TSG-14568 tsg-service-chaining-engine支持MAAT4

ci/travis.sh

@@ -35,12 +35,10 @@ env | sort
 # Install dependency from YUM
 yum install -y libasan
 yum install -y mrzcpd
-yum install -y libmaatframe-devel
+yum install -y libmaat4-devel
 yum install -y libMESA_handle_logger-devel
 yum install -y libMESA_prof_load-devel
 yum install -y libMESA_field_stat2-devel
-yum install -y librulescan-devel
-yum install -y sapp-devel # Maat_rule require MESA/stream.h
 yum install -y numactl-libs # required by mrzcpd
 yum install -y libibverbs # required by mrzcpd
 yum install -y libbreakpad_mini-devel

common/include/ctrl_packet.h

@@ -22,8 +22,8 @@ struct ctrl_pkt_parser
     uint64_t session_id;
     enum session_state state;
     char method[32];
-    int policy_ids[32];
+    uint64_t rule_ids[32];
-    int policy_id_num;
+    int rule_id_num;
 };
 
 const char *session_state_to_string(enum session_state state);

common/include/utils.h

@@ -31,26 +31,29 @@ extern "C"
  * fixed_num_array
  ******************************************************************************/
 
+#include <stdint.h>
+
 struct fixed_num_array
 {
-    int elems[128];
+    uint64_t elems[128];
     int num;
     int size;
 };
 
 void fixed_num_array_init(struct fixed_num_array *array);
-void fixed_num_array_add_elem(struct fixed_num_array *array, int elem);
+void fixed_num_array_add_elem(struct fixed_num_array *array, uint64_t elem);
-void fixed_num_array_del_elem(struct fixed_num_array *array, int elem);
+void fixed_num_array_del_elem(struct fixed_num_array *array, uint64_t elem);
 int fixed_num_array_is_full(struct fixed_num_array *array);
 int fixed_num_array_count_elem(struct fixed_num_array *array);
-int fixed_num_array_exist_elem(struct fixed_num_array *array, int elem);
+int fixed_num_array_exist_elem(struct fixed_num_array *array, uint64_t elem);
 int fixed_num_array_index_elem(struct fixed_num_array *array, int index);
 
 /******************************************************************************
  * sids
  ******************************************************************************/
 
-#include <marsio.h>
+typedef uint16_t sid_t;
+#define MR_SID_LIST_MAXLEN 8
 
 struct sids
 {

common/src/ctrl_packet.cpp

@@ -126,7 +126,7 @@ int ctrl_packet_parser_parse(struct ctrl_pkt_parser *handler, const char *data,
         goto error_out;
     }
 
-    handler->policy_id_num = MIN(cJSON_GetArraySize(item), (int)(sizeof(handler->policy_ids) / sizeof(handler->policy_ids[0])));
+    handler->rule_id_num = MIN(cJSON_GetArraySize(item), (int)(sizeof(handler->rule_ids) / sizeof(handler->rule_ids[0])));
     cJSON_ArrayForEach(elem, item)
     {
         if (!cJSON_IsNumber(elem))
@@ -134,10 +134,10 @@ int ctrl_packet_parser_parse(struct ctrl_pkt_parser *handler, const char *data,
             LOG_ERROR("%s: unexpected control packet: (invalid service_chaining value) %s", LOG_TAG_POLICY, data);
             continue;
         }
-        handler->policy_ids[iter] = elem->valueint;
+        handler->rule_ids[iter] = elem->valueint;
         iter++;
 
-        if (iter == handler->policy_id_num)
+        if (iter == handler->rule_id_num)
         {
             break;
         }
@@ -160,11 +160,11 @@ void ctrl_packet_parser_dump(struct ctrl_pkt_parser *handler)
         LOG_INFO("%s: session_id      : %lu", LOG_TAG_POLICY, handler->session_id);
         LOG_INFO("%s: state           : %s", LOG_TAG_POLICY, session_state_to_string(handler->state));
         LOG_INFO("%s: method          : %s", LOG_TAG_POLICY, handler->method);
-        LOG_INFO("%s: policy_id_num   : %d", LOG_TAG_POLICY, handler->policy_id_num);
+        LOG_INFO("%s: rule_id_num     : %d", LOG_TAG_POLICY, handler->rule_id_num);
 
-        for (int i = 0; i < handler->policy_id_num; i++)
+        for (int i = 0; i < handler->rule_id_num; i++)
         {
-            LOG_INFO("%s: policy_ids[%03d] : %i", LOG_TAG_POLICY, i, handler->policy_ids[i]);
+            LOG_INFO("%s: rule_ids[%03d] : %lu", LOG_TAG_POLICY, i, handler->rule_ids[i]);
         }
     }
 }

common/src/utils.cpp

@@ -22,7 +22,7 @@ void fixed_num_array_init(struct fixed_num_array *array)
     array->size = sizeof(array->elems) / sizeof(array->elems[0]);
 }
 
-void fixed_num_array_add_elem(struct fixed_num_array *array, int elem)
+void fixed_num_array_add_elem(struct fixed_num_array *array, uint64_t elem)
 {
     if (array->num < array->size)
     {
@@ -35,7 +35,7 @@ void fixed_num_array_add_elem(struct fixed_num_array *array, int elem)
     }
 }
 
-void fixed_num_array_del_elem(struct fixed_num_array *array, int elem)
+void fixed_num_array_del_elem(struct fixed_num_array *array, uint64_t elem)
 {
     for (int i = 0; i < array->num; i++)
     {
@@ -75,7 +75,7 @@ int fixed_num_array_count_elem(struct fixed_num_array *array)
     }
 }
 
