gfwleak/tango-tsg-service-chaining-engine
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-22348 feature: adapt maat support UUID

Browse Source
This commit is contained in:
luwenpeng
2024-09-23 16:50:09 +08:00
parent 7ef8e44bca
commit 5799de5299
60 changed files with 2504 additions and 1043 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
platform/include/health_check.h
View File

@@ -13,11 +13,11 @@ void health_check_session_init(const char *profile, struct kafka *kfk);
// return 0 : success
// return -1 : key exist
// struct health_check *policy : need deep copy
uint64_t health_check_session_add(int profile_id, int vsys_id, const struct health_check *policy);
uint64_t health_check_session_add(uuid_t *sf_uuid, int vsys_id, const struct health_check *policy);
// return 0 : success
// return -1 : key not exist
int health_check_session_del(uint64_t session_id, int profile_id, int vsys_id);
int health_check_session_del(uint64_t session_id, uuid_t *sf_uuid, int vsys_id);
// return 1 : active
// return 0 : inactive

83
platform/include/packet_trace.h
View File

@@ -51,14 +51,17 @@ extern "C"
* bypass(invalid policy)
*/
static inline int rule_id_tostring(struct mutable_array *rule_ids, char *buffer, int size)
static inline int rule_id_tostring(struct uuid_array *array, char *buffer, int size)
{
char uuid_str[UUID_STRING_SIZE] = {0};
int used = 0;
int num = uuid_array_get_count(array);
used += snprintf(buffer + used, size - used, "[");
for (int i = 0; i < rule_ids->num; i++)
for (int i = 0; i < num; i++)
{
used += snprintf(buffer + used, size - used, "%lu", rule_ids->elems[i]);
if (i < rule_ids->num - 1)
uuid_unparse(*uuid_array_get_at(array, i), uuid_str);
used += snprintf(buffer + used, size - used, "%s", uuid_str);
if (i < num - 1)
{
used += snprintf(buffer + used, size - used, ", ");
}
@@ -69,11 +72,13 @@ static inline int rule_id_tostring(struct mutable_array *rule_ids, char *buffer,
static inline int sf_id_tostring(struct selected_chaining *chain, char *buffer, int size)
{
char uuid_str[UUID_STRING_SIZE] = {0};
int used = 0;
used += snprintf(buffer + used, size - used, "[");
for (int i = 0; i < chain->chaining_used; i++)
{
used += snprintf(buffer + used, size - used, "%d", chain->chaining[i].sf_profile_id);
uuid_unparse(chain->chaining[i].sf_uuid, uuid_str);
used += snprintf(buffer + used, size - used, "%s", uuid_str);
if (i < chain->chaining_used - 1)
{
used += snprintf(buffer + used, size - used, ", ");
@@ -111,52 +116,55 @@ static inline int sf_id_tostring(struct selected_chaining *chain, char *buffer,
} \
} while (0)
#define PACKET_TRACE_ON_POLICY(mr_ins, mr_buff, rule_ids, chain) \
#define PACKET_TRACE_ON_POLICY(mr_ins, mr_buff, rule_uuid_array, chain) \
do \
{ \
if (marsio_dp_trace_measurements_can_emit(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TRACE)) \
{ \
char rule_id_str[1024] = {0}; \
char sf_id_str[1024] = {0}; \
char rule_ids_str[1024] = {0}; \
char sf_ids_str[1024] = {0}; \
char buff[4096] = {0}; \
rule_id_tostring(rule_ids, rule_id_str, sizeof(rule_id_str)); \
sf_id_tostring(chain, sf_id_str, sizeof(sf_id_str)); \
snprintf(buff, sizeof(buff), "sc rule list=%s, SFP list=%s", rule_id_str, sf_id_str); \
rule_id_tostring(rule_uuid_array, rule_ids_str, sizeof(rule_ids_str)); \
sf_id_tostring(chain, sf_ids_str, sizeof(sf_ids_str)); \
snprintf(buff, sizeof(buff), "sc rule list=%s, SFP list=%s", rule_ids_str, sf_ids_str); \
marsio_dp_trace_measurement_emit_str(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TRACE, "Policy", buff); \
} \
} while (0)
#define PACKET_TELEMETRY_ON_POLICY(mr_ins, mr_buff, rule_ids, chain) \
#define PACKET_TELEMETRY_ON_POLICY(mr_ins, mr_buff, rule_uuid_array, chain) \
do \
{ \
if (marsio_dp_trace_measurements_can_emit(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TELEMETRY)) \
{ \
char rule_id_str[1024] = {0}; \
char sf_id_str[1024] = {0}; \
char rule_ids_str[1024] = {0}; \
char sf_ids_str[1024] = {0}; \
char buff[4096] = {0}; \
rule_id_tostring(rule_ids, rule_id_str, sizeof(rule_id_str)); \
sf_id_tostring(chain, sf_id_str, sizeof(sf_id_str)); \
snprintf(buff, sizeof(buff), "sc rule list=%s, SFP list=%s", rule_id_str, sf_id_str); \
rule_id_tostring(rule_uuid_array, rule_ids_str, sizeof(rule_ids_str)); \
sf_id_tostring(chain, sf_ids_str, sizeof(sf_ids_str)); \
snprintf(buff, sizeof(buff), "sc rule list=%s, SFP list=%s", rule_ids_str, sf_ids_str); \
marsio_dp_trace_measurement_emit_str(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TELEMETRY, "Policy", buff); \
} \
} while (0)
#define PACKET_TRACE_ON_CHAIN(mr_ins, mr_buff, sf, meta) \
do \
{ \
if (marsio_dp_trace_measurements_can_emit(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TRACE)) \
{ \
char buff[2048] = {0}; \
snprintf(buff, sizeof(buff), "sc rule id=%lu, sf id=%d, fwd type=%s, pkt dir=%s, pkt type=%s, state=%s %s", \
(sf)->rule_id, \
(sf)->sf_profile_id, \
forward_type_tostring((sf)->sff_forward_type), \
((meta)->direction ? "E2I" : "I2E"), \
((meta)->is_decrypted ? "decrypted" : "raw"), \
((sf)->sf_action == SESSION_ACTION_FORWARD ? "success" : "failure"), \
((sf)->sf_action == SESSION_ACTION_FORWARD ? "" : action_desc_tostring((sf)->sf_action_desc))); \
marsio_dp_trace_measurement_emit_str(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TRACE, "Forwarder", buff); \
} \
#define PACKET_TRACE_ON_CHAIN(mr_ins, mr_buff, sf, meta) \
do \
{ \
if (marsio_dp_trace_measurements_can_emit(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TRACE)) \
{ \
char buff[2048] = {0}; \
char rule_uuid_str[UUID_STRING_SIZE] = {0}; \
char sf_uuid_str[UUID_STRING_SIZE] = {0}; \
uuid_unparse((sf)->rule_uuid, rule_uuid_str); \
uuid_unparse((sf)->sf_uuid, sf_uuid_str); \
snprintf(buff, sizeof(buff), "sc rule id=%s, sf id=%s, fwd type=%s, pkt dir=%s, pkt type=%s, state=%s %s", \
rule_uuid_str, sf_uuid_str, \
forward_type_tostring((sf)->sff_forward_type), \
((meta)->direction ? "E2I" : "I2E"), \
((meta)->is_decrypted ? "decrypted" : "raw"), \
((sf)->sf_action == SESSION_ACTION_FORWARD ? "success" : "failure"), \
((sf)->sf_action == SESSION_ACTION_FORWARD ? "" : action_desc_tostring((sf)->sf_action_desc))); \
marsio_dp_trace_measurement_emit_str(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TRACE, "Forwarder", buff); \
} \
} while (0)
#define PACKET_TELEMETRY_ON_CHAIN(mr_ins, mr_buff, sf, meta) \
@@ -165,9 +173,12 @@ static inline int sf_id_tostring(struct selected_chaining *chain, char *buffer,
if (marsio_dp_trace_measurements_can_emit(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TELEMETRY)) \
{ \
char buff[2048] = {0}; \
snprintf(buff, sizeof(buff), "sc rule id=%lu, sf id=%d, type=%s, action=%s", \
(sf)->rule_id, \
(sf)->sf_profile_id, \
char rule_uuid_str[UUID_STRING_SIZE] = {0}; \
char sf_uuid_str[UUID_STRING_SIZE] = {0}; \
uuid_unparse((sf)->rule_uuid, rule_uuid_str); \
uuid_unparse((sf)->sf_uuid, sf_uuid_str); \
snprintf(buff, sizeof(buff), "sc rule id=%s, sf id=%s, type=%s, action=%s", \
rule_uuid_str, sf_uuid_str, \
forward_type_tostring((sf)->sff_forward_type), \
action_desc_tostring((sf)->sf_action_desc)); \
marsio_dp_trace_measurement_emit_str(mr_ins, mr_buff, DP_TRACE_MEASUREMENT_TYPE_TELEMETRY, "Forwarder", buff); \

