L4 SSL Datascripts

Datapath DS APIs

The following are the data path APIs:

  1. buffered = avi.l4.collect("x")

    This data-script will collect “x” amount of bytes in socket buffer. This API can yield and resume. Socket buffer is decided based on which DS event invokes this API (Client sockbuf for L4 request and server sockbuf for L4 response). Return value of the API is the amount of data present in the sockbuf.

  2. payload = avi.l4.read("xBytes", offset, "client"/"server")

    Reads xBytes from socket buffer and presents it as hex-stream to the data-script. The direction decides which sockbuf data to be read from.

  3. avi.l4.discard("xBytes", offset, "client"/"server")

    Discard xBytes from sockbuf using specified offset.

  4. avi.l4.modify(payload2, offset, "client"/"server")

    Inserts payload2 at offset of the sockbuf.

  5. avi.l4.pause("xBytes”)

    a. Pauses Tx after sending xBytes in natural proxy direction.

    b. Currently, multiple pause apis cannot be used in the same event.

    c. Currently, any API that could cause yield cannot be used after pause.

  6. avi.l4.send(payload2)

    a. Sends out-of-bound data to the client/ server.

    b. Send-API will always have higher priority than Resume-API, which means if you use send and resume at the same time, the data released by Resume-API will always go after the data in the Send-API.

    c. If invoked in L4 request, it sends OOB data to client.

    d. If invoked in L4 response, it sends OOB data to server.

  7. avi.l4.resume("xBytes")

    a. Resume peer sockbuf to release “xBytes” amount of data. (xBytes is equal to zero means release all the data)

    b. If invoked in L4 request, response side data will be released.

    c. If invoked in L4 response, request side data will be released.

    d. Currently, multiple resume API cannot be used in same event.

    e. Currently, any API that could cause yield cannot be used after resume.

  8. avi.vs.ds_done()

    Stops invocation of current datascript for the connection.

Load Balancing API

avi.pool.select or avi.vs.persist will be a No-op if load balancing is already done.

All of the manipulation API are on the current snapshot of underlying socket buffer.

Every API is relative to the previous API, for instance, avi.l4.discard will discard some part of payload. The succeeding API, for instance, avi.l4.modify, will work on the new payload set obtained as result of avi.l4.discard.

FIX APIs

  • avi.fix.parse — Use FIX parser C library to parse the provided payload.
  • avi.fix.getTagValue — Get the TAG value in the current message context.

SSL APIs

  1. avi.ssl.protocol
  2. avi.ssl.disable_ssl()
  3. avi.ssl.enable_ssl()
  4. avi.ssl.server_name
  5. avi.ssl.client_cert
  6. avi.ssl.cipher
  7. avi.ssl.clear_error - Clears the error bitmap set by openSSL in SSL context to ignore certain errors while SSL handshake (for instance, allow expired certificate, and so on)

VS APIs

  1. avi.vs.log
  2. avi.vs.debug
  3. avi.vs.client_ip
  4. avi.vs.client_port
  5. avi.vs.vip_ip
  6. avi.vs.vip_port
  7. avi.vs.name
  8. avi.vs.table_insert
  9. avi.vs.table_lookup
  10. avi.vs.table_remove
  11. avi.vs.close_conn
  12. avi.vs.done

POOL APIs

  1. avi.pool.select

GROUP APIs

  1. avi.ipgroup.contains
  2. avi.stringgroup.contains{_CASE}
  3. avi.stringgroup.equals{_CASE}
  4. avi.stringgroup.beginswith{_CASE}
  5. avi.stringgroup.endswith{_CASE}