Updated on 2025-08-19 GMT+08:00

Querying Traffic Mirror Filter Rules

Function

This API is used to query information about all traffic mirror filter rules, including the source and destination addresses and ports.

Calling Method

For details, see Calling APIs.

URI

GET /v3/{project_id}/vpc/traffic-mirror-filter-rules

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition:

ID of the project that a traffic mirror filter rule belongs to. For details about how to obtain a project ID, see Obtaining a Project ID.

Range:

N/A

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

id

No

Array of strings

Definition:

ID of a traffic mirror filter rule. You can use this field to accurately filter traffic mirror filter rules. Multiple IDs can be specified for filtering.

Range:

N/A

action

No

Array of strings

Definition:

Action of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple actions can be specified for filtering.

Range:

accept and reject

description

No

Array of strings

Definition:

Description of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple descriptions can be specified for filtering.

Range:

N/A

destination_cidr_block

No

Array of strings

Definition:

Destination of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple destinations can be specified for filtering.

Range:

N/A

destination_port_range

No

Array of strings

Definition:

Destination port range of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple destination port ranges can be specified for filtering.

Range:

N/A

direction

No

Array of strings

Definition:

Direction of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple directions can be specified for filtering.

Range:

  • ingress: inbound traffic

  • egress: outbound traffic

priority

No

Array of integers

Definition:

Priority of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple priorities can be specified for filtering.

Range:

1 to 65535

protocol

No

Array of strings

Definition:

Network protocol in a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple protocols can be specified for filtering.

Range:

  • TCP: Traffic mirror rules with protocol set to TCP will be filtered.

  • UDP: Traffic mirror rules with protocol set to UDP will be filtered.

  • ICMP: Traffic mirror rules with protocol set to ICMP will be filtered.

  • ICMPV6: Traffic mirror rules with protocol set to ICMPv6 will be filtered.

  • ALL: Traffic mirror rules with protocol set to All will be filtered.

source_cidr_block

No

Array of strings

Definition:

Source of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple sources can be specified for filtering.

Range:

N/A

source_port_range

No

Array of strings

Definition:

Source port range of a traffic mirror filter rule. You can use this field to filter traffic mirror filter rules. Multiple source port ranges can be specified for filtering.

Range:

N/A

traffic_mirror_filter_id

No

Array of strings

Definition:

ID of the traffic mirror filter that a traffic mirror filter rule belongs to. You can use this field to filter traffic mirror filter rules. Multiple IDs can be specified for filtering.

Range:

N/A

Request Parameters

None

Response Parameters

Status code: 200

Table 3 Response body parameters

Parameter

Type

Description

traffic_mirror_filter_rules

Array of TrafficMirrorFilterRule objects

Definition:

Response body for querying traffic mirror filter rules.

Range:

N/A

page_info

PageInfo object

Definition:

Pagination information.

Range:

N/A

request_id

String

Definition:

Request ID.

Range:

N/A

Table 4 TrafficMirrorFilterRule

Parameter

Type

Description

id

String

Definition:

ID of a traffic mirror filter rule.

Range:

N/A

project_id

String

Definition:

ID of the project that a traffic mirror filter rule belongs to.

Range:

N/A

description

String

Definition:

Description of a traffic mirror filter rule.

Range:

The value can contain 0 to 255 characters and cannot contain angle brackets (< or >).

traffic_mirror_filter_id

String

Definition:

ID of the traffic mirror filter that a traffic mirror filter rule belongs to.

Range:

N/A

direction

String

Definition:

Traffic direction of a traffic mirror filter rule.

Range:

  • ingress: inbound traffic

  • egress: outbound traffic

source_cidr_block

String

Definition:

Source of a traffic mirror filter rule.

Range:

  • Single IP address: IP address/subnet mask. For example, 192.168.10.10/32 for a single IPv4 address or 2002:50::44/128 for a single IPv6 address.

  • CIDR block: IP address/subnet mask. For example, 192.168.52.0/24 for an IPv4 CIDR block or 2407:c080:802:469::/64 for an IPv6 CIDR block.

