Connect. Communicate. Collaborate. Securely.

Home » Developer Zone » API/SDK Writers » KControl : TrafficRule id
  •  
cedricl

Messages: 10
Karma: 1
Send a private message to this user
Hello,

I use TrafficRule id (IDL: kerio::web::KId id in webadmin::TrafficRule) to match rule in my remote program using Kerio Control API.
But I want to be sure :

  1. Is the ID can change ? (order or rule modification)
  2. Is the ID acting like a sql auto-increment counter ? (so unused ID left from deleted rules never come back)


Thanks !
  •  
Miroslav Osladil (Kerio)

Messages: 188

Karma: 27
Send a private message to this user
Hi Cedric,

Good question! Smile

When changing the traffic rule order, it changes the order field, not the ID itself. So you cannot rely on that some ID is not used again. The autoincrement value is nowhere stored.

Example:
I have a record with ID=99, then I create a new with ID=100, delete the record ID=100 and turn Control off and on again. Then when I create a new record, it gets ID=100, because the value for autoincrement is retrieved from existing records and ID=100 was already deleted so the new process (Control instance) knows nothing about that deleted traffic rule with ID=100 and uses it.

It applies for the vast majority IDs of type int, if not for all.

So,
1. ID is not intended for a change
2. No, you cannot rely on it

Hope it makes sense, let me know if not. Smile

Best regards,

Miroslav Osladil
Senior Developer
Kerio Technologies

The views I express are my own and do not necessarily reflect the views of Kerio Technologies.
  •  
cedricl

Messages: 10
Karma: 1
Send a private message to this user
Hi,

Thank you for your answer.

It's very annoying that I can't rely on ID...
But I have some solutions:
  1. Using rule's name : But users can change it and it can be not unique ; I will have to implement a interface for users to link old to new name and keep history of the rule. Not very reliable...
  2. Hash based on some fields ? More reliable than the name. If I stock the ID used to hash the rule I can track ID changes too.
  3. Mixed solution with both hash/name solutions...
  4. Regenerating all rules from the database... Not so easy, heavy work.


Well you should consider adding an uuid to each rules Razz


Other thing : There is no "order field" in the idl file about TrafficRule. But you state there is an order field ? Is it returned with the json query "TrafficPolicy.get" ?

Best Regards,

EDIT : Perhaps I misunderstood your answer (1) about the ID change. I don't want to change the ID but to keep track of the rule.

Scenario: If I have 5 rules ID 1 to 5.
If I restart Kerio, or change orders rules , name or destination, will the ID be changed by Kerio ?
If I delete the rule "id=3", will Kerio take 3 for a new rule or 6 ?

Thanks again Smile

[Updated on: Fri, 18 April 2014 13:28]

  •  
Miroslav Osladil (Kerio)

Messages: 188

Karma: 27
Send a private message to this user
Yes, you're right.

The current situation is that IDs are autoincremented with the only one special case when you delete last ID, restart engine and create a new one. Then the last ID is not remembered and is re-used. All previous IDs are not used.

We will fix that in some of upcoming version within public API launch. Smile

Thank you for reporting!

Note: Even if you have persistent ID you still will hope, that someone haven't change the action from allow to deny. Smile etc. So complex rule checking with several conditions is a must.

Best regards,

Miroslav Osladil
Senior Developer
Kerio Technologies

The views I express are my own and do not necessarily reflect the views of Kerio Technologies.
  •  
cedricl

Messages: 10
Karma: 1
Send a private message to this user
Miroslav Osladil (Kerio) wrote on Tue, 22 April 2014 08:17
Yes, you're right.

The current situation is that IDs are autoincremented with the only one special case when you delete last ID, restart engine and create a new one. Then the last ID is not remembered and is re-used. All previous IDs are not used.

We will fix that in some of upcoming version within public API launch. Smile

Thank you for reporting!


Yeah Cool
Miroslav Osladil (Kerio) wrote on Tue, 22 April 2014 08:17

Note: Even if you have persistent ID you still will hope, that someone haven't change the action from allow to deny. Smile etc. So complex rule checking with several conditions is a must.

Best regards,


I know, this is what I am looking for : but how I can track changes if I don't have a reliable "link" between Kerio Control traffic rules and rules stored in my database Wink With a correct use of ID or if you add uuid, I will get my reliable link and everything will be simpler Razz

  •  
Miroslav Osladil (Kerio)

Messages: 188

Karma: 27
Send a private message to this user
You can 99.9% rely on the ID (with knowledge of that one special case) which will be fixed soon.