8
platform/include/policy.h
View File

@@ -82,15 +82,15 @@ struct connectivity
struct selected_sf
{
uint64_t rule_id;
uuid_t rule_uuid;
int rule_vsys_id;
enum traffic_type traffic_type;
int sff_profile_id;
uuid_t sff_uuid;
enum forward_type sff_forward_type;
int sf_vsys_id;
int sf_profile_id;
uuid_t sf_uuid;
enum session_action sf_action;
enum action_desc sf_action_desc;
struct connectivity sf_connectivity;
@@ -135,7 +135,7 @@ int policy_enforcer_register(struct policy_enforcer *enforcer);
int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
// direction 1: E2I
// direction 0: I2E
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int direction);
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uuid_t *rule_uuid, int direction);
#ifdef __cplusplus
}

2
platform/include/sce.h
View File

@@ -59,7 +59,7 @@ struct session_ctx
uint16_t vxlan_src_port;
struct four_tuple inner_tuple4;
struct mutable_array rule_ids;
struct uuid_array rule_uuid_array;
// route ctx
struct route_ctx decrypted_e2i_route_ctx;

8
platform/include/sf_metrics.h
View File

@@ -6,14 +6,14 @@ extern "C"
{
#endif
#include <stdint.h>
#include "utils.h"
#include "kafka.h"
struct sf_metrics_key
{
uint64_t rule_id;
uint32_t sf_profile_id;
uint32_t sff_profile_id;
uuid_t rule_uuid;
uuid_t sf_uuid;
uuid_t sff_uuid;
uint32_t vsys_id;
};

4
platform/include/sf_status.h
View File

@@ -6,13 +6,13 @@ extern "C"
{
#endif
#include "utils.h"
#include "kafka.h"
#include <stdint.h>
struct sf_status_key
{
uint32_t vsys_id;
uint32_t sf_profile_id;
uuid_t sf_uuid;
};
struct sf_status *sf_status_create(const char *profile, struct kafka *kfk);

