PrivX Exec Router
=================

The exec router type is used together with router/firewall specific vendor tools
to control a router component.

The exec router is configured in network access manager settings with a remote
access client IP pool and router specific parameter string. The parameter string
is used for passing parameters to the configuration commands. Network access
manager does not interprete or use the contents of the parameter string.

Network access manager executes the fixed commands
 /opt/privx/privx-router/exec/add {network parameters} {router parameters}
    {session parameters} [{static config}]
 /opt/privx/privx-router/exec/del {network parameters} {router parameters}
    {session parameters} [{static config}]
when adding or deleting PrivX router sessions. Both of these commands receive
network parameters, router parameters, session parameters and optionally
static config as a json encoded blob arguments:

Network parameters:
{
  "src": "10.0.0.1",
  "dst": [
    {
      "selector": {
	    "ip": { "start": "192.168.1.1", "end": "192.168.1.1" },
        "proto": "tcp",
        "port": { "start": 443, "end": 443 }
      },
      "nat": { "addr": "192.168.57.19", "port": 10443 }
    }
  ],
  "src_nat": false,
}

Router parameters:
{
  "client_ip_pool": [ "10.0.0.0/24" ],
  "parameters": "router specific parameters configured in settings UI"
}

Session parameters:
{
  "session_id": "session UUID",
  "target_id": "network target UUID",
  "target_name": "network target name"
}

If network target's integration type is defined, static config parameters. While
this can be defined by the administrator, NQX integration, for example, will
have the following shape:
{
  "type": "l3rules",
  "source_id": "custom source UUID",
  "source_name": "custom source name"
}

The commands are expected to add / del session to router, and return zero
exit code on success and non-zero exit code on failure.
