Unifi OSv3 / Network Version 7.4.145 features

[DanielBaulig]

I would love to see some features of Unifi Network Version 7.4 / Unifi OS version 3 integrated into this integration.

I'm personally particularly interested in the following features:

1. Control of traffic management functions
2. Control of Smart Queues
3. Reading of WAN health stats

I am happy to do some digging around in the Unifi UI to help figure out API endpoints etc. Is this something that would make sense to add here (and ultimately in the Home Assistant integration)?

[Kane610]

Hey!

I'm running UDM Pro so not yet up on v3, so not 100% knowledgable about the functionality but it probably fits in if you can describe how you'd like to use them.

[DanielBaulig]

For traffic management I am specifically interested in using the enable / disable (or pause / resume) function.

I looked at some of the HTTP traffic already that toggling this triggers. It appears it does a put request to a specific endpoint identifying the specific traffic rule and supplies all of the whole traffic rule data. The rule itself is identified by an opaque id. This seems very verbose, but may be required. I would give an PUT, POST and PATCH with partial data a try, too, in case the backend accepts that. In that case it wouldn't require pulling and resupplying the entire traffic rule config just to update the enabled field.

For control of smart queues, I would like to be able to supply the upload and download limits:

I haven't looked at the HTTP requests for this yet and can't really speak to it.

The WAN health stats seem to be read through a simple HTTP get request that returns a JSON object that contains a whole bunch of health data (e.g. WIFI health, etc) including information about the WAN interfaces. I'm particularly interested in current up- and downrates as well as the ping timings:

I'm happy to scape and provide some more details in terms of the HTTP requests and endpoints.

[herriejr]

I've 'messed' a bit with this library to add the traffic management rules and got it working.
Before submitting a pull request, I still want to:

• write some tests
• create a nice way of checking that the v2 API is available or not; if the v2 API is not available we will not be exposing the traffic rules for control. I am thinking of checking if the URI is reachable for this check, but this can only be done after logging in.

I've also been working on updating the Unifi integration with Home Assistant; there is one thing I have not yet been able to figure out.
I can get all the way to getting a switch with the name of the traffic rule in the dashboard. When I click the switch to enable/disable the traffic rule, this works. But I cannot seem to get the switch to stay in the correct position.

[herriejr]

I looked at some of the HTTP traffic already that toggling this triggers. It appears it does a put request to a specific endpoint identifying the specific traffic rule and supplies all of the whole traffic rule data. The rule itself is identified by an opaque id. This seems very verbose, but may be required. I would give an PUT, POST and PATCH with partial data a try, too, in case the backend accepts that. In that case it wouldn't require pulling and resupplying the entire traffic rule config just to update the enabled field.

I have not yet tried the PATCH or POST method, only the PUT method for updating the "enabled" field (since I saw in the network traffic that the Unifi interface also used PUT). I first only submitted the new value of the "enabled" field but then got some errors about missing fields. Added those missing fields and then errors about other missing fields. So I just decided on sending the whole payload (with the changed "enabled" field). Then it worked ;-)

[jyavenard]

In case you haven't seen, the API is described in https://ubntwiki.com/products/software/unifi-controller/api

GET v2/api/site/{site}/trafficrules gives you the list of all the traffic rules and each their rule_id

{"_id":"63586097a5b3ff09d27963ca","action":"BLOCK","app_category_ids":[],"app_ids":[],"bandwidth_limit":{"download_limit_kbps":1024,"enabled":false,"upload_limit_kbps":1024},"description":"Hannah's WAN","domains":[],"enabled":true,"ip_addresses":[],"ip_ranges":[],"matching_target":"INTERNET","network_ids":[],"regions":[],"schedule":{"mode":"EVERY_DAY","repeat_on_days":[],"time_all_day":false,"time_range_end":"07:00","time_range_start":"18:00"},"target_devices":[{"client_mac":"2c:db:07:95:7f:d6","type":"CLIENT"},{"client_mac":"04:6c:59:33:bf:9e","type":"CLIENT"},{"client_mac":"92:be:20:0b:c4:1c","type":"CLIENT"},{"client_mac":"d0:81:7a:db:db:36","type":"CLIENT"},{"client_mac":"2c:db:07:d6:45:6b","type":"CLIENT"},{"client_mac":"04:6c:59:2d:99:20","type":"CLIENT"},{"client_mac":"de:22:49:8e:dd:1d","type":"CLIENT"}]}

[DanielBaulig]

Also note that the documentation says that you can put just the enabled field, at least for port forwarding rules:
https://ubntwiki.com/products/software/unifi-controller/api#update_of_port_forward_rules

The documentation doesn't make it clear if this is possible for other configurations, too. It would be good if this was consistent, but judging from your experiments it might not be.