30
platform/src/health_check.cpp
View File

@@ -46,7 +46,7 @@ struct session_iterm
struct health_check policy; // value1: deep copy
int is_active; // value2
int profile_id; // value3
uuid_t sf_uuid; // value3
int vsys_id; // value4
UT_hash_handle hh1; /* handle for first hash table */
@@ -457,7 +457,7 @@ static uint64_t health_check_get_session_id()
// return >0 : session id
// return 0 : fail
// struct health_check *policy : need deep copy
uint64_t health_check_session_add(int profile_id, int vsys_id, const struct health_check *policy)
uint64_t health_check_session_add(uuid_t *sf_uuid, int vsys_id, const struct health_check *policy)
{
uint64_t session_id = 0;
uint8_t mac[ETH_ALEN] = {0};
@@ -481,7 +481,7 @@ uint64_t health_check_session_add(int profile_id, int vsys_id, const struct heal
tmp->vsys_id = vsys_id;
tmp->session_id = session_id;
tmp->profile_id = profile_id;
uuid_copy(tmp->sf_uuid, *sf_uuid);
memcpy(&tmp->policy, policy, sizeof(struct health_check));
HASH_ADD(hh1, g_handle.root_by_id, session_id, sizeof(tmp->session_id), tmp);
@@ -498,13 +498,15 @@ uint64_t health_check_session_add(int profile_id, int vsys_id, const struct heal
health_check_method_table_set_mac(&g_handle_none, tmp->policy.address, mac);
}
LOG_DEBUG("health check session table insert: profile id [%d] session id [%lu] address [%s] success", profile_id, session_id, policy->address);
char sf_uuid_str[UUID_STRING_SIZE] = {0};
uuid_unparse(*sf_uuid, sf_uuid_str);
LOG_DEBUG("health check session table insert: profile id [%s] session id [%lu] address [%s] success", sf_uuid_str, session_id, policy->address);
return session_id;
}
// return 0 : success
// return -1 : key not exist
int health_check_session_del(uint64_t session_id, int profile_id, int vsys_id)
int health_check_session_del(uint64_t session_id, uuid_t *sf_uuid, int vsys_id)
{
int ret = 0;
struct session_iterm *tmp = NULL;
@@ -536,13 +538,15 @@ end:
HASH_DELETE(hh1, g_handle.root_by_id, tmp);
struct sf_status_key key = {0};
key.vsys_id = vsys_id;
key.sf_profile_id = profile_id;
uuid_copy(key.sf_uuid, *sf_uuid);
sf_status_delete(g_sf_status, &key);
pthread_rwlock_unlock(&g_handle.rwlock);
free(tmp);
tmp = NULL;
LOG_DEBUG("health check session table delete: profile id [%d] session id [%lu] success", profile_id, session_id);
char sf_uuid_str[UUID_STRING_SIZE] = {0};
uuid_unparse(*sf_uuid, sf_uuid_str);
LOG_DEBUG("health check session table delete: profile id [%s] session id [%lu] success", sf_uuid_str, session_id);
return 0;
}
@@ -667,7 +671,7 @@ static void *_health_check_session_foreach(void *arg)
struct sf_status_key key = {0};
key.vsys_id = node->vsys_id;
key.sf_profile_id = node->profile_id;
uuid_copy(key.sf_uuid, node->sf_uuid);
sf_status_update(g_sf_status, &key, is_active, 0);
if (node->is_active != is_active) {
node->is_active = is_active;
@@ -743,6 +747,7 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[])
struct session_iterm *tmp = NULL;
uint8_t mac[ETH_ALEN] = {0};
uint8_t init_mac[ETH_ALEN] = {0};
char sf_uuid_str[UUID_STRING_SIZE] = {0};
if (enable == 0)
{
@@ -757,9 +762,10 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[])
return -1;
}
uuid_unparse(tmp->sf_uuid, sf_uuid_str);
str_method = health_check_method_str(tmp->policy.method);
if (tmp->policy.method == HEALTH_CHECK_METHOD_BFD && tmp->is_active == 0) {
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] active is down", session_id, tmp->profile_id, str_method);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] active is down", session_id, sf_uuid_str, str_method);
pthread_rwlock_unlock(&g_handle.rwlock);
return -1;
}
@@ -773,20 +779,20 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[])
if (memcmp(mac, init_mac, ETH_ALEN) == 0) {
if (strlen(gateway_address) == 0) {
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [null]", session_id, tmp->profile_id, str_method);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [null]", session_id, sf_uuid_str, str_method);
pthread_rwlock_unlock(&g_handle.rwlock);
return -1;
}
health_check_method_table_get_mac(&g_handle_none, gateway_address, mac);
if (memcmp(mac, init_mac, ETH_ALEN) == 0) {
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [null]", session_id, tmp->profile_id, str_method);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [null]", session_id, sf_uuid_str, str_method);
pthread_rwlock_unlock(&g_handle.rwlock);
return -1;
}
}
memcpy(mac_buff, mac, ETH_ALEN);
LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [%02x:%02x:%02x:%02x:%02x:%02x]", session_id, tmp->profile_id, str_method, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [%02x:%02x:%02x:%02x:%02x:%02x]", session_id, sf_uuid_str, str_method, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
pthread_rwlock_unlock(&g_handle.rwlock);
return 0;
}

