Policy extensions 编辑

The policy extension feature enables you to write extension functions for built-in policy types. The extensions can be used in policy expressions, just like built-in functions. They are executed when the corresponding policy expressions are evaluated. This feature is useful for:

  • Adding customized functions to existing Policies.
  • Implementing logical constructs for complex customer requirements.

The policy extension feature addresses these limitations by enabling users to write extension functions for built in Policy types. The extensions can then be used in the policy expressions, just like built-in functions. They are executed when the corresponding policy expressions are evaluated.

The following table lists the policy types that can be used when writing an extension, and their associated mappings.

Policy TypeMapped Policy TypeOutput
TEXT_TNSTEXTString
BOOL_ATNSBOOLBoolean
NUM_ATNSNUMNumber (double-precision floating point)
DOUBLE_ATNSDOUBLENumber (double-precision floating point)

Prerequisites for using policy extensions

The imported functions must conform to the existing policy standards. Therefore:

  • The function name must start with a letter and may contain numbers or underscores.
  • The function name is treated as case insensitive by Citrix ADC policies.
  • The function must return a single value even if the extension language returns multiple values.
  • Functions with a variable number of arguments are not supported.

How do policy extensions work?

The existing policies on a Citrix ADC appliance use an interpreter to evaluate the functions, which are imported in a policy extension file. When a user imports a new function in a policy extension file:

  1. The extension file is validated for syntax and other conditions.
  2. If the validation fails, the error is reported to the user.
  3. If the validation succeeds, the extension file is imported to the Citrix ADC appliance and its contents can be used in policy expressions, just like any built-in policy function
    1. If the policy expression evaluation returns an error during runtime, it is reported as an undef event and the associated error counter is incremented.

      Note: If a policy undef event occurs and the policy rule contains one or more policy extension functions, the show ns extension <name> command displays the undef hits when applied to those policy extensions. If the extension function is aborted, the abort counter value is incremented.

    2. If the policy expression evaluation is successful, expression evaluation resumes until the entire expression is evaluated, or until it is aborted because of an error.

If the extension function takes too long to run, it is aborted, and the error counter pertaining to that extension function is incremented. The extension function is sandboxed, which prevents:

  • Excessive CPU usage on the Citrix ADC appliance.
  • Excessive memory usage on the Citrix ADC appliance.
  • Usage of harmful built-in libraries or third-party libraries or binaries.
  • Long-running scripts that could potentially cause the Citrix ADC appliance to reboot.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:15 次

字数:4046

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文