
query |
Subnet to match in CIDR format |
string |
action |
query |
Action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
GET /egress/aggregated/[<Queue Index>/]protocol/<Application Protocol>
Set a layer-7 protocol-based policy for the aggregated egress queue
Description: Set a policy to be applied to all traffic matching the provided layer-7 application protocol (nDPI) and directed to the aggregated egress queue or interface.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
action |
query |
Action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
1.2.2. Balanced Egress Queue
GET /egress/balanced/default
Set the default policy for the balanced egress queue
Description: Set the policy to be applied by default to the traffic directed to the balanced egress queue or interface.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
action |
query |
Default action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
GET /egress/balanced/ip
Set a subnet-based policy for the balanced egress queue
Description: Set a policy to be applied to all traffic matching the provided subnet and directed to the balanced egress queue or interface.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
subnet |
query |
Subnet to match in CIDR format |
string |
action |
query |
Action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
GET /egress/balanced/protocol/<Application Protocol>
Set a layer-7 protocol-based policy for the balanced egress queue
Description: Set a policy to be applied to all traffic matching the provided layer-7 application protocol (nDPI) and directed to the balanced egress queue or interface.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
action |
query |
Action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
1.2.3. Bridge
GET /egress/bridge/default
Set the default policy for the bridge
Description: Set the policy to be applied by default to the traffic directed to the bridged interfaces.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
action |
query |
Default action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
GET /egress/bridge/ip
Set a subnet-based policy for the bridge
Description: Set a policy to be applied to all traffic matching the provided subnet and directed to the bridged interfaces.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
subnet |
query |
Subnet to match in CIDR format |
string |
action |
query |
Action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.
GET /egress/bridge/protocol/<Application Protocol>
Set a layer-7 protocol-based policy for the bridge
Description: Set a policy to be applied to all traffic matching the provided layer-7 application protocol (nDPI) and directed to the bridged interface.
Produces: ['application/json']
Parameters
Name |
Position |
Description |
Type |
|---|---|---|---|
action |
query |
Action (forward, discard, shunt, slice-l4, slice-l3) |
string |
Responses
200 - Successful operation, the returned object contains the actual status.
400 - Invalid status value.