72
platform/src/packet_io.cpp
View File

@@ -668,9 +668,9 @@ static inline void action_mirr_forward(struct session_ctx *session_ctx, marsio_b
THROUGHPUT_METRICS_INC(&(thread_metrics->mirr_tx), 1, meta->raw_len);
THROUGHPUT_METRICS_INC(&sf->tx, 1, nsend);
struct sf_metrics_key key = {0};
key.rule_id = sf->rule_id;
key.sff_profile_id = sf->sff_profile_id;
key.sf_profile_id = sf->sf_profile_id;
uuid_copy(key.rule_uuid, sf->rule_uuid);
uuid_copy(key.sff_uuid, sf->sff_uuid);
uuid_copy(key.sf_uuid, sf->sf_uuid);
key.vsys_id = sf->rule_vsys_id;
sf_metrics_input(sf_metrics, thread_index, &key, 0, 0, 1, nsend);
}
@@ -703,23 +703,30 @@ static inline void action_stee_forward(struct session_ctx *session_ctx, marsio_b
THROUGHPUT_METRICS_INC(&(thread_metrics->stee_tx), 1, meta->raw_len);
THROUGHPUT_METRICS_INC(&sf->tx, 1, nsend);
struct sf_metrics_key key = {0};
key.rule_id = sf->rule_id;
key.sff_profile_id = sf->sff_profile_id;
key.sf_profile_id = sf->sf_profile_id;
uuid_copy(key.rule_uuid, sf->rule_uuid);
uuid_copy(key.sff_uuid, sf->sff_uuid);
uuid_copy(key.sf_uuid, sf->sf_uuid);
key.vsys_id = sf->rule_vsys_id;
sf_metrics_input(sf_metrics, thread_index, &key, 0, 0, 1, nsend);
}
static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx *session_ctx, struct selected_chaining *chaining, marsio_buff_t *rx_buff, struct metadata *meta, int next_sf_index)
{
char rule_uuid_str[UUID_STRING_SIZE];
char sff_uuid_str[UUID_STRING_SIZE];
char sf_uuid_str[UUID_STRING_SIZE];
int sf_index;
for (sf_index = next_sf_index; sf_index < chaining->chaining_used; sf_index++)
{
struct selected_sf *sf = &(chaining->chaining[sf_index]);
LOG_DEBUG("%s: session: %lu %s execute chaining [%d/%d]: policy %lu->%d->%d, action %s->%s->%s->%s",
uuid_unparse(sf->rule_uuid, rule_uuid_str);
uuid_unparse(sf->sff_uuid, sff_uuid_str);
uuid_unparse(sf->sf_uuid, sf_uuid_str);
LOG_DEBUG("%s: session: %lu %s execute chaining [%d/%d]: policy %s->%s->%s, action %s->%s->%s->%s",
LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr,
sf_index, chaining->chaining_used,
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
rule_uuid_str, sff_uuid_str, sf_uuid_str,
(meta->is_decrypted ? "decrypted" : "raw"), (meta->direction ? "E2I" : "I2E"), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc));
PACKET_TRACE_ON_CHAIN(thread_ctx->ref_io->instance, rx_buff, sf, meta);
@@ -786,10 +793,11 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
{
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
struct packet_io *packet_io = thread_ctx->ref_io;
struct mutable_array *rule_ids = &session_ctx->rule_ids;
struct uuid_array *rule_uuid_array = &session_ctx->rule_uuid_array;
struct selected_chaining *chaining_raw = session_ctx->chaining_raw;
struct selected_chaining *chaining_decrypted = session_ctx->chaining_decrypted;
int thread_index = thread_ctx->thread_index;
int num = uuid_array_get_count(rule_uuid_array);
char *data;
size_t size;
@@ -828,9 +836,9 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
{
mpack_write_cstr(&writer, "sc_rule_list");
mpack_build_array(&writer); // sc_rule_list begin
for (int i = 0; i < rule_ids->num; i++)
for (int i = 0; i < num; i++)
{
mpack_write_u64(&writer, mutable_array_index_elem(rule_ids, i));
mpack_write_bin(&writer, (const char *)uuid_array_get_at(rule_uuid_array, i), sizeof(uuid_t));
}
mpack_complete_array(&writer); // sc_rule_list end
}
@@ -843,7 +851,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
struct selected_sf *sf = &(chaining_raw->chaining[i]);
if (sf->sf_action == SESSION_ACTION_FORWARD)
{
mpack_write_u64(&writer, sf->sf_profile_id);
mpack_write_bin(&writer, (const char *)&sf->sf_uuid, sizeof(uuid_t));
}
if (sf->sf_action == SESSION_ACTION_BLOCK && sf->sff_forward_type == FORWARD_TYPE_STEERING)
{
@@ -861,7 +869,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *
struct selected_sf *sf = &(chaining_decrypted->chaining[i]);
if (sf->sf_action == SESSION_ACTION_FORWARD)
{
mpack_write_u64(&writer, sf->sf_profile_id);
mpack_write_bin(&writer, (const char *)&sf->sf_uuid, sizeof(uuid_t));
}
if (sf->sf_action == SESSION_ACTION_BLOCK && sf->sff_forward_type == FORWARD_TYPE_STEERING)
{
@@ -942,12 +950,19 @@ static void dump_sf_metrics(struct session_ctx *session_ctx, struct selected_cha
return;
}
char rule_uuid_str[UUID_STRING_SIZE];
char sff_uuid_str[UUID_STRING_SIZE];
char sf_uuid_str[UUID_STRING_SIZE];
for (int i = 0; i < chaining->chaining_used; i++)
{
struct selected_sf *sf = &(chaining->chaining[i]);
LOG_INFO("%s: session %lu %s metrics: policy %lu->%d->%d action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
uuid_unparse(sf->rule_uuid, rule_uuid_str);
uuid_unparse(sf->sff_uuid, sff_uuid_str);
uuid_unparse(sf->sf_uuid, sf_uuid_str);
LOG_INFO("%s: session %lu %s metrics: policy %s->%s->%s action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr,
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
rule_uuid_str, sff_uuid_str, sf_uuid_str,
traffic_type_tostring(sf->traffic_type), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc),
sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
}
@@ -964,24 +979,23 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
for (int i = 0; i < ctrl_pkt->rule_id_num; i++)
int num = uuid_array_get_count(&ctrl_pkt->rule_uuid_array);
for (int i = 0; i < num; i++)
{
uint64_t rule_id = ctrl_pkt->rule_ids[i];
if (mutable_array_exist_elem(&session_ctx->rule_ids, rule_id))
uuid_t *rule_uuid_ptr = uuid_array_get_at(&ctrl_pkt->rule_uuid_array, i);
if (uuid_array_contains(&session_ctx->rule_uuid_array, *rule_uuid_ptr))
{
continue;
}
else
{
policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_id, direction);
policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_uuid_ptr, direction);
if (sce_ctx->enable_debug)
{
selected_chaining_bref(session_ctx->chaining_raw);
selected_chaining_bref(session_ctx->chaining_decrypted);
}
mutable_array_add_elem(&session_ctx->rule_ids, rule_id);
}
}
}
@@ -1213,8 +1227,8 @@ static void handle_data_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread
{
THROUGHPUT_METRICS_INC(&(thread_metrics->raw_rx), 1, meta.raw_len);
}
PACKET_TRACE_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_ids, chaining);
PACKET_TELEMETRY_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_ids, chaining);
PACKET_TRACE_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_uuid_array, chaining);
PACKET_TELEMETRY_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_uuid_array, chaining);
action_sf_chaining(thread_ctx, session_ctx, chaining, rx_buff, &meta, 0);
return;
@@ -1243,6 +1257,7 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
struct vxlan_hdr *vxlan_hdr = NULL;
struct session_ctx *session_ctx = NULL;
struct selected_chaining *chaining = NULL;
char sf_uuid_str[UUID_STRING_SIZE];
memset(&meta, 0, sizeof(struct metadata));
int sf_index = 0;
@@ -1300,8 +1315,9 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
if (chaining->chaining[sf_index].sff_forward_type == FORWARD_TYPE_MIRRORING)
{
LOG_DEBUG("%s: unexpected inject packet, session %lu %s with sf_profile_id %d executes mirror and does not require reflow, drop !!!",
LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr, chaining->chaining[sf_index].sf_profile_id);
uuid_unparse(chaining->chaining[sf_index].sf_uuid, sf_uuid_str);
LOG_DEBUG("%s: unexpected inject packet, session %lu %s with sf_uuid %s executes mirror and does not require reflow, drop !!!",
LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr, sf_uuid_str);
THROUGHPUT_METRICS_INC(&(thread_metrics->mirr_rx_drop), 1, meta.raw_len);
goto error_block;
}
@@ -1311,9 +1327,9 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
THROUGHPUT_METRICS_INC(&sf->rx, 1, raw_len);
THROUGHPUT_METRICS_INC(&(thread_metrics->stee_rx), 1, meta.raw_len);
struct sf_metrics_key key = {0};
key.rule_id = sf->rule_id;
key.sff_profile_id = sf->sff_profile_id;
key.sf_profile_id = sf->sf_profile_id;
uuid_copy(key.rule_uuid, sf->rule_uuid);
uuid_copy(key.sff_uuid, sf->sff_uuid);
uuid_copy(key.sf_uuid, sf->sf_uuid);
key.vsys_id = sf->rule_vsys_id;
sf_metrics_input(sf_metrics, thread_index, &key, 1, raw_len, 0, 0);
}