-int fixed_num_array_exist_elem(struct fixed_num_array *array, int elem)
+int fixed_num_array_exist_elem(struct fixed_num_array *array, uint64_t elem)
 {
     for (int i = 0; i < array->num; i++)
     {

common/test/gtest_ctrl_packet.cpp

@@ -16,10 +16,10 @@ TEST(CTRL_PACKET, PARSE)
 	EXPECT_TRUE(parser.session_id == 123456789);
 	EXPECT_TRUE(parser.state == SESSION_STATE_ACTIVE);
 	EXPECT_STREQ(parser.method, "policy_update");
-	EXPECT_TRUE(parser.policy_id_num == 3);
+	EXPECT_TRUE(parser.rule_id_num == 3);
-	EXPECT_TRUE(parser.policy_ids[0] == 1);
+	EXPECT_TRUE(parser.rule_ids[0] == 1);
-	EXPECT_TRUE(parser.policy_ids[1] == 2);
+	EXPECT_TRUE(parser.rule_ids[1] == 2);
-	EXPECT_TRUE(parser.policy_ids[2] == 3);
+	EXPECT_TRUE(parser.rule_ids[2] == 3);
 }
 
 int main(int argc, char **argv)

conf/sce.conf

@@ -18,6 +18,9 @@ breakpad_upload_tools=/opt/tsg/framework/bin/minidump_upload
 [maat]
 # 0:json 1:redis 2:iris
 input_mode=1
+# LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO  = 2;
+# LOG_LEVEL_WARN  = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
+log_level=5
 stat_switch=1
 perf_switch=1
 scan_detail=0

platform/include/packet_io.h

@@ -6,6 +6,8 @@ extern "C"
 {
 #endif
 
+#include <marsio.h>
+
 // only for gtest
 int mbuff_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta);
 int mbuff_set_metadata(marsio_buff_t *tx_buff, struct metadata *meta);

platform/include/policy.h

@@ -80,7 +80,7 @@ struct connectivity
 
 struct selected_sf
 {
-	int policy_id;
+	uint64_t rule_id;
 	enum traffic_type traffic_type;
 
 	int sff_profile_id;
@@ -137,7 +137,7 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer);
 // return -1 : error
 int policy_enforcer_register(struct policy_enforcer *enforcer);
 int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
-void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e);
+void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, uint64_t rule_id, int dir_is_i2e);
 
 #ifdef __cpluscplus
 }

platform/include/sce.h

@@ -72,7 +72,7 @@ struct session_ctx
     char *session_addr;
 
     struct addr_tuple4 inner_tuple4;
-    struct fixed_num_array policy_ids;
+    struct fixed_num_array rule_ids;
 
     struct metadata *raw_meta_i2e;
     struct metadata *raw_meta_e2i;

platform/include/sf_metrics.h

@@ -13,7 +13,7 @@ struct sf_metrics *sf_metrics_create(const char *profile);
 void sf_metrics_destory(struct sf_metrics *handle);
 void sf_metrics_reset(struct sf_metrics *handle);
 
-void sf_metrics_inc(struct sf_metrics *handle, int rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes);
+void sf_metrics_inc(struct sf_metrics *handle, uint64_t rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes);
 void sf_metrics_send(struct sf_metrics *handle);
 int sf_metrics_get_interval(struct sf_metrics *handle);
 

platform/src/packet_io.cpp

@@ -3,7 +3,6 @@
 #include <netinet/udp.h>
 #include <netinet/ether.h>
 
-#include <marsio.h>
 #include <cjson/cJSON.h>
 #include <MESA/MESA_prof_load.h>
 
@@ -11,6 +10,7 @@
 #include "sce.h"
 #include "utils.h"
 #include "g_vxlan.h"
+#include "packet_io.h"
 #include "sf_metrics.h"
 #include "ctrl_packet.h"
 #include "global_metrics.h"
@@ -436,7 +436,7 @@ static void action_mirr_forward(marsio_buff_t *rx_buff, struct metadata *meta, s
     throughput_metrics_inc(&(g_metrics->device.endpoint_tx), 1, nsend);
     throughput_metrics_inc(&(g_metrics->raw_pkt.mirr_tx), 1, raw_len);
     throughput_metrics_inc(&sf->tx, 1, nsend);
-    sf_metrics_inc(thread_ctx->sf_metrics, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
+    sf_metrics_inc(thread_ctx->sf_metrics, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
 }
 
 static void action_stee_bypass(marsio_buff_t *rx_buff, struct metadata *meta, struct selected_sf *sf, struct thread_ctx *thread_ctx)
@@ -467,7 +467,7 @@ static void action_stee_forward(marsio_buff_t *rx_buff, struct metadata *meta, s
     throughput_metrics_inc(&(g_metrics->device.endpoint_tx), 1, nsend);
     throughput_metrics_inc(&(g_metrics->raw_pkt.stee_tx), 1, raw_len);
     throughput_metrics_inc(&sf->tx, 1, nsend);
-    sf_metrics_inc(thread_ctx->sf_metrics, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
+    sf_metrics_inc(thread_ctx->sf_metrics, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, 0, 0, 1, nsend);
 }
 
 static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx *session_ctx, struct selected_chaining *chaining, marsio_buff_t *rx_buff, struct metadata *meta, int next_sf_index)
@@ -476,9 +476,9 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
     for (sf_index = next_sf_index; sf_index < chaining->chaining_used; sf_index++)
     {
         struct selected_sf *sf = &(chaining->chaining[sf_index]);
-        LOG_INFO("%s: session: %lu %s execute chaining [%d/%d] policy_id: %d, sff_profile_id: %d, sf_profile_id: %d, sf_need_skip: %d, sf_action_reason: %s, is_e2i: %d, is_decrypted: %d",
+        LOG_INFO("%s: session: %lu %s execute chaining [%d/%d] rule_id: %lu, sff_profile_id: %d, sf_profile_id: %d, sf_need_skip: %d, sf_action_reason: %s, is_e2i: %d, is_decrypted: %d",
                  LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr, sf_index, chaining->chaining_used,
-                 sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason),
+                 sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason),
                  meta->is_e2i_dir, meta->is_decrypted);
 
