#ifndef _POLICY_H #define _POLICY_H #ifdef __cpluscplus extern "C" { #endif #include "utils.h" #include "data_packet.h" #include enum traffic_type { TRAFFIC_TYPE_NONE = 0, TRAFFIC_TYPE_RAW = 1, TRAFFIC_TYPE_DECRYPTED = 2, }; enum forward_type { FORWARD_TYPE_NONE = 0, FORWARD_TYPE_STEERING = 1, FORWARD_TYPE_MIRRORING = 2, }; enum session_action { SESSION_ACTION_BYPASS = 0, SESSION_ACTION_FORWARD = 1, SESSION_ACTION_BLOCK = 2, }; enum action_desc { ACTION_BYPASS_DUE_DEFAULT = 0x00, ACTION_BYPASS_DUE_INVALID_POLICY = 0x01, ACTION_BYPASS_DUE_FAILURE_ACTION = 0x02, ACTION_BYPASS_DUE_UNAVAILABLE_ACTION = 0x03, ACTION_BYPASS_DUE_HEALTH_SF_LIMIT = 0x04, ACTION_BLOCK_DUE_FAILURE_ACTION = 0x10, ACTION_BLOCK_DUE_UNAVAILABLE_ACTION = 0x11, ACTION_FORWAED_DUE_SELECTED_SF = 0x20, }; enum encapsulate_method { ENCAPSULATE_METHOD_NONE = 0, ENCAPSULATE_METHOD_LAYER2_SWITCH = 1, ENCAPSULATE_METHOD_LAYER3_SWITCH = 2, ENCAPSULATE_METHOD_VXLAN_G = 3, }; enum health_check_method { HEALTH_CHECK_METHOD_NONE = 0, HEALTH_CHECK_METHOD_IN_BAND_BFD = 1, HEALTH_CHECK_METHOD_BFD = 2, HEALTH_CHECK_METHOD_HTTP = 3, }; struct health_check { enum health_check_method method; char url[128]; char address[64]; int retires; int interval_ms; }; struct connectivity { enum encapsulate_method method; int int_vlan_tag; int ext_vlan_tag; char dest_ip[64]; }; struct selected_sf { uint64_t rule_id; int rule_vsys_id; enum traffic_type traffic_type; int sff_profile_id; enum forward_type sff_forward_type; int sf_vsys_id; int sf_profile_id; enum session_action sf_action; enum action_desc sf_action_desc; struct connectivity sf_connectivity; struct throughput_metrics rx; struct throughput_metrics tx; in_addr_t sf_dst_ip; u_char sf_dst_mac[ETH_ALEN]; int sf_index; }; struct selected_chaining { struct selected_sf *chaining; int chaining_size; int chaining_used; uint64_t session_id; char *session_addr; }; struct selected_chainings { struct selected_chaining *chaining_raw; struct selected_chaining *chaining_decrypted; }; const char *traffic_type_to_string(enum traffic_type traffic_type); const char *forward_type_to_string(enum forward_type forward_type); const char *action_desc_to_string(enum action_desc action_desc); const char *encapsulate_method_to_string(enum encapsulate_method encap_method); struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr); void selected_chaining_destory(struct selected_chaining *chaining); void selected_chaining_dump(struct selected_chaining *chaining); void selected_chaining_bref(struct selected_chaining *chaining); void selected_chaining_uniq(struct selected_chaining *chaining); // return NULL : error // return !NULL : success struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger); void policy_enforcer_destory(struct policy_enforcer *enforcer); // return 0 : success // return -1 : error int policy_enforcer_register(struct policy_enforcer *enforcer); int policy_enforce_chaining_size(struct policy_enforcer *enforcer); void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct data_packet *data_pkt, uint64_t rule_id, int dir_is_i2e); #ifdef __cpluscplus } #endif #endif