  • All IP addresses: 0.0.0.0/0 indicates all IPv4 addresses, and ::/0 indicates all IPv6 addresses.

destination_cidr_block

String

Definition:

Destination of a traffic mirror filter rule.

Range:

  • Single IP address: IP address/subnet mask. For example, 192.168.10.10/32 for a single IPv4 address or 2002:50::44/128 for a single IPv6 address.

  • CIDR block: IP address/subnet mask. For example, 192.168.52.0/24 for an IPv4 CIDR block or 2407:c080:802:469::/64 for an IPv6 CIDR block.

  • All IP addresses: 0.0.0.0/0 indicates all IPv4 addresses, and ::/0 indicates all IPv6 addresses.

source_port_range

String

Definition:

Source port range of a traffic mirror filter rule.

Range:

  • Port range: 1 to 65535

  • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.

destination_port_range

String

Definition:

Destination port range of a traffic mirror filter rule.

Range:

  • Port range: 1 to 65535

  • Use a hyphen (-) to connect the start port and the end port, for example, 22-23. The end port cannot be smaller than the start port.

ethertype

String

Definition:

IP address version.

Range:

IPv4 or IPv6

protocol

String

Definition:

Network protocol type.

Range:

  • TCP: If you select TCP, you can customize the source and destination port ranges.

  • UDP: If you select UDP, you can customize the source and destination port ranges.

  • ICMP: If you set IP address version to IPv4 and select ICMP, all ports are specified for source and destination port ranges by default.

  • ICMPV6: If you set IP address version to IPv6 and select ICMPv6, all ports are specified for source and destination port ranges by default.

  • ALL: If you select ALL, all network protocols are supported and all ports are specified for source and destination port ranges by default.

action

String

Definition:

Action of a traffic mirror filter rule.

Range:

  • accept

  • reject

priority

Integer

Definition:

Priority of a traffic mirror filter rule.

Range:

The value is from 1 to 65535. A smaller value indicates a higher priority.

created_at

String

Definition:

Time when a traffic mirror filter rule was created.

Range:

The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.

updated_at

String

Definition:

Time when a traffic mirror filter rule was updated.

Range:

The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.

Table 5 PageInfo

Parameter

Type

Description

previous_marker

String

Definition:

The first record on the current page.

Range:

N/A

current_count

Integer

Definition:

Total number of resources on the current page.

Range:

N/A

next_marker

String

Definition:

The last record on the current page. The next_marker field does not exist if the page is the last one.

Range:

N/A

Example Requests

Querying traffic mirror filter rules

GET http://{endpoint}/v3/{project_id}/vpc/traffic-mirror-filter-rules

Example Responses

Status code: 200

OK

{
  "request_id" : "38719a68-c7c1-4fe1-bf12-4bb049349174",
  "traffic_mirror_filter_rules" : [ {
    "created_at" : "2023-02-17T08:42:44.000+00:00",
    "updated_at" : "2023-02-17T08:42:44.000+00:00",
    "id" : "3daa97b5-ad58-477d-86a5-52b65257f94b",
    "project_id" : "7365fcd452924e398ec4cc1fe39c0d12",
    "description" : "",
    "traffic_mirror_filter_id" : "b765ba87-c0b4-4f1a-9ec3-d5b1d1ddb137",
    "direction" : "ingress",
    "protocol" : "ICMPV6",
    "ethertype" : "IPv4",
    "action" : "accept",
    "priority" : 16
  } ],
  "page_info" : {
    "previous_marker" : "3daa97b5-ad58-477d-86a5-52b65257f94b",
    "current_count" : 1
  }
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;


public class ListTrafficMirrorFilterRulesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        ListTrafficMirrorFilterRulesRequest request = new ListTrafficMirrorFilterRulesRequest();
        try {
            ListTrafficMirrorFilterRulesResponse response = client.listTrafficMirrorFilterRules(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListTrafficMirrorFilterRulesRequest()
        response = client.list_traffic_mirror_filter_rules(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListTrafficMirrorFilterRulesRequest{}
	response, err := client.ListTrafficMirrorFilterRules(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

OK

Error Codes

See Error Codes.