         if (sf->sf_need_skip)
@@ -607,8 +607,8 @@ static void dump_event_log(struct session_ctx *session_ctx, struct selected_chai
     for (int i = 0; i < chaining->chaining_used; i++)
     {
         struct selected_sf *sf = &(chaining->chaining[i]);
-        LOG_INFO("%s: session %lu %s %s metrics log: policy %d sff_profile_id %d sf_profile_id %d sf_need_skip %d sf_action_reason %s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
+        LOG_INFO("%s: session %lu %s %s metrics log: rule_id %lu sff_profile_id %d sf_profile_id %d sf_need_skip %d sf_action_reason %s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
-                 LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr, tag, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason), sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
+                 LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr, tag, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, sf->sf_need_skip, action_reason_to_string(sf->sf_action_reason), sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
     }
 }
 
@@ -620,21 +620,21 @@ static void session_value_free_cb(void *ctx)
 
 static void handle_policy_mutil_hits(struct policy_enforcer *enforcer, struct session_ctx *session_ctx, struct ctrl_pkt_parser *ctrl_parser, raw_pkt_parser *raw_parser, int is_e2i_dir)
 {
-    for (int i = 0; i < ctrl_parser->policy_id_num; i++)
+    for (int i = 0; i < ctrl_parser->rule_id_num; i++)
     {
-        int policy_id = ctrl_parser->policy_ids[i];
+        uint64_t rule_id = ctrl_parser->rule_ids[i];
-        if (fixed_num_array_exist_elem(&session_ctx->policy_ids, policy_id))
+        if (fixed_num_array_exist_elem(&session_ctx->rule_ids, rule_id))
         {
             continue;
         }
         else
         {
-            policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, raw_parser, policy_id, is_e2i_dir);
+            policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, raw_parser, rule_id, is_e2i_dir);
 
             selected_chaining_bref(session_ctx->chainings.chaining_raw);
             selected_chaining_bref(session_ctx->chainings.chaining_decrypted);
 
-            fixed_num_array_add_elem(&session_ctx->policy_ids, policy_id);
+            fixed_num_array_add_elem(&session_ctx->rule_ids, rule_id);
         }
     }
 }
@@ -951,7 +951,7 @@ static void handle_inject_packet(marsio_buff_t *rx_buff, struct thread_ctx *thre
         struct selected_sf *sf = &(chaining->chaining[sf_index]);
         throughput_metrics_inc(&sf->rx, 1, raw_len);
         throughput_metrics_inc(&(g_metrics->raw_pkt.stee_rx), 1, meta.raw_len);
-        sf_metrics_inc(thread_ctx->sf_metrics, sf->policy_id, sf->sff_profile_id, sf->sf_profile_id, 1, raw_len, 0, 0);
+        sf_metrics_inc(thread_ctx->sf_metrics, sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, 1, raw_len, 0, 0);
     }
 
     marsio_buff_adj(rx_buff, raw_len - meta.raw_len);

platform/src/policy.cpp

@@ -1,8 +1,7 @@
 #include <time.h>
 #include <assert.h>
-
 #include <cjson/cJSON.h>
-#include <MESA/Maat_rule.h>
+#include <MESA/maat.h>
 #include <MESA/MESA_prof_load.h>
 
 #include "global_metrics.h"
@@ -28,6 +27,7 @@ struct policy_config
 {
     enum input_mode input_mode;
 
+    int log_level;
     int stat_switch;
     int perf_switch;
     int scan_detail;
@@ -53,7 +53,7 @@ struct policy_config
 struct policy_enforcer
 {
     struct policy_config config;
-    Maat_feather_t maat;
+    struct maat *maat;
 
     int compile_table_id; // SERVICE_CHAINING_COMPILE           table id
     int sff_table_id;     // SERVICE_FUNCTION_FORWARDER_PROFILE table id
@@ -66,7 +66,7 @@ struct policy_enforcer
 
 struct chaining_param
 {
-    int policy_id;
+    uint64_t rule_id;
     int ref_cnt;
 
     enum traffic_type traffic_type;
@@ -220,6 +220,9 @@ error_out:
 static void policy_enforcer_config(const char *profile, struct policy_config *config)
 {
     MESA_load_profile_int_def(profile, "MAAT", "input_mode", (int *)&(config->input_mode), MAAT_INPUT_REDIS);
+    // LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO  = 2;
+    // LOG_LEVEL_WARN  = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
+    MESA_load_profile_int_def(profile, "MAAT", "log_level", &(config->log_level), 5);
     MESA_load_profile_int_def(profile, "MAAT", "stat_switch", &(config->stat_switch), 1);
     MESA_load_profile_int_def(profile, "MAAT", "perf_switch", &(config->perf_switch), 1);
     MESA_load_profile_int_def(profile, "MAAT", "scan_detail", &(config->scan_detail), 0);
@@ -246,6 +249,7 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co
     }
 
     LOG_DEBUG("%s: MAAT->input_mode         : %s", LOG_TAG_POLICY, (config->input_mode == MAAT_INPUT_REDIS ? "redis" : (config->input_mode == MAAT_INPUT_JSON ? "json" : (config->input_mode == MAAT_INPUT_FILE ? "file" : "unknown"))));
+    LOG_DEBUG("%s: MAAT->log_level          : %d", LOG_TAG_POLICY, config->log_level);
     LOG_DEBUG("%s: MAAT->stat_switch        : %d", LOG_TAG_POLICY, config->stat_switch);
     LOG_DEBUG("%s: MAAT->perf_switch        : %d", LOG_TAG_POLICY, config->perf_switch);
     LOG_DEBUG("%s: MAAT->scan_detail        : %d", LOG_TAG_POLICY, config->scan_detail);
@@ -268,7 +272,7 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co
     LOG_DEBUG("%s: MAAT->max_chaining_size  : %d", LOG_TAG_POLICY, config->max_chaining_size);
 }
 