[herriejr]

I have my code up at my repository. I still need to write the tests and make it more resilient. But I will go ahead and create a pull request, so I can discuss these tests and the resiliency with the author.

[herriejr]

I have also added modifications to the HA-Unifi integration to my repository.
Remaining problem is that the switch only represents the initial state of the traffic rule (when starting Home-Assistant). Clicking the switch does enable/disable the traffic rule, but the state of the switch does not represent the modified state.

[herriejr]

So the switch problem in Home Assistant is (temporarily) solved. Due to v2 of the (unifi-)API working differently (no events for trafficrules), the in-memory state of the trafficrules were not updated.
A quick fix was adding the update() method for the trafficrules to the control_fn in the HA-integration. I feel this may not be the correct place or solution (and that this could best be handled in the aiounifi library). That is something that has to be discussed with the maintainer (Kane610) of this library.

[Kane610]

So the switch problem in Home Assistant is (temporarily) solved. Due to v2 of the (unifi-)API working differently (no events for trafficrules), the in-memory state of the trafficrules were not updated.
A quick fix was adding the update() method for the trafficrules to the control_fn in the HA-integration. I feel this may not be the correct place or solution (and that this could best be handled in the aiounifi library). That is something that has to be discussed with the maintainer (Kane610) of this library.

Im in the middle of vacation, but has done some small work on the integration for the 2023.8 release as well. Lets see what we can figure out

[herriejr]

Im in the middle of vacation, but has done some small work on the integration for the 2023.8 release as well. Lets see what we can figure out

Enjoy your vacation; vacation is more important ;-)

[Kane610]

Also note that the documentation says that you can put just the enabled field, at least for port forwarding rules: https://ubntwiki.com/products/software/unifi-controller/api#update_of_port_forward_rules

The documentation doesn't make it clear if this is possible for other configurations, too. It would be good if this was consistent, but judging from your experiments it might not be.

PR up to support controlling port forwarding from the UniFi integration home-assistant/core#98309

[herriejr]

Hi, one of your changes (56d5672?diff=split#diff-80bb51a90ae4fd970332db562c84c618cfa5084abd22a64b764b0eb38853b566) in the api_handlers.py might break the integration for the traffic rules.

The response of the API is just a json-array that does not contain the 'data'-property.

This is how the api-response for the traffic rules begins:
[{"_id":"6452cd9b859d5b11aa002ea1","action":"BLOCK","app_category_ids":[],"app_ids":[],"bandwidth_limit":{ ...

So no meta or data-keys in this response.

I will try to merge all your changes into my project and will get back to you on that.

[Kane610]

Hi, one of your changes (56d5672?diff=split#diff-80bb51a90ae4fd970332db562c84c618cfa5084abd22a64b764b0eb38853b566) in the api_handlers.py might break the integration for the traffic rules.

The response of the API is just a json-array that does not contain the 'data'-property.

This is how the api-response for the traffic rules begins: [{"_id":"6452cd9b859d5b11aa002ea1","action":"BLOCK","app_category_ids":[],"app_ids":[],"bandwidth_limit":{ ...

So no meta or data-keys in this response.

I will try to merge all your changes into my project and will get back to you on that

Allright! How is your network app hosted? Are you running a dream machine?

[herriejr]

Unifi Dream Machine, currently running on Unifi OS 3.0.20

[Kane610]

I'm happy to scape and provide some more details in terms of the HTTP requests and endpoints.

Please do @DanielBaulig , it helps getting started. Preferably create new smaller issues with data related to a specific endpoint, for trackings sake you can of course link to this issue.

[Mrten]

I have a cloud gateway with UniFi OS 3.2.17 and UniFi Network Application 8.1.127, and am interested in switching firewall rules on and off, can help with testing.