587
platform/src/policy.cpp
View File

File diff suppressed because it is too large Load Diff

2
platform/src/sce.cpp
View File

@@ -26,7 +26,7 @@ struct session_ctx *session_ctx_new()
struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
assert(session_ctx != NULL);
mutable_array_init(&session_ctx->rule_ids);
uuid_array_init(&session_ctx->rule_uuid_array);
return session_ctx;
}

18
platform/src/sf_metrics.cpp
View File

@@ -226,9 +226,9 @@ void sf_metrics_input(struct sf_metrics *handle, uint16_t thr_idx, struct sf_met
{
node = (struct metric *)calloc(1, sizeof(struct metric));
node->key.vsys_id = key->vsys_id;
node->key.rule_id = key->rule_id;
node->key.sff_profile_id = key->sff_profile_id;
node->key.sf_profile_id = key->sf_profile_id;
uuid_copy(node->key.rule_uuid, key->rule_uuid);
uuid_copy(node->key.sff_uuid, key->sff_uuid);
uuid_copy(node->key.sf_uuid, key->sf_uuid);
node->recv_pkts = rx_pkts;
node->recv_bytes = rx_bytes;
@@ -254,6 +254,9 @@ void sf_metrics_output(struct sf_metrics *handle, uint16_t thr_idx)
struct metric *temp = NULL;
struct metric *node = NULL;
char rule_uuid_str[UUID_STRING_SIZE] = {0};
char sff_uuid_str[UUID_STRING_SIZE] = {0};
char sf_uuid_str[UUID_STRING_SIZE] = {0};
HASH_ITER(hh, handle->root[thr_idx], node, temp)
{
if (node->sent_pkts == 0 && node->recv_pkts == 0 &&
@@ -262,11 +265,14 @@ void sf_metrics_output(struct sf_metrics *handle, uint16_t thr_idx)
continue;
}
uuid_unparse(node->key.rule_uuid, rule_uuid_str);
uuid_unparse(node->key.sff_uuid, sff_uuid_str);
uuid_unparse(node->key.sf_uuid, sf_uuid_str);
const struct field tags[] = {
{"vsys_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.vsys_id}},
{"rule_id", FIELD_VALUE_INTEGER, {.value_longlong = (long long)node->key.rule_id}},
{"sff_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sff_profile_id}},
{"sf_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sf_profile_id}},
{"rule_uuid", FIELD_VALUE_CSTRING, {.value_str = rule_uuid_str}},
{"sff_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sff_uuid_str}},
{"sf_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sf_uuid_str}},
};
fieldstat_easy_counter_incrby(handle->fs, thr_idx, handle->sent_pkts_idx, tags, sizeof(tags) / sizeof(tags[0]), node->sent_pkts);