What I am trying to point out is that even UUID won't give you the absolute truth someone changes the rule on server in Web Administration. Smile

You may rely on a rule with an UUID=xyz but when the conditions (from/to/port,action) change it's completely different rule.

[Updated on: Tue, 22 April 2014 13:14]


Miroslav Osladil
Senior Developer
Kerio Technologies

The views I express are my own and do not necessarily reflect the views of Kerio Technologies.
  •  
Miroslav Osladil (Kerio)

Messages: 188

Karma: 27
Send a private message to this user
Anyway, we love our users and we will make it how they it want. Smile

Miroslav Osladil
Senior Developer
Kerio Technologies

The views I express are my own and do not necessarily reflect the views of Kerio Technologies.
  •  
cedricl

Messages: 10
Karma: 1
Send a private message to this user
Miroslav Osladil (Kerio) wrote on Tue, 22 April 2014 11:13
You can 99.9% rely on the ID (with knowledge of that one special case) which will be fixed soon.

What I am trying to point out is that even UUID won't give you the absolute truth someone changes the rule on server in Web Administration. Smile

You may rely on a rule with an UUID=xyz but when the conditions (from/to/port,action) change it's completely different rule.


I know that Wink uuid should be generated at creation time and users should not be allowed to modifying it. Then I can use uuid to match rule in my db and kerio TrafficPolicy list.

If I can't find the rule in DB : it's a new rule
If I can't find the rule in Kerio : rule have been deleted
If I find rule in both Kerio and db : check for changes on each fields I want to survey (yes probably all of them Very Happy)

This way I can track and make an history of all rules even if a rule is heavily rewrote Smile or suddenly disappears...
  •  
Miroslav Osladil (Kerio)

Messages: 188

Karma: 27
Send a private message to this user
lol Smile then it's not uuid but rather md5.

Miroslav Osladil
Senior Developer
Kerio Technologies

The views I express are my own and do not necessarily reflect the views of Kerio Technologies.
  •  
cedricl

Messages: 10
Karma: 1
Send a private message to this user
Miroslav Osladil (Kerio) wrote on Tue, 22 April 2014 11:50
lol Smile then it's not uuid but rather md5.


No, it's clearly an UUID that I need not a hash. Perhaps I am not very understandable as English is not my nother tongue. Let me try again :

UUID is set by Kerio Control when adding a rule. One uuid = One rule
If a rule is altered, the UUID not changes (RO attribute)
If I delete a rule, its UUID will never be used for a new rule, even if it is exactly the same.

Now I want to track any change in the Kerio TrafficRules list, and track changes of each rules. For that purpose I register all rules in a DB, One rule by record.
UUID will be the unique primary key of my DB along with other fields I want to survey.

Now to search and find changes :
I pick the first record of my BD, get the UUID and search the rule in Kerio.
-> I find it : I check all fields to see if there is any change (algorithm based on hash, text, whatever).
-> I can't find it : The rule have been deleted => proceed to inform users.
-> next rule in DB until the end.

Then I retrieve all Kerio Traffic Policy and look after new UUIDs => new rules not stored in my DB. Add it to the DB, notify user etc.

The goal is to have history of each rules, reports alteration to users (possibly not computer scientist) and make some simple rules change (enabling/disabling) based on some events (scheduler). Like: "The rule currently named VPN services have been altered : action is now Permit (before Refused), description is now "Kerio and IPSEC Tunnel" (before Kerio Tunnel)"

In my point of view UUID if for matching (retrieving) the rule, rule as a container of fields whatever the fields contains. UUID is not for find changes it's just for identification purpose.

I hope I'm clearer now Smile Thanks you for reading me.
  •  
Miroslav Osladil (Kerio)

Messages: 188

Karma: 27
Send a private message to this user
Make sense Smile I've created a bug 90970 for it but I cannot promise if and when the fix will be available.

Thanks!

Miroslav Osladil
Senior Developer
Kerio Technologies

The views I express are my own and do not necessarily reflect the views of Kerio Technologies.
  •  
cedricl

Messages: 10
Karma: 1
Send a private message to this user
Thanks a lot !

I continue the developpement, if something is driving me crazy I will ge back Cool
Previous Topic: API upgrades
Next Topic: special characters in calendars not working
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 15:12:40 CEST 2017

Total time taken to generate the page: 0.00491 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.