diff options
| author | luwenpeng <[email protected]> | 2024-09-23 16:50:09 +0800 |
|---|---|---|
| committer | luwenpeng <[email protected]> | 2024-09-27 19:11:47 +0800 |
| commit | 5799de529955798ed0727c088ffa25f1e4e51445 (patch) | |
| tree | 818422edc9c400d84a5393bfe4e581496825019d /platform/src | |
| parent | 7ef8e44bca6bac3c905ed8d6a11cadd6edac156b (diff) | |
TSG-22348 feature: adapt maat support UUID
Diffstat (limited to 'platform/src')
| -rw-r--r-- | platform/src/health_check.cpp | 30 | ||||
| -rw-r--r-- | platform/src/packet_io.cpp | 72 | ||||
| -rw-r--r-- | platform/src/policy.cpp | 581 | ||||
| -rw-r--r-- | platform/src/sce.cpp | 2 | ||||
| -rw-r--r-- | platform/src/sf_metrics.cpp | 18 | ||||
| -rw-r--r-- | platform/src/sf_status.cpp | 6 |
6 files changed, 376 insertions, 333 deletions
diff --git a/platform/src/health_check.cpp b/platform/src/health_check.cpp index abe3730..88ee293 100644 --- a/platform/src/health_check.cpp +++ b/platform/src/health_check.cpp @@ -46,7 +46,7 @@ struct session_iterm struct health_check policy; // value1: deep copy int is_active; // value2 - int profile_id; // value3 + uuid_t sf_uuid; // value3 int vsys_id; // value4 UT_hash_handle hh1; /* handle for first hash table */ @@ -457,7 +457,7 @@ static uint64_t health_check_get_session_id() // return >0 : session id // return 0 : fail // struct health_check *policy : need deep copy -uint64_t health_check_session_add(int profile_id, int vsys_id, const struct health_check *policy) +uint64_t health_check_session_add(uuid_t *sf_uuid, int vsys_id, const struct health_check *policy) { uint64_t session_id = 0; uint8_t mac[ETH_ALEN] = {0}; @@ -481,7 +481,7 @@ uint64_t health_check_session_add(int profile_id, int vsys_id, const struct heal tmp->vsys_id = vsys_id; tmp->session_id = session_id; - tmp->profile_id = profile_id; + uuid_copy(tmp->sf_uuid, *sf_uuid); memcpy(&tmp->policy, policy, sizeof(struct health_check)); HASH_ADD(hh1, g_handle.root_by_id, session_id, sizeof(tmp->session_id), tmp); @@ -498,13 +498,15 @@ uint64_t health_check_session_add(int profile_id, int vsys_id, const struct heal health_check_method_table_set_mac(&g_handle_none, tmp->policy.address, mac); } - LOG_DEBUG("health check session table insert: profile id [%d] session id [%lu] address [%s] success", profile_id, session_id, policy->address); + char sf_uuid_str[UUID_STRING_SIZE] = {0}; + uuid_unparse(*sf_uuid, sf_uuid_str); + LOG_DEBUG("health check session table insert: profile id [%s] session id [%lu] address [%s] success", sf_uuid_str, session_id, policy->address); return session_id; } // return 0 : success // return -1 : key not exist -int health_check_session_del(uint64_t session_id, int profile_id, int vsys_id) +int health_check_session_del(uint64_t session_id, uuid_t *sf_uuid, int vsys_id) { int ret = 0; struct session_iterm *tmp = NULL; @@ -536,13 +538,15 @@ end: HASH_DELETE(hh1, g_handle.root_by_id, tmp); struct sf_status_key key = {0}; key.vsys_id = vsys_id; - key.sf_profile_id = profile_id; + uuid_copy(key.sf_uuid, *sf_uuid); sf_status_delete(g_sf_status, &key); pthread_rwlock_unlock(&g_handle.rwlock); free(tmp); tmp = NULL; - LOG_DEBUG("health check session table delete: profile id [%d] session id [%lu] success", profile_id, session_id); + char sf_uuid_str[UUID_STRING_SIZE] = {0}; + uuid_unparse(*sf_uuid, sf_uuid_str); + LOG_DEBUG("health check session table delete: profile id [%s] session id [%lu] success", sf_uuid_str, session_id); return 0; } @@ -667,7 +671,7 @@ static void *_health_check_session_foreach(void *arg) struct sf_status_key key = {0}; key.vsys_id = node->vsys_id; - key.sf_profile_id = node->profile_id; + uuid_copy(key.sf_uuid, node->sf_uuid); sf_status_update(g_sf_status, &key, is_active, 0); if (node->is_active != is_active) { node->is_active = is_active; @@ -743,6 +747,7 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[]) struct session_iterm *tmp = NULL; uint8_t mac[ETH_ALEN] = {0}; uint8_t init_mac[ETH_ALEN] = {0}; + char sf_uuid_str[UUID_STRING_SIZE] = {0}; if (enable == 0) { @@ -757,9 +762,10 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[]) return -1; } + uuid_unparse(tmp->sf_uuid, sf_uuid_str); str_method = health_check_method_str(tmp->policy.method); if (tmp->policy.method == HEALTH_CHECK_METHOD_BFD && tmp->is_active == 0) { - LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] active is down", session_id, tmp->profile_id, str_method); + LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] active is down", session_id, sf_uuid_str, str_method); pthread_rwlock_unlock(&g_handle.rwlock); return -1; } @@ -773,20 +779,20 @@ int health_check_session_get_mac(uint64_t session_id, u_char mac_buff[]) if (memcmp(mac, init_mac, ETH_ALEN) == 0) { if (strlen(gateway_address) == 0) { - LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [null]", session_id, tmp->profile_id, str_method); + LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [null]", session_id, sf_uuid_str, str_method); pthread_rwlock_unlock(&g_handle.rwlock); return -1; } health_check_method_table_get_mac(&g_handle_none, gateway_address, mac); if (memcmp(mac, init_mac, ETH_ALEN) == 0) { - LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [null]", session_id, tmp->profile_id, str_method); + LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [null]", session_id, sf_uuid_str, str_method); pthread_rwlock_unlock(&g_handle.rwlock); return -1; } } memcpy(mac_buff, mac, ETH_ALEN); - LOG_DEBUG("health check session id [%lu] profile id [%d] health check method [%s] get mac [%02x:%02x:%02x:%02x:%02x:%02x]", session_id, tmp->profile_id, str_method, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); + LOG_DEBUG("health check session id [%lu] profile id [%s] health check method [%s] get mac [%02x:%02x:%02x:%02x:%02x:%02x]", session_id, sf_uuid_str, str_method, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); pthread_rwlock_unlock(&g_handle.rwlock); return 0; }
\ No newline at end of file diff --git a/platform/src/packet_io.cpp b/platform/src/packet_io.cpp index f8a73e7..34dc5d5 100644 --- a/platform/src/packet_io.cpp +++ b/platform/src/packet_io.cpp @@ -668,9 +668,9 @@ static inline void action_mirr_forward(struct session_ctx *session_ctx, marsio_b THROUGHPUT_METRICS_INC(&(thread_metrics->mirr_tx), 1, meta->raw_len); THROUGHPUT_METRICS_INC(&sf->tx, 1, nsend); struct sf_metrics_key key = {0}; - key.rule_id = sf->rule_id; - key.sff_profile_id = sf->sff_profile_id; - key.sf_profile_id = sf->sf_profile_id; + uuid_copy(key.rule_uuid, sf->rule_uuid); + uuid_copy(key.sff_uuid, sf->sff_uuid); + uuid_copy(key.sf_uuid, sf->sf_uuid); key.vsys_id = sf->rule_vsys_id; sf_metrics_input(sf_metrics, thread_index, &key, 0, 0, 1, nsend); } @@ -703,23 +703,30 @@ static inline void action_stee_forward(struct session_ctx *session_ctx, marsio_b THROUGHPUT_METRICS_INC(&(thread_metrics->stee_tx), 1, meta->raw_len); THROUGHPUT_METRICS_INC(&sf->tx, 1, nsend); struct sf_metrics_key key = {0}; - key.rule_id = sf->rule_id; - key.sff_profile_id = sf->sff_profile_id; - key.sf_profile_id = sf->sf_profile_id; + uuid_copy(key.rule_uuid, sf->rule_uuid); + uuid_copy(key.sff_uuid, sf->sff_uuid); + uuid_copy(key.sf_uuid, sf->sf_uuid); key.vsys_id = sf->rule_vsys_id; sf_metrics_input(sf_metrics, thread_index, &key, 0, 0, 1, nsend); } static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx *session_ctx, struct selected_chaining *chaining, marsio_buff_t *rx_buff, struct metadata *meta, int next_sf_index) { + char rule_uuid_str[UUID_STRING_SIZE]; + char sff_uuid_str[UUID_STRING_SIZE]; + char sf_uuid_str[UUID_STRING_SIZE]; + int sf_index; for (sf_index = next_sf_index; sf_index < chaining->chaining_used; sf_index++) { struct selected_sf *sf = &(chaining->chaining[sf_index]); - LOG_DEBUG("%s: session: %lu %s execute chaining [%d/%d]: policy %lu->%d->%d, action %s->%s->%s->%s", + uuid_unparse(sf->rule_uuid, rule_uuid_str); + uuid_unparse(sf->sff_uuid, sff_uuid_str); + uuid_unparse(sf->sf_uuid, sf_uuid_str); + LOG_DEBUG("%s: session: %lu %s execute chaining [%d/%d]: policy %s->%s->%s, action %s->%s->%s->%s", LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr, sf_index, chaining->chaining_used, - sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, + rule_uuid_str, sff_uuid_str, sf_uuid_str, (meta->is_decrypted ? "decrypted" : "raw"), (meta->direction ? "E2I" : "I2E"), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc)); PACKET_TRACE_ON_CHAIN(thread_ctx->ref_io->instance, rx_buff, sf, meta); @@ -786,10 +793,11 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx * { struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx; struct packet_io *packet_io = thread_ctx->ref_io; - struct mutable_array *rule_ids = &session_ctx->rule_ids; + struct uuid_array *rule_uuid_array = &session_ctx->rule_uuid_array; struct selected_chaining *chaining_raw = session_ctx->chaining_raw; struct selected_chaining *chaining_decrypted = session_ctx->chaining_decrypted; int thread_index = thread_ctx->thread_index; + int num = uuid_array_get_count(rule_uuid_array); char *data; size_t size; @@ -828,9 +836,9 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx * { mpack_write_cstr(&writer, "sc_rule_list"); mpack_build_array(&writer); // sc_rule_list begin - for (int i = 0; i < rule_ids->num; i++) + for (int i = 0; i < num; i++) { - mpack_write_u64(&writer, mutable_array_index_elem(rule_ids, i)); + mpack_write_bin(&writer, (const char *)uuid_array_get_at(rule_uuid_array, i), sizeof(uuid_t)); } mpack_complete_array(&writer); // sc_rule_list end } @@ -843,7 +851,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx * struct selected_sf *sf = &(chaining_raw->chaining[i]); if (sf->sf_action == SESSION_ACTION_FORWARD) { - mpack_write_u64(&writer, sf->sf_profile_id); + mpack_write_bin(&writer, (const char *)&sf->sf_uuid, sizeof(uuid_t)); } if (sf->sf_action == SESSION_ACTION_BLOCK && sf->sff_forward_type == FORWARD_TYPE_STEERING) { @@ -861,7 +869,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx * struct selected_sf *sf = &(chaining_decrypted->chaining[i]); if (sf->sf_action == SESSION_ACTION_FORWARD) { - mpack_write_u64(&writer, sf->sf_profile_id); + mpack_write_bin(&writer, (const char *)&sf->sf_uuid, sizeof(uuid_t)); } if (sf->sf_action == SESSION_ACTION_BLOCK && sf->sff_forward_type == FORWARD_TYPE_STEERING) { @@ -942,12 +950,19 @@ static void dump_sf_metrics(struct session_ctx *session_ctx, struct selected_cha return; } + char rule_uuid_str[UUID_STRING_SIZE]; + char sff_uuid_str[UUID_STRING_SIZE]; + char sf_uuid_str[UUID_STRING_SIZE]; + for (int i = 0; i < chaining->chaining_used; i++) { struct selected_sf *sf = &(chaining->chaining[i]); - LOG_INFO("%s: session %lu %s metrics: policy %lu->%d->%d action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu", + uuid_unparse(sf->rule_uuid, rule_uuid_str); + uuid_unparse(sf->sff_uuid, sff_uuid_str); + uuid_unparse(sf->sf_uuid, sf_uuid_str); + LOG_INFO("%s: session %lu %s metrics: policy %s->%s->%s action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu", LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr, - sf->rule_id, sf->sff_profile_id, sf->sf_profile_id, + rule_uuid_str, sff_uuid_str, sf_uuid_str, traffic_type_tostring(sf->traffic_type), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc), sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes); } @@ -964,24 +979,23 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con struct policy_enforcer *enforcer = thread_ctx->ref_enforcer; struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx; - for (int i = 0; i < ctrl_pkt->rule_id_num; i++) + int num = uuid_array_get_count(&ctrl_pkt->rule_uuid_array); + for (int i = 0; i < num; i++) { - uint64_t rule_id = ctrl_pkt->rule_ids[i]; - if (mutable_array_exist_elem(&session_ctx->rule_ids, rule_id)) + uuid_t *rule_uuid_ptr = uuid_array_get_at(&ctrl_pkt->rule_uuid_array, i); + if (uuid_array_contains(&session_ctx->rule_uuid_array, *rule_uuid_ptr)) { continue; } else { - policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_id, direction); + policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_uuid_ptr, direction); if (sce_ctx->enable_debug) { selected_chaining_bref(session_ctx->chaining_raw); selected_chaining_bref(session_ctx->chaining_decrypted); } - - mutable_array_add_elem(&session_ctx->rule_ids, rule_id); } } } @@ -1213,8 +1227,8 @@ static void handle_data_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread { THROUGHPUT_METRICS_INC(&(thread_metrics->raw_rx), 1, meta.raw_len); } - PACKET_TRACE_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_ids, chaining); - PACKET_TELEMETRY_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_ids, chaining); + PACKET_TRACE_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_uuid_array, chaining); + PACKET_TELEMETRY_ON_POLICY(thread_ctx->ref_io->instance, rx_buff, &session_ctx->rule_uuid_array, chaining); action_sf_chaining(thread_ctx, session_ctx, chaining, rx_buff, &meta, 0); return; @@ -1243,6 +1257,7 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx struct vxlan_hdr *vxlan_hdr = NULL; struct session_ctx *session_ctx = NULL; struct selected_chaining *chaining = NULL; + char sf_uuid_str[UUID_STRING_SIZE]; memset(&meta, 0, sizeof(struct metadata)); int sf_index = 0; @@ -1300,8 +1315,9 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx if (chaining->chaining[sf_index].sff_forward_type == FORWARD_TYPE_MIRRORING) { - LOG_DEBUG("%s: unexpected inject packet, session %lu %s with sf_profile_id %d executes mirror and does not require reflow, drop !!!", - LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr, chaining->chaining[sf_index].sf_profile_id); + uuid_unparse(chaining->chaining[sf_index].sf_uuid, sf_uuid_str); + LOG_DEBUG("%s: unexpected inject packet, session %lu %s with sf_uuid %s executes mirror and does not require reflow, drop !!!", + LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr, sf_uuid_str); THROUGHPUT_METRICS_INC(&(thread_metrics->mirr_rx_drop), 1, meta.raw_len); goto error_block; } @@ -1311,9 +1327,9 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx THROUGHPUT_METRICS_INC(&sf->rx, 1, raw_len); THROUGHPUT_METRICS_INC(&(thread_metrics->stee_rx), 1, meta.raw_len); struct sf_metrics_key key = {0}; - key.rule_id = sf->rule_id; - key.sff_profile_id = sf->sff_profile_id; - key.sf_profile_id = sf->sf_profile_id; + uuid_copy(key.rule_uuid, sf->rule_uuid); + uuid_copy(key.sff_uuid, sf->sff_uuid); + uuid_copy(key.sf_uuid, sf->sf_uuid); key.vsys_id = sf->rule_vsys_id; sf_metrics_input(sf_metrics, thread_index, &key, 1, raw_len, 0, 0); } diff --git a/platform/src/policy.cpp b/platform/src/policy.cpp index 7fc12af..2298241 100644 --- a/platform/src/policy.cpp +++ b/platform/src/policy.cpp @@ -14,6 +14,10 @@ #include "sce.h" #include "utarray.h" +#define TABLE_NAME_SC "SERVICE_CHAINING_RULE" +#define TABLE_NAME_SFF "SERVICE_FUNCTION_FORWARDER_PROFILE" +#define TABLE_NAME_SF "SERVICE_FUNCTION_PROFILE" + /****************************************************************************** * Struct policy_enforcer ******************************************************************************/ @@ -24,7 +28,6 @@ enum input_mode { MAAT_INPUT_JSON = 0, MAAT_INPUT_REDIS = 1, - MAAT_INPUT_FILE = 2, }; struct policy_config @@ -43,8 +46,6 @@ struct policy_config char table_info[2048]; char accept_tags[2048]; char accept_path[2048]; - char inc_cfg_dir[2048]; - char ful_cfg_dir[2048]; char json_cfg_file[2048]; char foreign_cont_dir[2048]; @@ -58,10 +59,6 @@ struct policy_enforcer { struct policy_config config; struct maat *maat; - - int compile_table_id; // SERVICE_CHAINING_COMPILE table id - int sff_table_id; // SERVICE_FUNCTION_FORWARDER_PROFILE table id - int sf_table_id; // SERVICE_FUNCTION_PROFILE table id }; /****************************************************************************** @@ -70,13 +67,12 @@ struct policy_enforcer struct chaining_param { - uint64_t rule_id; + uuid_t rule_uuid; int ref_cnt; int vsys_id; enum traffic_type traffic_type; - int *sff_profile_ids; - int sff_profile_ids_num; + struct uuid_array sff_uuid_array; }; /****************************************************************************** @@ -117,15 +113,14 @@ struct load_balance struct sff_param { - int sff_profile_id; + uuid_t sff_uuid; int sff_ref_cnt; enum forward_type sff_forward_type; struct load_balance sff_ldbc; struct exception sff_exception; - int *sf_profile_ids; - int sf_profile_ids_num; + struct uuid_array sf_uuid_array; }; /****************************************************************************** @@ -153,7 +148,7 @@ struct effective_range struct sf_param { int sf_vsys_id; - int sf_profile_id; + uuid_t sf_uuid; int sf_ref_cnt; enum admin_status sf_admin_status; @@ -268,8 +263,6 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co