Initializing the Dynamic Firewall Filter Functionality

The application's control component first sets up pointers to the junos_dfw_client_functions_t and junos_dfw_conn_addr_t conn_addr structures that describe the functions to be executed and where to connect.

You can supply functions to be invoked on session connect, session connection state change, acceptance and rejection of the configuration. You set fields in the connection address structure using various constants provided in the header file.

The code then allocates memory for a session by calling the function junos_dfw_session_handle_alloc(), and opens the session by calling junos_dfw_session_open(), passing in the information supplied earlier.

init_dfw(evContext ctx)
    int rc;
    junos_dfw_client_functions_t funcs;
    junos_dfw_conn_addr_t conn_addr;
    junos_dfw_sdk_app_id_t client_id;

    ready = FALSE;
    dfw_handle = NULL;
    funcs.session_connect_cb = session_connect;
    funcs.session_state_change_cb = session_state_changed;
    funcs.trans_rejected_cb = transaction_rejected;
    funcs.trans_accepted_cb = transaction_accepted;

    rc = junos_dfw_session_handle_alloc(&dfw_handle, &funcs);
    if(rc != 0) {
        LOG(LOG_ERR, "%s: Cannot allocate handle for a dynamic "
                "firewall session (%m)", __func__);
        dfw_handle = NULL;
        return EFAIL;
    conn_addr.addr_family = JUNOS_DFW_CONN_AF_INET;
    conn_addr.addr.dfwd_inet.dfwd_server_port = JUNOS_DFW_DEFAULT_PORT;
    conn_addr.addr.dfwd_inet.dfwd_host_name = 
        malloc(strlen(JUNOS_DFW_DEFAULT_LOCAL_ADDR) + 1);
    INSIST_ERR(conn_addr.addr.dfwd_inet.dfwd_host_name != NULL);
            strlen(JUNOS_DFW_DEFAULT_LOCAL_ADDR) + 1);
    client_id = DPM_CTRL_CLIENT_ID;
    rc = junos_dfw_session_open(dfw_handle, &conn_addr, client_id, ctx);
    if(rc != 0) {
        if(errno == EISCONN) {
            LOG(LOG_INFO, "%s: Connection to DWFD established", __func__);
            ready = TRUE;            
        } else {
            LOG(LOG_ERR, "%s: Cannot setup dynamic firewall connection (%m)",
            dfw_handle = NULL;
            return EFAIL;

    return SUCCESS;

Processing the Configuration

2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:47 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5