-static void chaining_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
+static void chaining_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
 {
     int iter = 0;
     cJSON *json = NULL;
@@ -278,9 +282,9 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
     size_t user_region_len = 0;
     struct chaining_param *param = NULL;
 
-    if (Maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0)
+    if (maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0)
     {
-        LOG_ERROR("%s: unexpected chaining policy: (invalid user region) %s", LOG_TAG_POLICY, table_line);
+        LOG_ERROR("%s: unexpected chaining rule: (invalid user region) %s", LOG_TAG_POLICY, table_line);
         return;
     }
 
@@ -289,19 +293,19 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
     json = cJSON_Parse(json_str);
     if (json == NULL)
     {
-        LOG_ERROR("%s: unexpected chaining policy: (invalid json format) %s", LOG_TAG_POLICY, table_line);
+        LOG_ERROR("%s: unexpected chaining rule: (invalid json format) %s", LOG_TAG_POLICY, table_line);
         goto error_out;
     }
 
     param = (struct chaining_param *)calloc(1, sizeof(struct chaining_param));
-    param->policy_id = atoi(key);
+    param->rule_id = atoll(key);
     param->ref_cnt = 1;
 
     // targeted_traffic
     item = cJSON_GetObjectItem(json, "targeted_traffic");
     if (!item || !cJSON_IsString(item))
     {
-        LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
+        LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
         goto error_out;
     }
     if (strcasecmp(item->valuestring, "raw") == 0)
@@ -314,16 +318,16 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
     }
     else
     {
-        LOG_ERROR("%s: unexpected chaining policy: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
+        LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
         goto error_out;
     }
-    LOG_DEBUG("%s: parse chaining policy: %d, targeted_traffic: %s", LOG_TAG_POLICY, param->policy_id, traffic_type_to_string(param->traffic_type));
+    LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_to_string(param->traffic_type));
 
     // sff_profiles
     item = cJSON_GetObjectItem(json, "sff_profiles");
     if (!item || !cJSON_IsArray(item) || !cJSON_GetArraySize(item))
     {
-        LOG_ERROR("%s: unexpected chaining policy: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
+        LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
         goto error_out;
     }
     param->sff_profile_ids_num = cJSON_GetArraySize(item);
@@ -332,17 +336,17 @@ static void chaining_param_new_cb(int table_id, const char *key, const char *tab
     {
         if (!cJSON_IsNumber(element))
         {
-            LOG_ERROR("%s: unexpected chaining policy: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
+            LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line);
             continue;
         }
 
-        LOG_DEBUG("%s: parse chaining policy: %d, sff_profiles[%d/%d]: %d", LOG_TAG_POLICY, param->policy_id, iter, param->sff_profile_ids_num, element->valueint);
+        LOG_DEBUG("%s: parse chaining rule: %lu, sff_profiles[%d/%d]: %d", LOG_TAG_POLICY, param->rule_id, iter, param->sff_profile_ids_num, element->valueint);
         param->sff_profile_ids[iter] = element->valueint;
         iter++;
     }
 
     *ad = param;
-    LOG_INFO("%s: Add chaining policy: %d", LOG_TAG_POLICY, param->policy_id);
+    LOG_INFO("%s: Add chaining rule: %lu", LOG_TAG_POLICY, param->rule_id);
 
     cJSON_Delete(json);
     free(json_str);
@@ -373,7 +377,7 @@ error_out:
     }
 }
 
-static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
+static void chaining_param_free_cb(int table_id, void **ad, long argl, void *argp)
 {
     struct chaining_param *param = (struct chaining_param *)*ad;
     if (param == NULL)
@@ -383,7 +387,7 @@ static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long a
 
     if ((__sync_sub_and_fetch(&param->ref_cnt, 1) == 0))
     {
-        LOG_INFO("%s: Del chaining policy: %d", LOG_TAG_POLICY, param->policy_id);
+        LOG_INFO("%s: Del chaining rule: %lu", LOG_TAG_POLICY, param->rule_id);
         if (param->sff_profile_ids)
         {
             free(param->sff_profile_ids);
@@ -396,7 +400,7 @@ static void chaining_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long a
     }
 }
 
-static void chaining_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
+static void chaining_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
 {
     struct chaining_param *param = (struct chaining_param *)*from;
     if (param)
@@ -415,7 +419,7 @@ static void chaining_param_free(struct chaining_param *param)
     chaining_param_free_cb(0, (void **)&param, 0, NULL);
 }
 
-static void sff_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
+static void sff_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
 {
     int iter = 0;
     struct sff_param *param = NULL;
@@ -533,7 +537,7 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
         item = cJSON_GetObjectItem(root1, "action");
         if (!item || !cJSON_IsString(item))
         {
-            LOG_ERROR("%s: unexpected chaining policy: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
+            LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
             goto error_out;
         }
         if (0 == strcasecmp(item->valuestring, "bypass"))
@@ -546,7 +550,7 @@ static void sff_param_new_cb(int table_id, const char *key, const char *table_li
         }
         else
         {
-            LOG_ERROR("%s: unexpected chaining policy: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
+            LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line);
             goto error_out;
         }
         LOG_DEBUG("%s: parse sff profile: %d, unavailability_action->action: %s", LOG_TAG_POLICY, param->sff_profile_id, item->valuestring);
@@ -612,7 +616,7 @@ error_out:
     }
 }
 