MESA_load_profile_string_def(profile, "MAAT", "stat_file", config->stat_file, sizeof(config->stat_file), "log/maat.fs2"); MESA_load_profile_string_def(profile, "MAAT", "table_info", config->table_info, sizeof(config->table_info), "resource/table_info.conf"); MESA_load_profile_string_def(profile, "MAAT", "accept_path", config->accept_path, sizeof(config->accept_path), "/opt/tsg/etc/tsg_device_tag.json"); - MESA_load_profile_string_def(profile, "MAAT", "inc_cfg_dir", config->inc_cfg_dir, sizeof(config->inc_cfg_dir), "resource/inc/"); - MESA_load_profile_string_def(profile, "MAAT", "ful_cfg_dir", config->ful_cfg_dir, sizeof(config->ful_cfg_dir), "resource/ful/"); MESA_load_profile_string_def(profile, "MAAT", "json_cfg_file", config->json_cfg_file, sizeof(config->json_cfg_file), "resource/sce.json"); MESA_load_profile_string_def(profile, "MAAT", "foreign_cont_dir", config->foreign_cont_dir, sizeof(config->foreign_cont_dir), "resource/sce_files"); @@ -284,7 +277,7 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co parser_effective_range(config->accept_tags, config->data_center, config->device_group); } - LOG_DEBUG("%s: MAAT->input_mode : %s", LOG_TAG_POLICY, (config->input_mode == MAAT_INPUT_REDIS ? "redis" : (config->input_mode == MAAT_INPUT_JSON ? "json" : (config->input_mode == MAAT_INPUT_FILE ? "file" : "unknown")))); + LOG_DEBUG("%s: MAAT->input_mode : %s", LOG_TAG_POLICY, (config->input_mode == MAAT_INPUT_REDIS ? "redis" : "json")); LOG_DEBUG("%s: MAAT->log_level : %d", LOG_TAG_POLICY, config->log_level); LOG_DEBUG("%s: MAAT->stat_switch : %d", LOG_TAG_POLICY, config->stat_switch); LOG_DEBUG("%s: MAAT->perf_switch : %d", LOG_TAG_POLICY, config->perf_switch); @@ -297,8 +290,6 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co LOG_DEBUG("%s: MAAT->accept_tags : %s", LOG_TAG_POLICY, config->accept_tags); LOG_DEBUG("%s: MAAT->device_group : %s", LOG_TAG_POLICY, config->device_group); LOG_DEBUG("%s: MAAT->data_center : %s", LOG_TAG_POLICY, config->data_center); - LOG_DEBUG("%s: MAAT->inc_cfg_dir : %s", LOG_TAG_POLICY, config->inc_cfg_dir); - LOG_DEBUG("%s: MAAT->ful_cfg_dir : %s", LOG_TAG_POLICY, config->ful_cfg_dir); LOG_DEBUG("%s: MAAT->json_cfg_file : %s", LOG_TAG_POLICY, config->json_cfg_file); LOG_DEBUG("%s: MAAT->foreign_cont_dir : %s", LOG_TAG_POLICY, config->foreign_cont_dir); @@ -312,24 +303,17 @@ static void policy_enforcer_config(const char *profile, struct policy_config *co * Private API -- MAAT Callback ******************************************************************************/ -static void chaining_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp) +static void chaining_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp) { int iter = 0; cJSON *json = NULL; + cJSON *object = NULL; + cJSON *array = NULL; cJSON *item = NULL; - cJSON *element = NULL; - size_t user_region_offset = 0; - size_t user_region_len = 0; + uuid_t sff_uuid; struct chaining_param *param = NULL; - if (maat_helper_read_column(table_line, 7, &user_region_offset, &user_region_len) < 0) - { - LOG_ERROR("%s: unexpected chaining rule: (invalid user region) %s", LOG_TAG_POLICY, table_line); - return; - } - - char *json_str = (char *)calloc(user_region_len + 1, sizeof(char)); - memcpy(json_str, table_line + user_region_offset, user_region_len); + char *json_str = strdup(table_line); json = cJSON_Parse(json_str); if (json == NULL) { @@ -338,21 +322,30 @@ static void chaining_param_new_cb(const char *table_name, int table_id, const ch } param = (struct chaining_param *)calloc(1, sizeof(struct chaining_param)); - param->rule_id = *((uint64_t *)key); + uuid_parse(key, param->rule_uuid); + uuid_array_init(¶m->sff_uuid_array); param->ref_cnt = 1; + // action_parameter + object = cJSON_GetObjectItem(json, "action_parameter"); + if (!object || !cJSON_IsObject(object)) + { + LOG_ERROR("%s: unexpected chaining rule: (invalid action_parameter param) %s", LOG_TAG_POLICY, table_line); + goto error_out; + } + // vsys_id - item = cJSON_GetObjectItem(json, "vsys_id"); + item = cJSON_GetObjectItem(object, "vsys_id"); if (!item || !cJSON_IsNumber(item)) { LOG_ERROR("%s: unexpected chaining rule: (invalid vsys_id param) %s", LOG_TAG_POLICY, table_line); goto error_out; } param->vsys_id = item->valueint; - LOG_DEBUG("%s: parse chaining rule: %lu, vsys_id: %d", LOG_TAG_POLICY, param->rule_id, param->vsys_id); + LOG_DEBUG("%s: parse chaining rule: %s, vsys_id: %d", LOG_TAG_POLICY, key, param->vsys_id); // targeted_traffic - item = cJSON_GetObjectItem(json, "targeted_traffic"); + item = cJSON_GetObjectItem(object, "targeted_traffic"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line); @@ -371,32 +364,39 @@ static void chaining_param_new_cb(const char *table_name, int table_id, const ch LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_tostring(param->traffic_type)); + LOG_DEBUG("%s: parse chaining rule: %s, targeted_traffic: %s", LOG_TAG_POLICY, key, traffic_type_tostring(param->traffic_type)); // sff_profiles - item = cJSON_GetObjectItem(json, "sff_profiles"); - if (!item || !cJSON_IsArray(item) || !cJSON_GetArraySize(item)) + array = cJSON_GetObjectItem(object, "sff_profiles"); + if (!array || !cJSON_IsArray(array) || !cJSON_GetArraySize(array)) { LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - param->sff_profile_ids_num = cJSON_GetArraySize(item); - param->sff_profile_ids = (int *)calloc(param->sff_profile_ids_num, sizeof(int)); - cJSON_ArrayForEach(element, item) + cJSON_ArrayForEach(item, array) { - if (!cJSON_IsNumber(element)) + if (!cJSON_IsString(item)) { LOG_ERROR("%s: unexpected chaining rule: (invalid sff_profiles param) %s", LOG_TAG_POLICY, table_line); continue; } - LOG_DEBUG("%s: parse chaining rule: %lu, sff_profiles[%d/%d]: %d", LOG_TAG_POLICY, param->rule_id, iter, param->sff_profile_ids_num, element->valueint); - param->sff_profile_ids[iter] = element->valueint; + if (uuid_array_is_full(¶m->sff_uuid_array)) + { + LOG_ERROR("%s: unexpected chaining rule: (sff_profiles is full) %s", LOG_TAG_POLICY, table_line); + break; + } + + LOG_DEBUG("%s: parse chaining rule: %s, sff_profiles[%d]: %s", LOG_TAG_POLICY, key, iter, item->valuestring); + + uuid_parse(item->valuestring, sff_uuid); + uuid_array_append(¶m->sff_uuid_array, sff_uuid); + iter++; } *ad = param; - LOG_INFO("%s: Add chaining rule: %lu", LOG_TAG_POLICY, param->rule_id); + LOG_INFO("%s: Add chaining rule: %s", LOG_TAG_POLICY, key); cJSON_Delete(json); free(json_str); @@ -417,17 +417,12 @@ error_out: if (param) { - if (param->sff_profile_ids) - { - free(param->sff_profile_ids); - param->sff_profile_ids = NULL; - } free(param); param = NULL; } } -static void chaining_param_free_cb(int table_id, void **ad, long argl, void *argp) +static void chaining_param_free_cb(const char *table_name, void **ad, long argl, void *argp) { struct chaining_param *param = (struct chaining_param *)*ad; if (param == NULL) @@ -437,12 +432,10 @@ static void chaining_param_free_cb(int table_id, void **ad, long argl, void *arg if ((__sync_sub_and_fetch(¶m->ref_cnt, 1) == 0)) { - LOG_INFO("%s: Del chaining rule: %lu", LOG_TAG_POLICY, param->rule_id); - if (param->sff_profile_ids) - { - free(param->sff_profile_ids); - param->sff_profile_ids = NULL; - } + char rule_uuid_str[UUID_STRING_SIZE] = {0}; + uuid_unparse(param->rule_uuid, rule_uuid_str); + LOG_INFO("%s: Del chaining rule: %s", LOG_TAG_POLICY, rule_uuid_str); + free(param); param = NULL; @@ -450,7 +443,7 @@ static void chaining_param_free_cb(int table_id, void **ad, long argl, void *arg } } -static void chaining_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp) +static void chaining_param_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp) { struct chaining_param *param = (struct chaining_param *)*from; if (param) @@ -466,68 +459,74 @@ static void chaining_param_dup_cb(int table_id, void **to, void **from, long arg static void chaining_param_free(struct chaining_param *param) { - chaining_param_free_cb(0, (void **)¶m, 0, NULL); + chaining_param_free_cb(NULL, (void **)¶m, 0, NULL); } -static void sff_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp) +static void sff_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp) { int iter = 0; - struct sff_param *param = NULL; - cJSON *root1 = NULL; - cJSON *root2 = NULL; + cJSON *json = NULL; + cJSON *object = NULL; + cJSON *array = NULL; cJSON *item = NULL; + uuid_t sf_uuid; + struct sff_param *param = NULL; - int profile_id = 0; - int type = 0; - char load_balance_method[32] = {0}; - char load_balance_localization[8] = {0}; - char failure_action[16] = {0}; - char unavailability_action[64] = {0}; - char service_func_profiles[128] = {0}; - int is_valid = 0; - - if (sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%s\t%s\t%d", - &profile_id, &type, - load_balance_method, load_balance_localization, failure_action, unavailability_action, service_func_profiles, - &is_valid) != 