Element <chain>
Defines the chain. It has a start tag <chain> and an end tag </chain>.
Last updated
Defines the chain. It has a start tag <chain> and an end tag </chain>.
Last updated
id
Specifies a unique id for an element
Interger
name
Specifies a name for an element
String
sessionUnique
one session one output
yes/no
no
disable
disable chain
yes/no
no
Defines input ports. It has a start tag <in> and an end tag </in>.
<in>P0,P1</in>Defines output ports. It has a start tag <out> and an end tag </out>.
0: Drop
S: find destination by dst-mac address (like Switch port)
type
duplicate or loadBalance
String
duplicate
lbtype
Load Balance type, includes session, ethtype, iptype, smac, dmac, sip, dip, rr, 5thash
String
session
failover
Load Balance fail over
yes/no
yes
<!--duplication to P1 and P2 -->
<out>P0,P1</out>
<!-- load Balance to P0,P1 by 5-tuple -->
<out type="loadBalance" lbtype="5thash">P0,P1</out>Defines packets pass through filter id. It has a start tag <fid> and an end tag </fid>.
type
and/or
String
or
<fid>F1</fid>
<!--if F1 or F2 -->
<fid type="or">F1,F2</fid>
<!--if F1 and not F2 -->
<fid type="and">F1,!F2</fid>Defines going next if packet match/not match filter. It has a next tag <next> and an end tag </next>.
type
match/notmatch
String
match
<!-- packet from P0, if matched F1 (if matched F2, send to P1) else (if match F3, send to P2) -->
<chain>
<in>P0</in>
<fid>F1</fid>
<next>
<fid>F2</fid>
<out>P1</out>
</next>
<next type="notmatch">
<fid>F3</fid>
<out>P2</out>
</next>
</chain>P0->F1->P1
<chain id="1">
<in>P0</in>
<fid>F1</fid>
<out>P1</out>
</chain>P0->F1->F2->P1 !>P2
<chain id="1">
<in>P0</in>
<fid>F1</fid>
<next>
<fid>F2</fid>
<out>P1</out>
<next type="notmatch">
<out>P2</out>
</next>
</next>
</chain>weight
Load Balance weight (not support session, rr type)
String
20,80