-static void sff_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
+static void sff_param_free_cb(int table_id, void **ad, long argl, void *argp)
 {
     struct sff_param *param = (struct sff_param *)*ad;
     if (param == NULL)
@@ -635,7 +639,7 @@ static void sff_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl,
     }
 }
 
-static void sff_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
+static void sff_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
 {
     struct sff_param *param = (struct sff_param *)*from;
     if (param)
@@ -654,7 +658,7 @@ static void sff_param_free(struct sff_param *param)
     sff_param_free_cb(0, (void **)&param, 0, NULL);
 }
 
-static void sf_param_new_cb(int table_id, const char *key, const char *table_line, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
+static void sf_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp)
 {
     struct sf_param *param = NULL;
     cJSON *root1 = NULL;
@@ -863,7 +867,7 @@ error_out:
     }
 }
 
-static void sf_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, void *argp)
+static void sf_param_free_cb(int table_id, void **ad, long argl, void *argp)
 {
     struct sf_param *param = (struct sf_param *)*ad;
     if (param == NULL)
@@ -882,7 +886,7 @@ static void sf_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA *ad, long argl, v
     }
 }
 
-static void sf_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
+static void sf_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
 {
     struct sf_param *param = (struct sf_param *)*from;
     if (param)
@@ -911,7 +915,7 @@ static void select_sf_by_nearby_and_adminstatus(struct policy_enforcer *enforcer
     {
         memset(&buffer, 0, sizeof(buffer));
         snprintf(buffer, sizeof(buffer), "%u", sff_param->sf_profile_ids[i]);
-        sf = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
+        sf = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
         if (sf == NULL)
         {
             LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sff_param->sf_profile_ids[i]);
@@ -964,7 +968,7 @@ static enum session_action select_sf_by_ldbc(struct policy_enforcer *enforcer, s
 
         memset(&buffer, 0, sizeof(buffer));
         snprintf(buffer, sizeof(buffer), "%u", sf_profile_id);
-        sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
+        sf_param = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
         if (sf_param == NULL)
         {
             LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, sf_profile_id);
@@ -1042,7 +1046,7 @@ static void selected_sf_init(struct selected_sf *item)
     if (item)
     {
         memset(item, 0, sizeof(struct selected_sf));
-        item->policy_id = -1;
+        item->rule_id = 0;
         item->traffic_type = TRAFFIC_TYPE_NONE;
         item->sff_profile_id = -1;
         item->sff_forward_type = FORWARD_TYPE_NONE;
@@ -1205,7 +1209,7 @@ void selected_chaining_dump(struct selected_chaining *chaining)
     for (int i = 0; i < chaining->chaining_used; i++)
     {
         struct selected_sf *node = &(chaining->chaining[i]);
-        LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->policy_id                       : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->policy_id);
+        LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_id                         : %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->rule_id);
         LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type                    : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_to_string(node->traffic_type));
         // sff
         LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id                  : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
@@ -1243,8 +1247,8 @@ void selected_chaining_bref(struct selected_chaining *chaining)
                 buff_used += snprintf(buff + buff_used, buff_size - buff_used, ",");
             }
             buff_used += snprintf(buff + buff_used, buff_size - buff_used,
-                                  "\"node[%d]\":{\"skip\":%d,\"policy_id\":%d,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
+                                  "\"node[%d]\":{\"skip\":%d,\"rule_id\":%lu,\"sff_profile_id\":%d,\"sf_profile_id\":%d,\"traffic_type\":\"%s\",\"sff_forward_type\":\"%s\",\"sf_action\":\"%s\",\"reason\":\"%s\"}",
-                                  i, node->sf_need_skip, node->policy_id, node->sff_profile_id, node->sf_profile_id,
+                                  i, node->sf_need_skip, node->rule_id, node->sff_profile_id, node->sf_profile_id,
                                   traffic_type_to_string(node->traffic_type), forward_type_to_string(node->sff_forward_type), session_action_to_string(node->sf_action), action_reason_to_string(node->sf_action_reason));
         }
     }
@@ -1288,17 +1292,20 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
     assert(enforcer);
     policy_enforcer_config(profile, &(enforcer->config));
 
-    enforcer->maat = Maat_feather(thread_num, enforcer->config.table_info, logger);
+    struct maat_options *opts = maat_options_new();
-    if (enforcer->maat == NULL)
+    if (opts == NULL)
     {
-        LOG_ERROR("%s: unable create maat feather", LOG_TAG_POLICY);
+        LOG_ERROR("%s: unable create maat opts", LOG_TAG_POLICY);
         goto error_out;
     }
 
-    Maat_set_feather_opt(enforcer->maat, MAAT_OPT_INSTANCE_NAME, instance, strlen(instance));
+    maat_options_set_logger(opts, "log/maat.log", (enum log_level)enforcer->config.log_level);
-    Maat_set_feather_opt(enforcer->maat, MAAT_OPT_FOREIGN_CONT_DIR, enforcer->config.foreign_cont_dir, strlen(enforcer->config.foreign_cont_dir));
+    maat_options_set_instance_name(opts, instance);
-    Maat_set_feather_opt(enforcer->maat, MAAT_OPT_SCAN_DETAIL, &(enforcer->config.scan_detail), sizeof(enforcer->config.scan_detail));
+    maat_options_set_caller_thread_number(opts, thread_num);
-    Maat_set_feather_opt(enforcer->maat, MAAT_OPT_EFFECT_INVERVAL_MS, &(enforcer->config.effect_interval_ms), sizeof(enforcer->config.effect_interval_ms));
+    maat_options_set_foreign_cont_dir(opts, enforcer->config.foreign_cont_dir);
+    maat_options_set_rule_effect_interval_ms(opts, enforcer->config.effect_interval_ms);
+    // TODO set enforcer->config.scan_detail
+    // Maat4 is not supported temporarily
 