8) - { - LOG_ERROR("%s: unexpected sff profile: %s", LOG_TAG_POLICY, table_line); - return; + char *json_str = strdup(table_line); + json = cJSON_Parse(json_str); + if (json == NULL) + { + LOG_ERROR("%s: unexpected sff profile: (invalid json format) %s", LOG_TAG_POLICY, table_line); + goto error_out; } param = (struct sff_param *)calloc(1, sizeof(struct sff_param)); - param->sff_profile_id = *((int *)key); + uuid_parse(key, param->sff_uuid); + uuid_array_init(¶m->sf_uuid_array); param->sff_ref_cnt = 1; // type - switch (type) + item = cJSON_GetObjectItem(json, "type"); + if (!item || !cJSON_IsNumber(item)) + { + LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line); + goto error_out; + } + if (item->valueint == 1) { - case 1: param->sff_forward_type = FORWARD_TYPE_STEERING; - break; - case 2: + } + else if (item->valueint == 2) + { param->sff_forward_type = FORWARD_TYPE_MIRRORING; - break; - default: + } + else + { LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sff profile: %d, type: %s", LOG_TAG_POLICY, param->sff_profile_id, forward_type_tostring(param->sff_forward_type)); + LOG_DEBUG("%s: parse sff profile: %s, type: %s", LOG_TAG_POLICY, key, forward_type_tostring(param->sff_forward_type)); // load_balance_method - if (0 == strcasecmp(load_balance_method, "hash-int-ip")) + item = cJSON_GetObjectItem(json, "load_balance_method"); + if (!item || !cJSON_IsString(item)) + { + LOG_ERROR("%s: unexpected sff profile: (invalid load_balance_method param) %s", LOG_TAG_POLICY, table_line); + goto error_out; + } + if (0 == strcasecmp(item->valuestring, "hash-int-ip")) { param->sff_ldbc.method = LDBC_METHOD_HASH_INT_IP; } - else if (0 == strcasecmp(load_balance_method, "hash-ext-ip")) + else if (0 == strcasecmp(item->valuestring, "hash-ext-ip")) { param->sff_ldbc.method = LDBC_METHOD_HASH_EXT_IP; } - else if (0 == strcasecmp(load_balance_method, "hash-int-ip-and-ext-ip")) + else if (0 == strcasecmp(item->valuestring, "hash-int-ip-and-ext-ip")) { param->sff_ldbc.method = LDBC_METHOD_HASH_INT_IP_AND_EXT_IP; } - else if (0 == strcasecmp(load_balance_method, "hash-innermost-int-ip")) + else if (0 == strcasecmp(item->valuestring, "hash-innermost-int-ip")) { param->sff_ldbc.method = LDBC_METHOD_HASH_INNERMOST_INT_IP; } @@ -537,14 +536,20 @@ static void sff_param_new_cb(const char *table_name, int table_id, const char *k LOG_ERROR("%s: unexpected sff profile: (invalid load_balance_method param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sff profile: %d, load_balance_method: %s", LOG_TAG_POLICY, param->sff_profile_id, load_balance_method); + LOG_DEBUG("%s: parse sff profile: %s, load_balance_method: %s", LOG_TAG_POLICY, key, item->valuestring); // load_balance_localization - if (0 == strcasecmp(load_balance_localization, "nearby")) + item = cJSON_GetObjectItem(json, "load_balance_localization"); + if (!item || !cJSON_IsString(item)) + { + LOG_ERROR("%s: unexpected sff profile: (invalid load_balance_localization param) %s", LOG_TAG_POLICY, table_line); + goto error_out; + } + if (0 == strcasecmp(item->valuestring, "nearby")) { param->sff_ldbc.localiza = LDBC_LOCALIZATION_NEARBY; } - else if (0 == strcasecmp(load_balance_localization, "global")) + else if (0 == strcasecmp(item->valuestring, "global")) { param->sff_ldbc.localiza = LDBC_LOCALIZATION_GLOBAL; } @@ -553,18 +558,24 @@ static void sff_param_new_cb(const char *table_name, int table_id, const char *k LOG_ERROR("%s: unexpected sff profile: (invalid load_balance_localization param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sff profile: %d, load_balance_localization: %s", LOG_TAG_POLICY, param->sff_profile_id, load_balance_localization); + LOG_DEBUG("%s: parse sff profile: %s, load_balance_localization: %s", LOG_TAG_POLICY, key, item->valuestring); // failure_action - if (0 == strcasecmp(failure_action, "bypass")) + item = cJSON_GetObjectItem(json, "failure_action"); + if (!item || !cJSON_IsString(item)) + { + LOG_ERROR("%s: unexpected sff profile: (invalid failure_action param) %s", LOG_TAG_POLICY, table_line); + goto error_out; + } + if (0 == strcasecmp(item->valuestring, "bypass")) { param->sff_exception.fail_action = FAILURE_ACTION_BYPASS; } - else if (0 == strcasecmp(failure_action, "block")) + else if (0 == strcasecmp(item->valuestring, "block")) { param->sff_exception.fail_action = FAILURE_ACTION_BLOCK; } - else if (0 == strcasecmp(failure_action, "re-dispatch")) + else if (0 == strcasecmp(item->valuestring, "re-dispatch")) { param->sff_exception.fail_action = FAILURE_ACTION_RE_DISPATCH; } @@ -573,18 +584,18 @@ static void sff_param_new_cb(const char *table_name, int table_id, const char *k LOG_ERROR("%s: unexpected sff profile: (invalid failure_action param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sff profile: %d, failure_action: %s", LOG_TAG_POLICY, param->sff_profile_id, failure_action); + LOG_DEBUG("%s: parse sff profile: %s, failure_action: %s", LOG_TAG_POLICY, key, item->valuestring); // unavailability_action if (param->sff_exception.fail_action == FAILURE_ACTION_RE_DISPATCH) { - root1 = cJSON_Parse(unavailability_action); - if (root1 == NULL) + object = cJSON_GetObjectItem(json, "unavailability_action"); + if (!object || !cJSON_IsObject(object)) { LOG_ERROR("%s: unexpected sff profile: (invalid unavailability_action param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - item = cJSON_GetObjectItem(root1, "action"); + item = cJSON_GetObjectItem(object, "action"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line); @@ -603,70 +614,73 @@ static void sff_param_new_cb(const char *table_name, int table_id, const char *k LOG_ERROR("%s: unexpected chaining rule: (invalid unavailability_action->action param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sff profile: %d, unavailability_action->action: %s", LOG_TAG_POLICY, param->sff_profile_id, item->valuestring); + LOG_DEBUG("%s: parse sff profile: %s, unavailability_action->action: %s", LOG_TAG_POLICY, key, item->valuestring); - item = cJSON_GetObjectItem(root1, "health_service_func_lt"); + item = cJSON_GetObjectItem(object, "health_service_func_lt"); if (item && cJSON_IsNumber(item)) { param->sff_exception.health_service_func_lt = item->valueint; - LOG_DEBUG("%s: parse sff profile: %d, unavailability_action->health_service_func_lt: %d", LOG_TAG_POLICY, param->sff_profile_id, item->valueint); + LOG_DEBUG("%s: parse sff profile: %s, unavailability_action->health_service_func_lt: %d", LOG_TAG_POLICY, key, item->valueint); } } // service_func_profiles - root2 = cJSON_Parse(service_func_profiles); - if (root2 == NULL || !cJSON_IsArray(root2) || !cJSON_GetArraySize(root2)) + array = cJSON_GetObjectItem(json, "service_func_profiles"); + if (array == NULL || !cJSON_IsArray(array) || !cJSON_GetArraySize(array)) { LOG_ERROR("%s: unexpected sff profile: (invalid service_func_profiles param) %s", LOG_TAG_POLICY, table_line); - return; + goto error_out; } - param->sf_profile_ids_num = cJSON_GetArraySize(root2); - param->sf_profile_ids = (int *)calloc(param->sf_profile_ids_num, sizeof(int)); - cJSON_ArrayForEach(item, root2) + cJSON_ArrayForEach(item, array) { - if (!cJSON_IsNumber(item)) + if (!cJSON_IsString(item)) { LOG_ERROR("%s: unexpected sff profile: (invalid service_func_profiles param) %s", LOG_TAG_POLICY, table_line); continue; } - LOG_DEBUG("%s: parse sff profile: %d, service_func_profiles[%d/%d] = %d", LOG_TAG_POLICY, param->sff_profile_id, iter, param->sf_profile_ids_num, item->valueint); - param->sf_profile_ids[iter] = item->valueint; + + if (uuid_array_is_full(¶m->sf_uuid_array)) + { + LOG_ERROR("%s: unexpected sff profile: (service_func_profiles is full) %s", LOG_TAG_POLICY, table_line); + break; + } + + LOG_DEBUG("%s: parse sff profile: %s, service_func_profiles[%d] = %s", LOG_TAG_POLICY, key, iter, item->valuestring); + + uuid_parse(item->valuestring, sf_uuid); + uuid_array_append(¶m->sf_uuid_array, sf_uuid); + iter++; } *ad = param; - LOG_INFO("%s: Add sff profile: %d", LOG_TAG_POLICY, param->sff_profile_id); + LOG_INFO("%s: Add sff profile: %s", LOG_TAG_POLICY, key); - cJSON_Delete(root1); - cJSON_Delete(root2); + cJSON_Delete(json); + free(json_str); return; error_out: - if (root1) + if (json) { - cJSON_Delete(root1); - root1 = NULL; + cJSON_Delete(json); + json = NULL; } - if (root2) + if (json_str) { - cJSON_Delete(root2); - root2 = NULL; + free(json_str); + json_str = NULL; } if (param) { - if (param->sf_profile_ids) - { - free(param->sf_profile_ids); - param->sf_profile_ids = NULL; - } free(param); param = NULL; } } -static void