Open Ethernet Networking (OpEN) API Guide and Reference Manual
3.6.0.3
|
This document provides a brief description of the Dynamic ARP Inspection (DAI) OpEN API. Dynamic ARP Inspection is a security feature. The intent of DAI is to prevent man-in-the-middle attacks that can occur when a malicious station intercepts traffic by poisoning the ARP caches of neighboring stations.
This API provides the following services:
In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits.
aclarptable_example.c is a sample application that emulates the "show arp access-list" command. It uses the DAI OpEN APIs to retrieve and display ACL ARP table entries. It is started from the command line and has the following usage syntax:
Usage: arptable_example [-a aclname]
dai_example.c is a sample application that emulates part of the "show ip arp inspection" command. It uses the DAI OpEN APIs to set and get the global validation modes. It is started from the command line and has the following usage syntax:
Usage: dai_example <test#> <arg1> <arg2> ...
The mapping between the OpEN APIs and CLI commands is shown below.
CLI Command | OpEN API Functions
--------------------------------------—
(Config)# show arp access-list <aclname> | openapiArpAclGet(), openapiArpAclRuleNextGet(), openapiArpAclNextGet()
(Config)# show ip arp inspection | openapiDaiSourceMacValidateModeGet(), openapiDaiDestMacValidateModeGet(), openapiDaiIpAddrValidateModeGet()