     switch (enforcer->config.input_mode)
     {
@@ -1308,7 +1315,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
             LOG_ERROR("%s: invalid json_cfg_file", LOG_TAG_POLICY);
             goto error_out;
         }
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_JSON_FILE_PATH, enforcer->config.json_cfg_file, strlen(enforcer->config.json_cfg_file));
+        maat_options_set_json_file(opts, enforcer->config.json_cfg_file);
         break;
     case MAAT_INPUT_REDIS:
         if (!strlen(enforcer->config.redis_server))
@@ -1331,9 +1338,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
             LOG_ERROR("%s: invalid redis_port_range", LOG_TAG_POLICY);
             goto error_out;
         }
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_PORT, &redis_port_select, sizeof(redis_port_select));
+        maat_options_set_redis(opts, enforcer->config.redis_server, redis_port_select, enforcer->config.redis_db_idx);
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_IP, enforcer->config.redis_server, strlen(enforcer->config.redis_server));
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_REDIS_INDEX, &(enforcer->config.redis_db_idx), sizeof(enforcer->config.redis_db_idx));
         break;
     case MAAT_INPUT_FILE:
         if (!strlen(enforcer->config.ful_cfg_dir))
@@ -1346,8 +1351,7 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
             LOG_ERROR("%s: invalid inc_cfg_dir", LOG_TAG_POLICY);
             goto error_out;
         }
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_FULL_CFG_DIR, enforcer->config.ful_cfg_dir, strlen(enforcer->config.ful_cfg_dir));
+        maat_options_set_iris(opts, enforcer->config.ful_cfg_dir, enforcer->config.inc_cfg_dir);
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_INC_CFG_DIR, enforcer->config.inc_cfg_dir, strlen(enforcer->config.inc_cfg_dir));
         break;
     default:
         LOG_ERROR("%s: invalid input_mode %d", LOG_TAG_POLICY, enforcer->config.input_mode);
@@ -1356,33 +1360,42 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char
 
     if (enforcer->config.stat_switch)
     {
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_STAT_FILE_PATH, enforcer->config.stat_file, strlen(enforcer->config.stat_file));
+        // TODO enforcer->config.stat_file
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_STAT_ON, NULL, 0);
+        // Maat4 is not supported temporarily
+        maat_options_set_stat_on(opts);
         if (enforcer->config.perf_switch)
         {
-            Maat_set_feather_opt(enforcer->maat, MAAT_OPT_PERF_ON, NULL, 0);
+            maat_options_set_perf_on(opts);
         }
     }
 
     if (enforcer->config.deferred_load)
     {
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_DEFERRED_LOAD, NULL, 0);
+        maat_options_set_deferred_load_on(opts);
     }
 
     if (strlen(enforcer->config.accept_tags))
     {
-        Maat_set_feather_opt(enforcer->maat, MAAT_OPT_ACCEPT_TAGS, &(enforcer->config.accept_tags), sizeof(enforcer->config.accept_tags));
+        maat_options_set_accept_tags(opts, enforcer->config.accept_tags);
     }
 
-    if (Maat_initiate_feather(enforcer->maat) < 0)
+    enforcer->maat = maat_new(opts, enforcer->config.table_info);
+    if (enforcer->maat == NULL)
     {
-        LOG_ERROR("%s: maat init feather failed", LOG_TAG_POLICY);
+        LOG_ERROR("%s: unable create maat", LOG_TAG_POLICY);
         goto error_out;
     }
 
+    maat_options_free(opts);
+    opts = NULL;
     return enforcer;
 
 error_out:
+    if (opts)
+    {
+        maat_options_free(opts);
+        opts = NULL;
+    }
     policy_enforcer_destory(enforcer);
     return NULL;
 }
@@ -1393,7 +1406,7 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
     {
         if (enforcer->maat)
         {
-            Maat_burn_feather(enforcer->maat);
+            maat_free(enforcer->maat);
             enforcer->maat = NULL;
         }
 
@@ -1407,52 +1420,52 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer)
 int policy_enforcer_register(struct policy_enforcer *enforcer)
 {
     LOG_INFO("%s: register policy callback ...", LOG_TAG_POLICY);
-    enforcer->compile_table_id = Maat_table_register(enforcer->maat, "SERVICE_CHAINING_COMPILE");
+    enforcer->compile_table_id = maat_get_table_id(enforcer->maat, "SERVICE_CHAINING_COMPILE");
     if (enforcer->compile_table_id < 0)
     {
         LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE table failed", LOG_TAG_POLICY);
         return -1;
     }
 
-    enforcer->sff_table_id = Maat_table_register(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE");
+    enforcer->sff_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE");
     if (enforcer->sff_table_id < 0)
     {
         LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE table ailed", LOG_TAG_POLICY);
         return -1;
     }
 
-    enforcer->sf_table_id = Maat_table_register(enforcer->maat, "SERVICE_FUNCTION_PROFILE");
+    enforcer->sf_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_PROFILE");
     if (enforcer->sf_table_id < 0)
     {
         LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE table failed", LOG_TAG_POLICY);
         return -1;
     }
 
-    if (Maat_plugin_EX_register(enforcer->maat, enforcer->compile_table_id,
+    if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_CHAINING_COMPILE",
                                              chaining_param_new_cb,
                                              chaining_param_free_cb,
                                              chaining_param_dup_cb,
-                                NULL, 0, enforcer) != 0)
+                                             0, enforcer) != 0)
     {
         LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE plugin extension callbacks failed", LOG_TAG_POLICY);
         return -1;
     }
 