6
platform/src/sf_status.cpp
View File

@@ -140,7 +140,7 @@ void sf_status_update(struct sf_status *handle, const struct sf_status_key *key,
{
temp = (struct metric *)calloc(1, sizeof(struct metric));
temp->key.vsys_id = key->vsys_id;
temp->key.sf_profile_id = key->sf_profile_id;
uuid_copy(temp->key.sf_uuid, key->sf_uuid);
temp->sf_status = sf_status;
temp->sf_latency = sf_latency;
HASH_ADD(hh, handle->htable, key, sizeof(struct sf_status_key), temp);
@@ -154,13 +154,15 @@ void sf_status_output(struct sf_status *handle)
return;
}
char sf_uuid_str[UUID_STRING_SIZE] = {0};
struct metric *temp = NULL;
struct metric *node = NULL;
HASH_ITER(hh, handle->htable, node, temp)
{
uuid_unparse(node->key.sf_uuid, sf_uuid_str);
const struct field tags[] = {
{"vsys_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.vsys_id}},
{"sf_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sf_profile_id}},
{"sf_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sf_uuid_str}},
};
fieldstat_easy_counter_set(handle->fs, 0, handle->sf_status_idx, tags, sizeof(tags) / sizeof(tags[0]), node->sf_status);

726
platform/test/gtest_policy.cpp
View File

File diff suppressed because it is too large Load Diff

46
platform/test/gtest_sf_metrics.cpp
View File

@@ -3,6 +3,15 @@
#include "kafka.h"
#include "sf_metrics.h"
uuid_t rule_uuid1;
uuid_t rule_uuid2;
uuid_t sff_uuid1;
uuid_t sff_uuid2;
uuid_t sf_uuid1;
uuid_t sf_uuid2;
#if 1
TEST(SF_METRICS, TEST1)
{
@@ -16,17 +25,17 @@ TEST(SF_METRICS, TEST1)
struct sf_metrics_key key1 = {0};
key1.vsys_id = 1;
key1.rule_id = 2;
key1.sff_profile_id = 3;
key1.sf_profile_id = 4;
uuid_copy(key1.rule_uuid, rule_uuid1);
uuid_copy(key1.sff_uuid, sff_uuid1);
uuid_copy(key1.sf_uuid, sf_uuid1);
struct sf_metrics_key key2 = {0};
key2.vsys_id = 4;
key2.rule_id = 3;
key2.sff_profile_id = 2;
key2.sf_profile_id = 1;
uuid_copy(key2.rule_uuid, rule_uuid2);
uuid_copy(key2.sff_uuid, sff_uuid2);
uuid_copy(key2.sf_uuid, sf_uuid2);
// thread 0
// uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes);
// rx_pkts, rx_bytes, tx_pkts, tx_bytes);
sf_metrics_input(metrics, thr_idx0, &key1, 1, 2, 2, 4);
sf_metrics_input(metrics, thr_idx0, &key2, 2, 4, 1, 2);
sf_metrics_output(metrics, thr_idx0);
@@ -62,17 +71,17 @@ TEST(SF_METRICS, TEST2)
struct sf_metrics_key key1 = {0};
key1.vsys_id = 1;
key1.rule_id = 2;
key1.sff_profile_id = 3;
key1.sf_profile_id = 4;
uuid_copy(key1.rule_uuid, rule_uuid1);
uuid_copy(key1.sff_uuid, sff_uuid1);
uuid_copy(key1.sf_uuid, sf_uuid1);
struct sf_metrics_key key2 = {0};
key2.vsys_id = 4;
key2.rule_id = 3;
key2.sff_profile_id = 2;
key2.sf_profile_id = 1;
uuid_copy(key2.rule_uuid, rule_uuid2);
uuid_copy(key2.sff_uuid, sff_uuid2);
uuid_copy(key2.sf_uuid, sf_uuid2);
// thread 0
// uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes);
// rx_pkts, rx_bytes, tx_pkts, tx_bytes);
sf_metrics_input(metrics, thr_idx0, &key1, 1, 2, 2, 4);
sf_metrics_input(metrics, thr_idx0, &key2, 2, 4, 1, 2);
sf_metrics_output(metrics, thr_idx0);
@@ -96,6 +105,15 @@ TEST(SF_METRICS, TEST2)
int main(int argc, char **argv)
{
uuid_parse("00000000-0000-0000-0000-000000000001", rule_uuid1);
uuid_parse("00000000-0000-0000-0000-000000000002", rule_uuid2);
uuid_parse("00000000-0000-0000-0000-000000000003", sff_uuid1);
uuid_parse("00000000-0000-0000-0000-000000000004", sff_uuid2);
uuid_parse("00000000-0000-0000-0000-000000000005", sf_uuid1);
uuid_parse("00000000-0000-0000-0000-000000000006", sf_uuid2);
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

17
platform/test/gtest_sf_status.cpp
View File

@@ -4,6 +4,10 @@
TEST(SF_STATUS, TEST)
{
uuid_t sf_uuid1;
uuid_t sf_uuid2;
uuid_generate(sf_uuid1);
uuid_generate(sf_uuid2);
struct kafka *kfk = kafka_create("./test_resource/sce.conf");
EXPECT_TRUE(kfk != NULL);
struct sf_status *status = sf_status_create("./test_resource/sce.conf", kfk);
@@ -13,14 +17,15 @@ TEST(SF_STATUS, TEST)
struct sf_status_key key1 = {0};
key1.vsys_id = 11;
key1.sf_profile_id = 12;
uuid_copy(key1.sf_uuid, sf_uuid1);
struct sf_status_key key2 = {0};
key2.vsys_id = 21;
key2.sf_profile_id = 22;
key2.vsys_id = 22;
uuid_copy(key2.sf_uuid, sf_uuid2);
sf_status_update(status, &key1, 0, 1);
sf_status_update(status, &key2, 1, 2);
sf_status_update(status, &key1, 1, 2);
sf_status_update(status, &key2, 2, 1);
printf("\n========================================\n expect key1 + key2 \n========================================\n");
sf_status_output(status);
@@ -32,6 +37,8 @@ TEST(SF_STATUS, TEST)
printf("\n========================================\n expect no output \n========================================\n");
sf_status_output(status);
sleep(2);
sf_status_destory(status);
kafka_destroy(kfk);
}