sff_param_free_cb(int table_id, void **ad, long argl, void *argp) +static void sff_param_free_cb(const char *table_name, void **ad, long argl, void *argp) { struct sff_param *param = (struct sff_param *)*ad; if (param == NULL) @@ -676,12 +690,10 @@ static void sff_param_free_cb(int table_id, void **ad, long argl, void *argp) if ((__sync_sub_and_fetch(¶m->sff_ref_cnt, 1) == 0)) { - LOG_INFO("%s: Del sff profile: %d", LOG_TAG_POLICY, param->sff_profile_id); - if (param->sf_profile_ids) - { - free(param->sf_profile_ids); - param->sf_profile_ids = NULL; - } + char sff_uuid_str[UUID_STRING_SIZE] = {0}; + uuid_unparse(param->sff_uuid, sff_uuid_str); + LOG_INFO("%s: Del sff profile: %s", LOG_TAG_POLICY, sff_uuid_str); + free(param); param = NULL; @@ -689,7 +701,7 @@ static void sff_param_free_cb(int table_id, void **ad, long argl, void *argp) } } -static void sff_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp) +static void sff_param_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp) { struct sff_param *param = (struct sff_param *)*from; if (param) @@ -705,45 +717,45 @@ static void sff_param_dup_cb(int table_id, void **to, void **from, long argl, vo static void sff_param_free(struct sff_param *param) { - sff_param_free_cb(0, (void **)¶m, 0, NULL); + sff_param_free_cb(NULL, (void **)¶m, 0, NULL); } -static void sf_param_new_cb(const char *table_name, int table_id, const char *key, const char *table_line, void **ad, long argl, void *argp) +static void sf_param_new_cb(const char *table_name, const char *key, const char *table_line, void **ad, long argl, void *argp) { - struct sf_param *param = NULL; - cJSON *root0 = NULL; - cJSON *root1 = NULL; - cJSON *root2 = NULL; + cJSON *json = NULL; + cJSON *object = NULL; cJSON *item = NULL; + struct sf_param *param = NULL; - int vsys_id = 0; - int is_valid = 0; - int profile_id = 0; - int admin_status = 0; - char connectivity[128] = {0}; - char health_check[128] = {0}; - char device_group[EFFECTIVE_RANGE_MAX_SIZE] = {0}; - - if (sscanf(table_line, "%d\t%s\t%d\t%s\t%s\t%d\t%d", - &profile_id, device_group, &admin_status, connectivity, health_check, &vsys_id, &is_valid) != 7) + char *json_str = strdup(table_line); + json = cJSON_Parse(json_str); + if (json == NULL) { - LOG_ERROR("%s: unexpected sf profile: %s", LOG_TAG_POLICY, table_line); - return; + LOG_ERROR("%s: unexpected sf profile: (invalid json format) %s", LOG_TAG_POLICY, table_line); + goto error_out; } param = (struct sf_param *)calloc(1, sizeof(struct sf_param)); - param->sf_vsys_id = vsys_id; - param->sf_profile_id = *((int *)key); + uuid_parse(key, param->sf_uuid); param->sf_ref_cnt = 1; + // vsys_id + item = cJSON_GetObjectItem(json, "vsys_id"); + if (!item || !cJSON_IsNumber(item)) + { + LOG_ERROR("%s: unexpected sf profile: (invalid vsys_id param) %s", LOG_TAG_POLICY, table_line); + goto error_out; + } + param->sf_vsys_id = item->valueint; + // device_group - root0 = cJSON_Parse(device_group); - if (root0 == NULL) + object = cJSON_GetObjectItem(json, "device_group"); + if (!object || !cJSON_IsObject(object)) { LOG_ERROR("%s: unexpected sf profile: (invalid device_group param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - item = cJSON_GetObjectItem(root0, "tag"); + item = cJSON_GetObjectItem(object, "tag"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid device_group->tag param) %s", LOG_TAG_POLICY, table_line); @@ -762,39 +774,45 @@ static void sf_param_new_cb(const char *table_name, int table_id, const char *ke LOG_ERROR("%s: unexpected sf profile: (invalid device_group->tag param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - item = cJSON_GetObjectItem(root0, "value"); + item = cJSON_GetObjectItem(object, "value"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid device_group->value param) %s", LOG_TAG_POLICY, table_line); goto error_out; } memcpy(param->sf_effective_range.value, item->valuestring, MIN(strlen(item->valuestring), EFFECTIVE_RANGE_MAX_SIZE)); - LOG_DEBUG("%s: parse sf profile: %d, device_group->tag: %s, device_group->value: %s", LOG_TAG_POLICY, param->sf_profile_id, effective_type_to_string(param->sf_effective_range.type), param->sf_effective_range.value); + LOG_DEBUG("%s: parse sf profile: %s, device_group->tag: %s, device_group->value: %s", LOG_TAG_POLICY, key, effective_type_to_string(param->sf_effective_range.type), param->sf_effective_range.value); // admin_status - switch (admin_status) + item = cJSON_GetObjectItem(json, "admin_status"); + if (!item || !cJSON_IsNumber(item)) + { + LOG_ERROR("%s: unexpected sf profile: (invalid admin_status param) %s", LOG_TAG_POLICY, table_line); + goto error_out; + } + if (item->valueint == 1) { - case 1: param->sf_admin_status = ADMMIN_STATUS_ACTIVE; - break; - case 0: + } + else if (item->valueint == 0) + { param->sf_admin_status = ADMMIN_STATUS_INACTIVE; - break; - default: + } + else + { LOG_ERROR("%s: unexpected sf profile: (invalid admin_status param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sf profile: %d, admin_status: %s", LOG_TAG_POLICY, param->sf_profile_id, admin_status_to_string(param->sf_admin_status)); + LOG_DEBUG("%s: parse sf profile: %s, admin_status: %s", LOG_TAG_POLICY, key, admin_status_to_string(param->sf_admin_status)); // connectivity - root1 = cJSON_Parse(connectivity); - if (root1 == NULL) + object = cJSON_GetObjectItem(json, "connectivity"); + if (!object || !cJSON_IsObject(object)) { LOG_ERROR("%s: unexpected sf profile: (invalid connectivity param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - - item = cJSON_GetObjectItem(root1, "method"); + item = cJSON_GetObjectItem(object, "method"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line); @@ -817,48 +835,48 @@ static void sf_param_new_cb(const char *table_name, int table_id, const char *ke LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, encapsulate_method_tostring(param->sf_connectivity.method)); + LOG_DEBUG("%s: parse sf profile: %s, connectivity->method: %s", LOG_TAG_POLICY, key, encapsulate_method_tostring(param->sf_connectivity.method)); if (param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER2_SWITCH || param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER3_SWITCH) { - item = cJSON_GetObjectItem(root1, "int_vlan_tag"); + item = cJSON_GetObjectItem(object, "int_vlan_tag"); if (!item || !cJSON_IsNumber(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->int_vlan_tag param) %s", LOG_TAG_POLICY, table_line); goto error_out; } param->sf_connectivity.int_vlan_tag = item->valueint; - LOG_DEBUG("%s: parse sf profile: %d, connectivity->int_vlan_tag: %d", LOG_TAG_POLICY, param->sf_profile_id, item->valueint); + LOG_DEBUG("%s: parse sf profile: %s, connectivity->int_vlan_tag: %d", LOG_TAG_POLICY, key, item->valueint); - item = cJSON_GetObjectItem(root1, "ext_vlan_tag"); + item = cJSON_GetObjectItem(object, "ext_vlan_tag"); if (!item || !cJSON_IsNumber(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->ext_vlan_tag param) %s", LOG_TAG_POLICY, table_line); goto error_out; } param->sf_connectivity.ext_vlan_tag = item->valueint; - LOG_DEBUG("%s: parse sf profile: %d, connectivity->ext_vlan_tag: %d", LOG_TAG_POLICY, param->sf_profile_id, item->valueint); + LOG_DEBUG("%s: parse sf profile: %s, connectivity->ext_vlan_tag: %d", LOG_TAG_POLICY, key, item->valueint); } else if (param->sf_connectivity.method == ENCAPSULATE_METHOD_VXLAN_G) { - item = cJSON_GetObjectItem(root1, "dest_ip"); + item = cJSON_GetObjectItem(object, "dest_ip"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->dest_ip param) %s", LOG_TAG_POLICY, table_line); goto error_out; } memcpy(param->sf_connectivity.dest_ip, item->valuestring, strlen(item->valuestring)); - LOG_DEBUG("%s: parse sf profile: %d, connectivity->dest_ip: %s", LOG_TAG_POLICY, param->sf_profile_id, item->valuestring); + LOG_DEBUG("%s: parse sf profile: %s, connectivity->dest_ip: %s", LOG_TAG_POLICY, key, item->valuestring); } // health_check - root2 = cJSON_Parse(health_check); - if (root2 == NULL) + object = cJSON_GetObjectItem(json, "health_check"); + if (!object || !cJSON_IsObject(object)) { LOG_ERROR("%s: unexpected sf profile: (invalid health_check param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - item = cJSON_GetObjectItem(root2, "method"); + item = cJSON_GetObjectItem(object, "method"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid health_check->method param) %s", LOG_TAG_POLICY, table_line); @@ -885,7 +903,7 @@ static void sf_param_new_cb(const char *table_name, int table_id, const char *ke LOG_ERROR("%s: unexpected sf profile: (invalid