-    if (Maat_plugin_EX_register(enforcer->maat, enforcer->sff_table_id,
+    if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE",
                                              sff_param_new_cb,
                                              sff_param_free_cb,
                                              sff_param_dup_cb,
-                                NULL, 0, enforcer) != 0)
+                                             0, enforcer) != 0)
     {
         LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
         return -1;
     }
 
-    if (Maat_plugin_EX_register(enforcer->maat, enforcer->sf_table_id,
+    if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_PROFILE",
                                              sf_param_new_cb,
                                              sf_param_free_cb,
                                              sf_param_dup_cb,
-                                NULL, 0, enforcer) != 0)
+                                             0, enforcer) != 0)
     {
         LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY);
         return -1;
@@ -1467,7 +1480,7 @@ int policy_enforce_chaining_size(struct policy_enforcer *enforcer)
     return enforcer->config.max_chaining_size;
 }
 
-void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, int policy_id, int dir_is_i2e)
+void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct raw_pkt_parser *parser, uint64_t rule_id, int dir_is_i2e)
 {
     uint64_t hash_value = 0;
     char buffer[16] = {0};
@@ -1477,11 +1490,11 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
     struct chaining_param *chaining_param = NULL;
     struct selected_chaining *chaining = NULL;
 
-    snprintf(buffer, sizeof(buffer), "%d", policy_id);
+    snprintf(buffer, sizeof(buffer), "%lu", rule_id);
-    chaining_param = (struct chaining_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->compile_table_id, buffer);
+    chaining_param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->compile_table_id, buffer);
     if (chaining_param == NULL)
     {
-        LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %d", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, policy_id);
+        LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %lu", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, rule_id);
         return;
     }
 
@@ -1493,21 +1506,21 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
     {
         chaining = chainings->chaining_decrypted;
     }
-    LOG_INFO("%s: session %lu %s enforce %s chaining policy %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), policy_id);
+    LOG_INFO("%s: session %lu %s enforce %s chaining rule %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), rule_id);
 
     for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
     {
         struct selected_sf *item = &(chaining->chaining[chaining->chaining_used]);
         selected_sf_init(item);
 
-        item->policy_id = policy_id;
+        item->rule_id = rule_id;
         item->traffic_type = chaining_param->traffic_type;
         item->sff_profile_id = chaining_param->sff_profile_ids[i];
         item->sf_index = chaining->chaining_used;
 
         memset(buffer, 0, sizeof(buffer));
         snprintf(buffer, sizeof(buffer), "%u", item->sff_profile_id);
-        sff_param = (struct sff_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sff_table_id, buffer);
+        sff_param = (struct sff_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sff_table_id, buffer);
         if (sff_param == NULL)
         {
             LOG_ERROR("%s: session %lu %s failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sff_profile_id);
@@ -1521,7 +1534,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
         memset(&array, 0, sizeof(array));
         fixed_num_array_init(&array);
         select_sf_by_nearby_and_adminstatus(enforcer, sff_param, &array);
-        LOG_DEBUG("%s: session %lu %s select sf from chaining policy %d sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
+        LOG_DEBUG("%s: session %lu %s select sf from chaining rule %lu sff_profile %d, sf_profile_num (before filter: %d -> filter nearby/admin_status: %d)", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, rule_id, item->sff_profile_id, sff_param->sf_profile_ids_num, fixed_num_array_count_elem(&array));
         if (fixed_num_array_count_elem(&array) == 0)
         {
             switch (sff_param->sff_exception.fail_action)
@@ -1547,7 +1560,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
                 }
                 break;
             }
-            LOG_DEBUG("%s: session %lu %s select sf frome chaining policy %d sff_profile %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, policy_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
+            LOG_DEBUG("%s: session %lu %s rule_id %lu sff_profile_id %d, no sf available after filtering by 'nearby & admin_status', %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, rule_id, item->sff_profile_id, action_reason_to_string(item->sf_action_reason));
             chaining->chaining_used++;
             sff_param_free(sff_param);
             continue;
@@ -1564,7 +1577,7 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
 
         memset(&buffer, 0, sizeof(buffer));
         snprintf(buffer, sizeof(buffer), "%u", item->sf_profile_id);
-        sf_param = (struct sf_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->sf_table_id, buffer);
+        sf_param = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, buffer);
         if (sf_param == NULL)
         {
             LOG_ERROR("%s: session %lu %s failed to get sf parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, item->sf_profile_id);

platform/src/sce.cpp

@@ -82,7 +82,7 @@ struct session_ctx *session_ctx_new()
     struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx));
     assert(session_ctx != NULL);
 
-    fixed_num_array_init(&session_ctx->policy_ids);
+    fixed_num_array_init(&session_ctx->rule_ids);
 
     session_ctx->raw_meta_i2e = metadata_new();
     session_ctx->raw_meta_e2i = metadata_new();

platform/src/sf_metrics.cpp

@@ -10,11 +10,11 @@
 #include "utils.h"
 #include "sf_metrics.h"
 
-#define SCE_SF_METRICS "SCE-SF-METRICS,rule_id=%d,sff_profile_id=%d,sf_profile_id=%d,type=service_chaining_metrics sent_pkts=%lu,sent_bytes=%lu,recv_pkts=%lu,recv_bytes=%lu"
+#define SCE_SF_METRICS "SCE-SF-METRICS,rule_id=%lu,sff_profile_id=%d,sf_profile_id=%d,type=service_chaining_metrics sent_pkts=%lu,sent_bytes=%lu,recv_pkts=%lu,recv_bytes=%lu"
 
 struct key_tuple
 {
-    int rule_id;
+    uint64_t rule_id;
     int sff_profile_id;
     int sf_profile_id;
 };
@@ -137,7 +137,7 @@ void sf_metrics_reset(struct sf_metrics *handle)
     }
 }
 