5
platform/test/test_resource/sce.conf
View File

@@ -2,7 +2,7 @@
nr_worker_threads=8
[maat]
# 0:json 1:redis 2:iris
# 0:json 1:redis
input_mode=0
# LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO = 2;
# LOG_LEVEL_WARN = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
@@ -14,8 +14,6 @@ deferred_load=0
stat_file=./maat.fs2
table_info=test_resource/table_info.conf
accept_path=/opt/tsg/etc/tsg_device_tag.json
inc_cfg_dir=test_resource/inc/
ful_cfg_dir=test_resource/ful/
json_cfg_file=test_resource/sce.json
foreign_cont_dir=test_resource/foreign_files
redis_db_idx=0
@@ -36,6 +34,7 @@ local_address=127.0.0.1
gateway=127.0.0.1
[kafka]
enable_debug=0
brokerlist=192.168.40.224:9092
sasl_username=admin
sasl_passwd=galaxy2019

373
platform/test/test_resource/sce.json
View File

@@ -3,38 +3,365 @@
{
"table_name": "SERVICE_FUNCTION_PROFILE",
"table_content": [
"1\t{\"tag\":\"data_center\",\"value\":\"data_center_a\"}\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"none\"}\t1\t1",
"2\t{\"tag\":\"data_center\",\"value\":\"data_center_a\"}\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1\t1",
"3\t{\"tag\":\"data_center\",\"value\":\"data_center_a\"}\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"in_band_bfd\",\"address\":\"1.2.3.4\",\"port\":\"10000\",\"interval_ms\":100,\"retires\":5}\t1\t1",
"4\t{\"tag\":\"data_center\",\"value\":\"data_center_a\"}\t1\t{\"method\":\"vxlan_g\",\"dest_ip\":\"1.1.1.1\"}\t{\"method\":\"http\",\"url\":\"http://192.168.100.1:8080/health_check.index\",\"interval_ms\":100,\"retires\":5}\t1\t1",
"5\t{\"tag\":\"data_center\",\"value\":\"data_center_a\"}\t1\t{\"method\":\"layer2_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1\t1",
"6\t{\"tag\":\"data_center\",\"value\":\"data_center_a\"}\t1\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1\t1",
"7\t{\"tag\":\"data_center\",\"value\":\"data_center_a\"}\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1\t1",
"8\t{\"tag\":\"data_center\",\"value\":\"data_center_b\"}\t0\t{\"method\":\"layer3_switch\",\"int_vlan_tag\":10,\"ext_vlan_tag\":5}\t{\"method\":\"none\"}\t1\t1"
{
"uuid": "00000000-0000-0000-3333-000000000001",
"device_group": {
"tag": "data_center",
"value": "data_center_a"
},
"admin_status": 1,
"connectivity": {
"method": "vxlan_g",
"dest_ip": "1.1.1.1"
},
"health_check": {
"method": "none"
},
"vsys_id": 1,
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-3333-000000000002",
"device_group": {
"tag": "data_center",
"value": "data_center_a"
},
"admin_status": 1,
"connectivity": {
"method": "vxlan_g",
"dest_ip": "1.1.1.1"
},
"health_check": {
"method": "bfd",
"address": "1.2.3.4",
"port": "10000",
"interval_ms": 100,
"retires": 5
},
"vsys_id": 1,
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-3333-000000000003",
"device_group": {
"tag": "data_center",
"value": "data_center_a"
},
"admin_status": 1,
"connectivity": {
"method": "vxlan_g",
"dest_ip": "1.1.1.1"
},
"health_check": {
"method": "in_band_bfd",
"address": "1.2.3.4",
"port": "10000",
"interval_ms": 100,
"retires": 5
},
"vsys_id": 1,
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-3333-000000000004",
"device_group": {
"tag": "data_center",
"value": "data_center_a"
},
"admin_status": 1,
"connectivity": {
"method": "vxlan_g",
"dest_ip": "1.1.1.1"
},
"health_check": {
"method": "http",
"url": "http://192.168.100.1:8080/health_check.index",
"interval_ms": 100,
"retires": 5
},
"vsys_id": 1,
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-3333-000000000005",
"device_group": {
"tag": "data_center",
"value": "data_center_a"
},
"admin_status": 1,
"connectivity": {
"method": "layer2_switch",
"int_vlan_tag": 10,
"ext_vlan_tag": 5
},
"health_check": {
"method": "none"
},
"vsys_id": 1,
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-3333-000000000006",
"device_group": {
"tag": "data_center",
"value": "data_center_a"
},
"admin_status": 1,
"connectivity": {
"method": "layer3_switch",
"int_vlan_tag": 10,
"ext_vlan_tag": 5
},
"health_check": {
"method": "none"
},
"vsys_id": 1,
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-3333-000000000007",
"device_group": {
"tag": "data_center",
"value": "data_center_a"
},
"admin_status": 0,
"connectivity": {
"method": "layer3_switch",
"int_vlan_tag": 10,
"ext_vlan_tag": 5
},
"health_check": {
"method": "none"
},
"vsys_id": 1,
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-3333-000000000008",
"device_group": {
"tag": "data_center",
"value": "data_center_b"
},
"admin_status": 0,
"connectivity": {
"method": "layer3_switch",
"int_vlan_tag": 10,
"ext_vlan_tag": 5
},
"health_check": {
"method": "none"
},
"vsys_id": 1,
"is_valid": 1
}
]
},
{
"table_name": "SERVICE_FUNCTION_FORWARDER_PROFILE",
"table_content": [
"1\t1\thash-int-ip\tnearby\tbypass\tnull\t[1]\t1",
"2\t1\thash-int-ip\tnearby\tbypass\tnull\t[1,2,3,4,5,6,7,8]\t1",
"3\t1\thash-int-ip\tnearby\tblock\tnull\t[1]\t1",
"4\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"bypass\",\"health_service_func_lt\":2}\t[1,2,3]\t1",
"5\t1\thash-int-ip\tnearby\tre-dispatch\t{\"action\":\"block\"}\t[1,2,3]\t1",
"6\t1\thash-int-ip\tglobal\tblock\tnull\t[1]\t1",