health_check->method param) %s", LOG_TAG_POLICY, table_line); goto error_out; } - LOG_DEBUG("%s: parse sf profile: %d, health_check->method: %s", LOG_TAG_POLICY, param->sf_profile_id, item->valuestring); + LOG_DEBUG("%s: parse sf profile: %s, health_check->method: %s", LOG_TAG_POLICY, key, item->valuestring); if ((param->sf_health_check.method == HEALTH_CHECK_METHOD_BFD && param->sf_connectivity.method == ENCAPSULATE_METHOD_VXLAN_G) || (param->sf_health_check.method == HEALTH_CHECK_METHOD_NONE && param->sf_connectivity.method == ENCAPSULATE_METHOD_VXLAN_G)) @@ -895,66 +913,59 @@ static void sf_param_new_cb(const char *table_name, int table_id, const char *ke if (param->sf_health_check.method == HEALTH_CHECK_METHOD_HTTP) { - item = cJSON_GetObjectItem(root2, "url"); + item = cJSON_GetObjectItem(object, "url"); if (!item || !cJSON_IsString(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid health_check->url param) %s", LOG_TAG_POLICY, table_line); goto error_out; } memcpy(param->sf_health_check.url, item->valuestring, strlen(item->valuestring)); - LOG_DEBUG("%s: parse sf profile: %d, health_check->url: %s", LOG_TAG_POLICY, param->sf_profile_id, item->valuestring); + LOG_DEBUG("%s: parse sf profile: %s, health_check->url: %s", LOG_TAG_POLICY, key, item->valuestring); } if (param->sf_health_check.method == HEALTH_CHECK_METHOD_HTTP || param->sf_health_check.method == HEALTH_CHECK_METHOD_BFD || param->sf_health_check.method == HEALTH_CHECK_METHOD_IN_BAND_BFD) { - item = cJSON_GetObjectItem(root2, "interval_ms"); + item = cJSON_GetObjectItem(object, "interval_ms"); if (!item || !cJSON_IsNumber(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid health_check->interval_ms param) %s", LOG_TAG_POLICY, table_line); goto error_out; } param->sf_health_check.interval_ms = item->valueint; - LOG_DEBUG("%s: parse sf profile: %d, health_check->interval_ms: %d", LOG_TAG_POLICY, param->sf_profile_id, item->valueint); + LOG_DEBUG("%s: parse sf profile: %s, health_check->interval_ms: %d", LOG_TAG_POLICY, key, item->valueint); - item = cJSON_GetObjectItem(root2, "retires"); + item = cJSON_GetObjectItem(object, "retires"); if (!item || !cJSON_IsNumber(item)) { LOG_ERROR("%s: unexpected sf profile: (invalid health_check->retires param) %s", LOG_TAG_POLICY, table_line); goto error_out; } param->sf_health_check.retires = item->valueint; - LOG_DEBUG("%s: parse sf profile: %d, health_check->retires: %d", LOG_TAG_POLICY, param->sf_profile_id, item->valueint); + LOG_DEBUG("%s: parse sf profile: %s, health_check->retires: %d", LOG_TAG_POLICY, key, item->valueint); } if (param->sf_connectivity.method != ENCAPSULATE_METHOD_LAYER2_SWITCH) { - param->health_check_session_id = health_check_session_add(param->sf_profile_id, param->sf_vsys_id, ¶m->sf_health_check); + param->health_check_session_id = health_check_session_add(¶m->sf_uuid, param->sf_vsys_id, ¶m->sf_health_check); } *ad = param; - LOG_INFO("%s: Add sf profile: %d", LOG_TAG_POLICY, param->sf_profile_id); + LOG_INFO("%s: Add sf profile: %s", LOG_TAG_POLICY, key); - cJSON_Delete(root0); - cJSON_Delete(root1); - cJSON_Delete(root2); + cJSON_Delete(json); + free(json_str); return; error_out: - if (root0) - { - cJSON_Delete(root0); - root0 = NULL; - } - - if (root1) + if (json) { - cJSON_Delete(root1); - root1 = NULL; + cJSON_Delete(json); + json = NULL; } - if (root2) + if (json_str) { - cJSON_Delete(root2); - root2 = NULL; + free(json_str); + json_str = NULL; } if (param) @@ -964,7 +975,7 @@ error_out: } } -static void sf_param_free_cb(int table_id, void **ad, long argl, void *argp) +static void sf_param_free_cb(const char *table_name, void **ad, long argl, void *argp) { struct sf_param *param = (struct sf_param *)*ad; if (param == NULL) @@ -976,9 +987,13 @@ static void sf_param_free_cb(int table_id, void **ad, long argl, void *argp) { if (param->sf_connectivity.method != ENCAPSULATE_METHOD_LAYER2_SWITCH) { - health_check_session_del(param->health_check_session_id, param->sf_profile_id, param->sf_vsys_id); + health_check_session_del(param->health_check_session_id, ¶m->sf_uuid, param->sf_vsys_id); } - LOG_INFO("%s: Del sf profile: %d", LOG_TAG_POLICY, param->sf_profile_id); + + char sf_uuid_str[UUID_STRING_SIZE] = {0}; + uuid_unparse(param->sf_uuid, sf_uuid_str); + LOG_INFO("%s: Del sf profile: %s", LOG_TAG_POLICY, sf_uuid_str); + free(param); param = NULL; @@ -986,7 +1001,7 @@ static void sf_param_free_cb(int table_id, void **ad, long argl, void *argp) } } -static void sf_param_dup_cb(int table_id, void **to, void **from, long argl, void *argp) +static void sf_param_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp) { struct sf_param *param = (struct sf_param *)*from; if (param) @@ -1002,7 +1017,7 @@ static void sf_param_dup_cb(int table_id, void **to, void **from, long argl, voi static void sf_param_free(struct sf_param *param) { - sf_param_free_cb(0, (void **)¶m, 0, NULL); + sf_param_free_cb(NULL, (void **)¶m, 0, NULL); } /****************************************************************************** @@ -1015,11 +1030,11 @@ static void selected_sf_init(struct selected_sf *selected_sf) { memset(selected_sf, 0, sizeof(struct selected_sf)); selected_sf->rule_vsys_id = 0; - selected_sf->rule_id = 0; + uuid_clear(selected_sf->rule_uuid); selected_sf->traffic_type = TRAFFIC_TYPE_NONE; - selected_sf->sff_profile_id = -1; + uuid_clear(selected_sf->sff_uuid); selected_sf->sff_forward_type = FORWARD_TYPE_NONE; - selected_sf->sf_profile_id = -1; + uuid_clear(selected_sf->sf_uuid); selected_sf->sf_action = SESSION_ACTION_BYPASS; selected_sf->sf_action_desc = ACTION_BYPASS_DUE_DEFAULT; } @@ -1028,7 +1043,7 @@ static void selected_sf_init(struct selected_sf *selected_sf) static void selected_sf_set_info(struct selected_sf *selected_sf, struct sf_param *sf_param) { selected_sf->sf_vsys_id = sf_param->sf_vsys_id; - selected_sf->sf_profile_id = sf_param->sf_profile_id; + uuid_copy(selected_sf->sf_uuid, sf_param->sf_uuid); selected_sf->sf_connectivity = sf_param->sf_connectivity; if (selected_sf->sf_connectivity.method == ENCAPSULATE_METHOD_VXLAN_G) @@ -1173,6 +1188,7 @@ static int handle_fail_action(struct exception *sff_exception, struct selected_s static void select_sf_by_ldbc(struct sff_param *sff_param, struct selected_sf *selected_sf, struct session_ctx *s_ctx, UT_array *sf_array, uint64_t hash) { + char sf_uuid_str[UUID_STRING_SIZE] = {0}; struct thread_metrics *thread_metrics = &s_ctx->ref_thread_ctx->thread_metrics; while (utarray_len(sf_array)) @@ -1180,9 +1196,10 @@ static void select_sf_by_ldbc(struct sff_param *sff_param, struct selected_sf *s unsigned int sf_index = (unsigned int)(hash % utarray_len(sf_array)); struct sf_param *sf_param = (struct sf_param *)utarray_eltptr(sf_array, sf_index); + uuid_unparse(sf_param->sf_uuid, sf_uuid_str); if (sf_param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER2_SWITCH) { - LOG_INFO("%s: session %lu %s select sf by ldbc, sf_profile_id %d to be selected", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_param->sf_profile_id); + LOG_INFO("%s: session %lu %s select sf by ldbc, sf_uuid %s to be selected", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_uuid_str); selected_sf_set_action(selected_sf, ACTION_FORWAED_DUE_SELECTED_SF); selected_sf_set_info(selected_sf, sf_param); return; @@ -1192,7 +1209,7 @@ static void select_sf_by_ldbc(struct sff_param *sff_param, struct selected_sf *s if (health_check_session_get_mac(sf_param->health_check_session_id, selected_sf->sf_dst_mac) == 0) { ATOMIC_INC(&(thread_metrics->sf_active)); - LOG_INFO("%s: session %lu %s select sf by ldbc, sf_profile_id %d to be selected", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_param->sf_profile_id); + LOG_INFO("%s: session %lu %s select sf by ldbc, sf_uuid %s to be selected", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_uuid_str); selected_sf_set_action(selected_sf, ACTION_FORWAED_DUE_SELECTED_SF); selected_sf_set_info(selected_sf, sf_param); return; @@ -1202,13 +1219,13 @@ static void select_sf_by_ldbc(struct sff_param *sff_param, struct selected_sf *s ATOMIC_INC(&(thread_metrics->sf_inactive)); if (handle_fail_action(&sff_param->sff_exception, selected_sf, utarray_len(sf_array) - 1) == 0) { - LOG_INFO("%s: session %lu %s select sf by re-dispatch, sf_profile_id %d to be excluded", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_param->sf_profile_id); + LOG_INFO("%s: session %lu %s select sf by re-dispatch, sf_uuid %s to be excluded", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_uuid_str); utarray_erase(sf_array, sf_index, 