Skip to main content

Commands

This page outlines the command protocol used for inter-process communication (IPC) over a Unix domain socket. Various commands and data structures, formatted in JSON, are transmitted through the socket.

Command Structure

  • type is type of packet
  • seq is the sequence number

Ack packet

  • reply to commands with same sequence number
  • may contain payload data
{
  "type": "{{request command type}}",
  "seq": 123
}

From Router

use cli app idpsctl or write to domain socket?

enable/disable ids

  • start/stop suricata and cfm_live processes, the router will continue to retrieve rules update from backend
{
  "type": "ids_enable",
  "seq": 123,
  "payload": {
    "enable": false
  }
}

enable/disable ips

  • start/stop storing and notifying new firewall rules
{
  "type": "ips_enable",
  "seq": 123,
  "payload": {
    "enable": false
  }
}

query idps status

{
  "type": "idps_status",
  "seq": 123
}
  • idpsctld response with Ack packet
{
  "type": "idps_status",
  "seq": 123,
  "payload": {
    "ids_expected_status": true,
    "ips_expected_status": true,
    "ids_status": true,
    "ips_status": true,
    "ids_last_updated": "2025-10-28T06:49:21.607531Z",
    "ids_rules_count": 3912,
    "ips_last_updated": "2025-10-28T06:49:21.593895Z",
    "ids_rules": "/var/Astri/rules/ids/default.rules",
    "fw_rules": "/var/Astri/rules/firewall/default.csv",
    "fw_rules_count": 3
  }
}

force rules update?

From IDPS

ids rules updated

  • signals a new ids rule file
  • timestamp is the timestamp of the new rule file
  • location is the path of the new rule file
  • count is the number of rules in the new rule file
{
  "type": "ids_rules",
  "timestamp": "2025-10-28T06:49:21.607531Z",
  "location": "/var/Astri/rules/ids/default.rules",
  "count": 3912
}

firewall rules updated

  • signals a new firewall rule file
  • timestamp is the timestamp of the new rule file
  • location is the path of the new rule file
  • count is the number of rules in the new rule file
{
  "type": "firewall_rules",
  "timestamp": "2025-10-28T06:49:21.593895Z",
  "location": "/var/Astri/rules/firewall/default.csv",
  "count": 3
}

See Sample firewall rules

query hardware info

this is no longer called by idpsctld
use environment variable IDPS_DEVICE_ID to specify the device ID

  • query hardware info of the router (serial, MAC address)
{
  "type": "hw_query",
  "seq": 123
}
  • routerd response with Ack packet
  • id is id of the router, using MAC address for now
{
  "type": "hw_query",
  "seq": 123,
  "id": "A9CEEE9436F6"
}

Test app

The idpsctl CLI publishes command payloads to the daemon's IDPS_SOCKET_COMMAND (${IDPS_FOLDER}/socket/command.socket)and prints the response. Choose exactly one of the dedicated flags for each command type:

${IDPS_FOLDER}/bin/idpsctl disableids     # ids_enable payload with enable=false
${IDPS_FOLDER}/bin/idpsctl enableips      # ips_enable payload with enable=true
${IDPS_FOLDER}/bin/idpsctl disableips     # ips_enable payload with enable=false
${IDPS_FOLDER}/bin/idpsctl querystatus    # idps_status command with no payload

Use --socket to override the socket path, --seq to provide an explicit sequence number, or --timeout to wait longer for a response (default is 5s). The CLI constructs and validates the payload before sending it.