"7\t1\thash-ext-ip\tglobal\tblock\tnull\t[1]\t1",
"8\t1\thash-int-ip-and-ext-ip\tglobal\tblock\tnull\t[1]\t1",
"9\t1\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1",
"10\t2\thash-innermost-int-ip\tglobal\tblock\tnull\t[1]\t1"
{
"uuid": "00000000-0000-0000-2222-000000000001",
"type": 1,
"load_balance_method": "hash-int-ip",
"load_balance_localization": "nearby",
"failure_action": "bypass",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000002",
"type": 1,
"load_balance_method": "hash-int-ip",
"load_balance_localization": "nearby",
"failure_action": "bypass",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001",
"00000000-0000-0000-3333-000000000002",
"00000000-0000-0000-3333-000000000003",
"00000000-0000-0000-3333-000000000004",
"00000000-0000-0000-3333-000000000005",
"00000000-0000-0000-3333-000000000006",
"00000000-0000-0000-3333-000000000007",
"00000000-0000-0000-3333-000000000008"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000003",
"type": 1,
"load_balance_method": "hash-int-ip",
"load_balance_localization": "nearby",
"failure_action": "block",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000004",
"type": 1,
"load_balance_method": "hash-int-ip",
"load_balance_localization": "nearby",
"failure_action": "re-dispatch",
"unavailability_action": {
"action": "bypass",
"health_service_func_lt": 2
},
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001",
"00000000-0000-0000-3333-000000000002",
"00000000-0000-0000-3333-000000000003"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000005",
"type": 1,
"load_balance_method": "hash-int-ip",
"load_balance_localization": "nearby",
"failure_action": "re-dispatch",
"unavailability_action": {
"action": "block"
},
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001",
"00000000-0000-0000-3333-000000000002",
"00000000-0000-0000-3333-000000000003"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000006",
"type": 1,
"load_balance_method": "hash-int-ip",
"load_balance_localization": "global",
"failure_action": "block",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000007",
"type": 1,
"load_balance_method": "hash-ext-ip",
"load_balance_localization": "global",
"failure_action": "block",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000008",
"type": 1,
"load_balance_method": "hash-int-ip-and-ext-ip",
"load_balance_localization": "global",
"failure_action": "block",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000009",
"type": 1,
"load_balance_method": "hash-innermost-int-ip",
"load_balance_localization": "global",
"failure_action": "block",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001"
],
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-2222-000000000010",
"type": 2,
"load_balance_method": "hash-innermost-int-ip",
"load_balance_localization": "global",
"failure_action": "block",
"service_func_profiles": [
"00000000-0000-0000-3333-000000000001"
],
"is_valid": 1
}
]
},
{
"table_name": "SERVICE_CHAINING_COMPILE",
"table_name": "SERVICE_CHAINING_RULE",
"table_content": [
"1\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"targeted_traffic\":\"raw\",\"sff_profiles\":[1]}\t0\t1",
"2\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"targeted_traffic\":\"raw\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t0\t1",
"11\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1]}\t0\t1",
"12\t0\t2\t1\t1\t{}\t{\"vsys_id\":1,\"targeted_traffic\":\"decrypted\",\"sff_profiles\":[1,2,3,4,5,6,7,8,9,10]}\t0\t1"
{
"uuid": "00000000-0000-0000-1111-000000000001",
"log_option": "all",
"effective_range": {},
"action_parameter": {
"vsys_id": 1,
"targeted_traffic": "raw",
"sff_profiles": [
"00000000-0000-0000-2222-000000000001"
]
},
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-1111-000000000002",
"log_option": "all",
"effective_range": {},
"action_parameter": {
"vsys_id": 1,
"targeted_traffic": "raw",
"sff_profiles": [
"00000000-0000-0000-2222-000000000001",
"00000000-0000-0000-2222-000000000002",
"00000000-0000-0000-2222-000000000003",
"00000000-0000-0000-2222-000000000004",
"00000000-0000-0000-2222-000000000005",
"00000000-0000-0000-2222-000000000006",
"00000000-0000-0000-2222-000000000007",
"00000000-0000-0000-2222-000000000008",
"00000000-0000-0000-2222-000000000009",
"00000000-0000-0000-2222-000000000010"
]
},
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-1111-000000000011",
"log_option": "all",
"effective_range": {},
"action_parameter": {
"vsys_id": 1,
"targeted_traffic": "decrypted",
"sff_profiles": [
"00000000-0000-0000-2222-000000000001"
]
},
"is_valid": 1
},
{
"uuid": "00000000-0000-0000-1111-000000000012",
"log_option": "all",
"effective_range": {},
"action_parameter": {
"vsys_id": 1,
"targeted_traffic": "decrypted",
"sff_profiles": [
"00000000-0000-0000-2222-000000000001",
"00000000-0000-0000-2222-000000000002",
"00000000-0000-0000-2222-000000000003",
"00000000-0000-0000-2222-000000000004",
"00000000-0000-0000-2222-000000000005",
"00000000-0000-0000-2222-000000000006",
"00000000-0000-0000-2222-000000000007",
"00000000-0000-0000-2222-000000000008",
"00000000-0000-0000-2222-000000000009",
"00000000-0000-0000-2222-000000000010"
]
},
"is_valid": 1
}
]
}
]