1); continue; } else { - LOG_INFO("%s: session %lu %s select sf by fail-action, sf_profile_id %d to be selected", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_param->sf_profile_id); + LOG_INFO("%s: session %lu %s select sf by fail-action, sf_uuid %s to be selected", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_uuid_str); selected_sf_set_info(selected_sf, sf_param); return; } @@ -1220,31 +1237,34 @@ static void select_sf_by_ldbc(struct sff_param *sff_param, struct selected_sf *s static void select_sf_from_sff(struct policy_enforcer *enforcer, struct sff_param *sff_param, struct selected_sf *selected_sf, struct session_ctx *s_ctx, uint64_t packet_hash) { - int profile_id; + char sf_uuid_str[UUID_STRING_SIZE] = {0}; + uuid_t *sf_uuid_ptr; UT_array *sf_array; UT_icd sf_icd = {sizeof(struct sf_param), NULL, NULL, NULL}; utarray_new(sf_array, &sf_icd); - for (int i = 0; i < sff_param->sf_profile_ids_num; i++) + int sf_uuid_num = uuid_array_get_count(&sff_param->sf_uuid_array); + for (int i = 0; i < sf_uuid_num; i++) { - profile_id = sff_param->sf_profile_ids[i]; - struct sf_param *sf = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sf_table_id, (const char *)&profile_id, sizeof(profile_id)); + sf_uuid_ptr = uuid_array_get_at(&sff_param->sf_uuid_array, i); + uuid_unparse(*sf_uuid_ptr, sf_uuid_str); + struct sf_param *sf = (struct sf_param *)maat_plugin_table_get_ex_data(enforcer->maat, TABLE_NAME_SF, (const char *)sf_uuid_str, strlen(sf_uuid_str)); if (sf == NULL) { - LOG_ERROR("%s: failed to get sf parameter of profile %d", LOG_TAG_POLICY, profile_id); + LOG_ERROR("%s: failed to get sf parameter of profile %s", LOG_TAG_POLICY, sf_uuid_str); continue; } if (select_sf_by_admin_status(sf) == 0) { - LOG_INFO("%s: session %lu %s select sf by admin-status, sf_profile_id %d to be excluded", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf->sf_profile_id); + LOG_INFO("%s: session %lu %s select sf by admin-status, sf_uuid %s to be excluded", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_uuid_str); sf_param_free(sf); continue; } if (select_sf_by_localization(enforcer, sff_param, sf) == 0) { - LOG_INFO("%s: session %lu %s select sf by localization, sf_profile_id %d to be excluded", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf->sf_profile_id); + LOG_INFO("%s: session %lu %s select sf by localization, sf_uuid %s to be excluded", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, sf_uuid_str); sf_param_free(sf); continue; } @@ -1369,6 +1389,10 @@ void selected_chaining_destory(struct selected_chaining *chaining) void selected_chaining_dump(struct selected_chaining *chaining) { + char rule_uuid_str[UUID_STRING_SIZE] = {0}; + char sff_uuid_str[UUID_STRING_SIZE] = {0}; + char sf_uuid_str[UUID_STRING_SIZE] = {0}; + if (chaining == NULL) { LOG_DEBUG("%s: selected_chaining: NULL", LOG_TAG_POLICY); @@ -1381,13 +1405,16 @@ void selected_chaining_dump(struct selected_chaining *chaining) for (int i = 0; i < chaining->chaining_used; i++) { struct selected_sf *node = &(chaining->chaining[i]); - LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_id : %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->rule_id); + uuid_unparse(node->rule_uuid, rule_uuid_str); + uuid_unparse(node->sff_uuid, sff_uuid_str); + uuid_unparse(node->sf_uuid, sf_uuid_str); + LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_uuid : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, rule_uuid_str); LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_tostring(node->traffic_type)); // sff - LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id); + LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_uuid : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, sff_uuid_str); LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, forward_type_tostring(node->sff_forward_type)); // sf - LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_profile_id); + LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_uuid : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, sf_uuid_str); LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action_desc : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, action_desc_tostring(node->sf_action_desc)); LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->encapsulate_method : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, encapsulate_method_tostring(node->sf_connectivity.method)); LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.int_vlan_tag); @@ -1403,6 +1430,10 @@ void selected_chaining_bref(struct selected_chaining *chaining) return; } + char rule_uuid_str[UUID_STRING_SIZE] = {0}; + char sff_uuid_str[UUID_STRING_SIZE] = {0}; + char sf_uuid_str[UUID_STRING_SIZE] = {0}; + char buff[4096] = {0}; int buff_used = 0; int buff_size = sizeof(buff); @@ -1416,9 +1447,14 @@ void selected_chaining_bref(struct selected_chaining *chaining) { buff_used += snprintf(buff + buff_used, buff_size - buff_used, ","); } + + uuid_unparse(node->rule_uuid, rule_uuid_str); + uuid_unparse(node->sff_uuid, sff_uuid_str); + uuid_unparse(node->sf_uuid, sf_uuid_str); + buff_used += snprintf(buff + buff_used, buff_size - buff_used, - "\"node[%d]\":{\"policy\":\"%lu->%d->%d\",\"action\":\"%s->%s->%s\"}", - i, node->rule_id, node->sff_profile_id, node->sf_profile_id, + "\"node[%d]\":{\"policy\":\"%s->%s->%s\",\"action\":\"%s->%s->%s\"}", + i, rule_uuid_str, sff_uuid_str, sf_uuid_str, traffic_type_tostring(node->traffic_type), forward_type_tostring(node->sff_forward_type), action_desc_tostring(node->sf_action_desc)); } } @@ -1444,7 +1480,7 @@ void selected_chaining_uniq(struct selected_chaining *chaining) is_exist = 0; for (j = 0; j < i; j++) { - if (chaining->chaining[i].sf_profile_id == chaining->chaining[j].sf_profile_id && chaining->chaining[i].sf_action == chaining->chaining[j].sf_action) + if (uuid_compare(chaining->chaining[i].sf_uuid, chaining->chaining[j].sf_uuid) == 0 && chaining->chaining[i].sf_action == chaining->chaining[j].sf_action) { is_exist = 1; break; @@ -1527,19 +1563,6 @@ struct policy_enforcer *policy_enforcer_create(const char *instance, const char } maat_options_set_redis(opts, enforcer->config.redis_server, redis_port_select, enforcer->config.redis_db_idx); break; - case MAAT_INPUT_FILE: - if (!strlen(enforcer->config.ful_cfg_dir)) - { - LOG_ERROR("%s: invalid ful_cfg_dir", LOG_TAG_POLICY); - goto error_out; - } - if (!strlen(enforcer->config.inc_cfg_dir)) - { - LOG_ERROR("%s: invalid inc_cfg_dir", LOG_TAG_POLICY); - goto error_out; - } - maat_options_set_iris(opts, enforcer->config.ful_cfg_dir, enforcer->config.inc_cfg_dir); - break; default: LOG_ERROR("%s: invalid input_mode %d", LOG_TAG_POLICY, enforcer->config.input_mode); goto error_out; @@ -1606,54 +1629,34 @@ void policy_enforcer_destory(struct policy_enforcer *enforcer) int policy_enforcer_register(struct policy_enforcer *enforcer) { LOG_INFO("%s: register policy callback ...", LOG_TAG_POLICY); - enforcer->compile_table_id = maat_get_table_id(enforcer->maat, "SERVICE_CHAINING_COMPILE"); - if (enforcer->compile_table_id < 0) - { - LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE table failed", LOG_TAG_POLICY); - return -1; - } - - enforcer->sff_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE"); - if (enforcer->sff_table_id < 0) - { - LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE table ailed", LOG_TAG_POLICY); - return -1; - } - enforcer->sf_table_id = maat_get_table_id(enforcer->maat, "SERVICE_FUNCTION_PROFILE"); - if (enforcer->sf_table_id < 0) - { - LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE table failed", LOG_TAG_POLICY); - return -1; - } - - if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_CHAINING_COMPILE", + if (maat_plugin_table_ex_schema_register(enforcer->maat, TABLE_NAME_SC, chaining_param_new_cb, chaining_param_free_cb, chaining_param_dup_cb, 0, enforcer) != 0) { - LOG_ERROR("%s: register SERVICE_CHAINING_COMPILE plugin extension callbacks failed", LOG_TAG_POLICY); + LOG_ERROR("%s: register %s plugin extension callbacks failed", LOG_TAG_POLICY, TABLE_NAME_SC); return -1; } - if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_FORWARDER_PROFILE", + if (maat_plugin_table_ex_schema_register(enforcer->maat, TABLE_NAME_SFF, sff_param_new_cb, sff_param_free_cb, sff_param_dup_cb, 0, enforcer) != 0) { - LOG_ERROR("%s: register SERVICE_FUNCTION_FORWARDER_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY); + LOG_ERROR("%s: register %s plugin extension callbacks failed", LOG_TAG_POLICY, TABLE_NAME_SFF); return -1; } - if (maat_plugin_table_ex_schema_register(enforcer->maat, "SERVICE_FUNCTION_PROFILE", + if (maat_plugin_table_ex_schema_register(enforcer->maat, TABLE_NAME_SF, sf_param_new_cb, sf_param_free_cb, sf_param_dup_cb, 0, enforcer) != 0) { - LOG_ERROR("%s: register SERVICE_FUNCTION_PROFILE plugin extension callbacks failed", LOG_TAG_POLICY); + LOG_ERROR("%s: register %s plugin extension callbacks failed", LOG_TAG_POLICY, TABLE_NAME_SF); return -1; } LOG_INFO("%s: register policy callback success", LOG_TAG_POLICY); @@ -1666,14 +1669,19 @@ int policy_enforce_chaining_size(struct policy_enforcer *enforcer) return enforcer->config.max_chaining_size; } -void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int direction) +void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uuid_t *rule_uuid_ptr, int direction) { - int sff_profile_id; + char rule_uuid_str[UUID_STRING_SIZE] = {0}; + char sff_id_str[UUID_STRING_SIZE] = {0}; + char sf_uuid_str[UUID_STRING_SIZE] = {0}; + + uuid_t *sff_uuid_ptr; struct selected_chaining *chaining = NULL; - struct chaining_param *chaining_param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->compile_table_id, (const char *)&rule_id, sizeof(rule_id)); + uuid_unparse(*rule_uuid_ptr, rule_uuid_str); + struct chaining_param *chaining_param = (struct chaining_param *)maat_plugin_table_get_ex_data(enforcer->maat, TABLE_NAME_SC, (const char *)rule_uuid_str, strlen(rule_uuid_str)); if (chaining_param == NULL) { - LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %lu", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, rule_id); + LOG_ERROR("%s: session %lu %s failed to get chaining parameter of policy %s", LOG_TAG_POLICY, s_ctx->session_id, s_ctx->session_addr, rule_uuid_str); return; } @@ -1685,28 +1693,30 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se { chaining = s_ctx->chaining_decrypted; } - LOG_INFO("%s: session %lu %s enforce %s chaining: rule_id %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_tostring(chaining_param->traffic_type), rule_id); + LOG_INFO("%s: session %lu %s enforce %s chaining: rule_uuid %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_tostring(chaining_param->traffic_type), rule_uuid_str); - for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++) + int sff_uuid_num = uuid_array_get_count(&chaining_param->sff_uuid_array); + for (int i = 0; i < sff_uuid_num && chaining->chaining_used < chaining->chaining_size; i++) { struct selected_sf *selected_sf = &(chaining->chaining[chaining->chaining_used]); selected_sf_init(selected_sf); - sff_profile_id = chaining_param->sff_profile_ids[i]; - struct sff_param *sff_param = (struct sff_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->sff_table_id, (const char *)&sff_profile_id, sizeof(sff_profile_id)); + sff_uuid_ptr = uuid_array_get_at(&chaining_param->sff_uuid_array, i); + uuid_unparse(*sff_uuid_ptr, sff_id_str); + struct sff_param *sff_param = (struct sff_param *)maat_plugin_table_get_ex_data(enforcer->maat, TABLE_NAME_SFF, (const char *)sff_id_str, strlen(sff_id_str)); if (sff_param == NULL) { - LOG_ERROR("%s: session %lu %s failed to get sff parameter of profile %d, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, sff_profile_id); + LOG_ERROR("%s: session %lu %s failed to get sff parameter of profile %s, bypass current sff !!!", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, sff_id_str); continue; } // sc info - selected_sf->rule_id = rule_id; + uuid_copy(selected_sf->rule_uuid, *rule_uuid_ptr); selected_sf->rule_vsys_id = chaining_param->vsys_id; selected_sf->traffic_type = chaining_param->traffic_type; // sff info - selected_sf->sff_profile_id = sff_profile_id; + uuid_copy(selected_sf->sff_uuid, *sff_uuid_ptr); selected_sf->sff_forward_type = sff_param->sff_forward_type; // sf_index @@ -1715,16 +1725,19 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se uint64_t packet_hash = packet_get_hash(data_pkt, sff_param->sff_ldbc.method, direction); select_sf_from_sff(enforcer, sff_param, selected_sf, s_ctx, packet_hash); - LOG_INFO("%s: session %lu %s enforce chaining [%d/%d]: policy: %lu->%d->%d, action: %s->%s->%s", + uuid_unparse(selected_sf->sf_uuid, sf_uuid_str); + LOG_INFO("%s: session %lu %s enforce chaining [%d/%d]: policy: %s->%s->%s, action: %s->%s->%s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, selected_sf->sf_index, chaining->chaining_size, - selected_sf->rule_id, selected_sf->sff_profile_id, selected_sf->sf_profile_id, + rule_uuid_str, sff_id_str, sf_uuid_str, traffic_type_tostring(chaining_param->traffic_type), forward_type_tostring(selected_sf->sff_forward_type), action_desc_tostring(selected_sf->sf_action_desc)); chaining->chaining_used++; sff_param_free(sff_param); } + uuid_array_append(&s_ctx->rule_uuid_array, *rule_uuid_ptr); + selected_chaining_uniq(chaining); chaining_param_free(chaining_param); } diff --git a/platform/src/sce.cpp b/platform/src/sce.cpp index fab0db8..ea235f2 100644 --- a/platform/src/sce.cpp +++ b/platform/src/sce.cpp @@ -26,7 +26,7 @@ struct session_ctx *session_ctx_new() struct session_ctx *session_ctx = (struct session_ctx *)calloc(1, sizeof(struct session_ctx)); assert(session_ctx != NULL); - mutable_array_init(&session_ctx->rule_ids); + uuid_array_init(&session_ctx->rule_uuid_array); return session_ctx; } diff --git a/platform/src/sf_metrics.cpp b/platform/src/sf_metrics.cpp index 4b0f894..60e8d06 100644 --- a/platform/src/sf_metrics.cpp +++ b/platform/src/sf_metrics.cpp @@ -226,9 +226,9 @@ void sf_metrics_input(struct sf_metrics *handle, uint16_t thr_idx, struct sf_met { node = (struct metric *)calloc(1, sizeof(struct metric)); node->key.vsys_id = key->vsys_id; - node->key.rule_id = key->rule_id; - node->key.sff_profile_id = key->sff_profile_id; - node->key.sf_profile_id = key->sf_profile_id; + uuid_copy(node->key.rule_uuid, key->rule_uuid); + uuid_copy(node->key.sff_uuid, key->sff_uuid); + uuid_copy(node->key.sf_uuid, key->sf_uuid); node->recv_pkts = rx_pkts; node->recv_bytes = rx_bytes; @@ -254,6 +254,9 @@ void sf_metrics_output(struct sf_metrics *handle, uint16_t thr_idx) struct metric *temp = NULL; struct metric *node = NULL; + char rule_uuid_str[UUID_STRING_SIZE] = {0}; + char sff_uuid_str[UUID_STRING_SIZE] = {0}; + char sf_uuid_str[UUID_STRING_SIZE] = {0}; HASH_ITER(hh, handle->root[thr_idx], node, temp) { if (node->sent_pkts == 0 && node->recv_pkts == 0 && @@ -262,11 +265,14 @@ void sf_metrics_output(struct sf_metrics *handle, uint16_t thr_idx) continue; } + uuid_unparse(node->key.rule_uuid, rule_uuid_str); + uuid_unparse(node->key.sff_uuid, sff_uuid_str); + uuid_unparse(node->key.sf_uuid, sf_uuid_str); const struct field tags[] = { {"vsys_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.vsys_id}}, - {"rule_id", FIELD_VALUE_INTEGER, {.value_longlong = (long long)node->key.rule_id}}, - {"sff_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sff_profile_id}}, - {"sf_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sf_profile_id}}, + {"rule_uuid", FIELD_VALUE_CSTRING, {.value_str = rule_uuid_str}}, + {"sff_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sff_uuid_str}}, + {"sf_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sf_uuid_str}}, }; fieldstat_easy_counter_incrby(handle->fs, thr_idx, handle->sent_pkts_idx, tags, sizeof(tags) / sizeof(tags[0]), node->sent_pkts); diff --git a/platform/src/sf_status.cpp b/platform/src/sf_status.cpp index 21a49de..50f54f4 100644 --- a/platform/src/sf_status.cpp +++ b/platform/src/sf_status.cpp @@ -140,7 +140,7 @@ void sf_status_update(struct sf_status *handle, const struct sf_status_key *key, { temp = (struct metric *)calloc(1, sizeof(struct metric)); temp->key.vsys_id = key->vsys_id; - temp->key.sf_profile_id = key->sf_profile_id; + uuid_copy(temp->key.sf_uuid, key->sf_uuid); temp->sf_status = sf_status; temp->sf_latency = sf_latency; HASH_ADD(hh, handle->htable, key, sizeof(struct sf_status_key), temp); @@ -154,13 +154,15 @@ void sf_status_output(struct sf_status *handle) return; } + char sf_uuid_str[UUID_STRING_SIZE] = {0}; struct metric *temp = NULL; struct metric *node = NULL; HASH_ITER(hh, handle->htable, node, temp) { + uuid_unparse(node->key.sf_uuid, sf_uuid_str); const struct field tags[] = { {"vsys_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.vsys_id}}, - {"sf_profile_id", FIELD_VALUE_INTEGER, {.value_longlong = node->key.sf_profile_id}}, + {"sf_profile_uuid", FIELD_VALUE_CSTRING, {.value_str = sf_uuid_str}}, }; fieldstat_easy_counter_set(handle->fs, 0, handle->sf_status_idx, tags, sizeof(tags) / sizeof(tags[0]), node->sf_status); |