-void sf_metrics_inc(struct sf_metrics *handle, int rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes)
+void sf_metrics_inc(struct sf_metrics *handle, uint64_t rule_id, int sff_profile_id, int sf_profile_id, uint64_t rx_pkts, uint64_t rx_bytes, uint64_t tx_pkts, uint64_t tx_bytes)
 {
     if (handle->config.enable == 0)
     {

platform/test/CMakeLists.txt

@@ -15,3 +15,4 @@ include(GoogleTest)
 gtest_discover_tests(gtest_policy)
 
 file(COPY ./test_resource/ DESTINATION ./test_resource/)
+file(COPY ${CMAKE_SOURCE_DIR}/resource/table_info.conf DESTINATION ./test_resource/)

platform/test/gtest_policy.cpp

@@ -18,7 +18,7 @@ TEST(POLICY, SELECTED_CHAINING_LIFE_CYCLE)
 {
 	struct selected_chaining *chaining = NULL;
 
-	chaining = selected_chaining_create(128, 0, NULL);
+	chaining = selected_chaining_create(128, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
 	EXPECT_TRUE(chaining != nullptr);
 
 	selected_chaining_destory(chaining);
@@ -32,6 +32,8 @@ TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
 
 	t_ctx.ref_metrics = &g_metrics;
 	s_ctx.ref_thread_ctx = &t_ctx;
+	s_ctx.session_id = 1;
+	s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
 
 	struct raw_pkt_parser handler;
 	raw_packet_parser_init(&handler, 0, LAYER_TYPE_ALL, 8);
@@ -47,8 +49,8 @@ TEST(POLICY, POLICY_ENFORCER_LIFE_CYCLE)
 
 	int dir_is_i2e = 1;
 	struct selected_chainings chainings;
-	chainings.chaining_raw = selected_chaining_create(64, 0, NULL);
+	chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
-	chainings.chaining_decrypted = selected_chaining_create(64, 0, NULL);
+	chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
 	policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
 	policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
 	policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);

platform/test/test_resource/sce.conf

@@ -4,6 +4,9 @@ nr_worker_threads=8
 [maat]
 # 0:json 1:redis 2:iris
 input_mode=0
+# LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO  = 2;
+# LOG_LEVEL_WARN  = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
+log_level=1
 stat_switch=1
 perf_switch=1
 scan_detail=0

platform/test/test_resource/table_info.conf

@@ -1,3 +0,0 @@
-0	SERVICE_CHAINING_COMPILE	plugin	{"key":1,"valid":8}
-1	SERVICE_FUNCTION_FORWARDER_PROFILE	plugin	{"key":1,"valid":8}
-2	SERVICE_FUNCTION_PROFILE	plugin	{"key":1,"valid":6}

resource/table_info.conf

@@ -1,3 +1,32 @@
-0	SERVICE_CHAINING_COMPILE	plugin	{"key":1,"valid":8}
+[
-1	SERVICE_FUNCTION_FORWARDER_PROFILE	plugin	{"key":1,"valid":8}
+    {
-2	SERVICE_FUNCTION_PROFILE	plugin	{"key":1,"valid":6}
+        "table_id":0,
+        "table_name":"SERVICE_CHAINING_COMPILE",
+        "table_type":"plugin",
+        "valid_column":8,
+        "custom":{
+            "key":1,
+            "key_type":"pointer"
+        }
+    },
+    {
+        "table_id":1,
+        "table_name":"SERVICE_FUNCTION_FORWARDER_PROFILE",
+        "table_type":"plugin",
+        "valid_column":8,
+        "custom":{
+            "key":1,
+            "key_type":"pointer"
+        }
+    },
+    {
+        "table_id":2,
+        "table_name":"SERVICE_FUNCTION_PROFILE",
+        "table_type":"plugin",
+        "valid_column":6,
+        "custom":{
+            "key":1,
+            "key_type":"pointer"
+        }
+    }
+]

test/CMakeLists.txt

@@ -82,3 +82,4 @@ gtest_discover_tests(gtest_raw_pkt_stee_forward)
 file(COPY ./test_data/log/ DESTINATION ./log/)
 file(COPY ./test_data/conf/ DESTINATION ./conf/)
 file(COPY ./test_data/resource/ DESTINATION ./resource/)
+file(COPY ${CMAKE_SOURCE_DIR}/resource/table_info.conf DESTINATION ./resource/)

test/test_data/conf/sce.conf

@@ -18,6 +18,9 @@ breakpad_upload_tools=/opt/tsg/framework/bin/minidump_upload
 [maat]
 # 0:json 1:redis 2:iris
 input_mode=0
+# LOG_LEVEL_TRACE = 0; LOG_LEVEL_DEBUG = 1; LOG_LEVEL_INFO  = 2;
+# LOG_LEVEL_WARN  = 3; LOG_LEVEL_ERROR = 4; LOG_LEVEL_FATAL = 5;
+log_level=1
 stat_switch=1
 perf_switch=1
 scan_detail=0

test/test_data/resource/table_info.conf

@@ -1,3 +0,0 @@
-0	SERVICE_CHAINING_COMPILE	plugin	{"key":1,"valid":8}
-1	SERVICE_FUNCTION_FORWARDER_PROFILE	plugin	{"key":1,"valid":8}
-2	SERVICE_FUNCTION_PROFILE	plugin	{"key":1,"valid":6}

vendor/CMakeLists.txt

@@ -53,7 +53,7 @@ set_property(TARGET MESA_field_stat PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_
 set_property(TARGET MESA_field_stat PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
 
 add_library(maatframe SHARED IMPORTED GLOBAL)
-set_property(TARGET maatframe PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaatframe.so)
+set_property(TARGET maatframe PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libmaat4.so)
 set_property(TARGET maatframe PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
 
 set(MRZCPD_LIB_DIR /opt/mrzcpd/lib)