TSG-18425 Proxy支持port object匹配 TSG-19090 Proxy支持Protocol Object匹配
This commit is contained in:
fengweihao
@@ -30,7 +30,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st
|
||||
|
||||
if (strlen(source_subscribe_id))
|
||||
{
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID),
|
||||
source_subscribe_id, strlen(source_subscribe_id),result + hit_cnt + hit_cnt_ip,
|
||||
MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -44,7 +44,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st
|
||||
TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
|
||||
source_subscribe_id, scan_ret, stream->str_stream_info);
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID),
|
||||
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
@@ -54,7 +54,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st
|
||||
|
||||
if (strlen(dest_subscribe_id))
|
||||
{
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID),
|
||||
dest_subscribe_id, strlen(dest_subscribe_id),result + hit_cnt + hit_cnt_ip,
|
||||
MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,&n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -68,7 +68,7 @@ int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, st
|
||||
TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s",
|
||||
dest_subscribe_id, scan_ret, stream->str_stream_info);
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID),
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID),
|
||||
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
@@ -107,7 +107,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
|
||||
|
||||
if (strlen(dst_ip_location))
|
||||
{
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION),
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION),
|
||||
dst_ip_location, strlen(dst_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
||||
&n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -121,7 +121,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
|
||||
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s",
|
||||
dst_ip_location, scan_ret, stream->str_stream_info);
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION),
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_LOCATION),
|
||||
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
@@ -133,7 +133,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
|
||||
}
|
||||
if (strlen(src_ip_location))
|
||||
{
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION),
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION),
|
||||
src_ip_location, strlen(src_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
||||
&n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -147,7 +147,7 @@ int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, str
|
||||
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s",
|
||||
src_ip_location, scan_ret, stream->str_stream_info);
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION),
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_LOCATION),
|
||||
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
@@ -201,7 +201,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m
|
||||
|
||||
if (strlen(dst_asn))
|
||||
{
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN),
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN),
|
||||
dst_asn, strlen(dst_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
||||
&n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -215,7 +215,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m
|
||||
TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s",
|
||||
dst_asn, scan_ret, stream->str_stream_info);
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN),
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_ASN),
|
||||
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
@@ -227,7 +227,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m
|
||||
}
|
||||
if (strlen(src_asn))
|
||||
{
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN),
|
||||
scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN),
|
||||
src_asn, strlen(src_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,
|
||||
&n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
@@ -241,7 +241,7 @@ int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct m
|
||||
TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s",
|
||||
src_asn, scan_ret, stream->str_stream_info);
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN),
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_ASN),
|
||||
result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
@@ -260,8 +260,8 @@ int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt,
|
||||
int hit_app_id = 0;
|
||||
size_t n_hit_result = 0;
|
||||
struct maat_hit_group hit_group;
|
||||
|
||||
struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_APP_ID_DICT),
|
||||
|
||||
struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_APP_ID_DICT),
|
||||
(const char *)&app_id, sizeof(long long));
|
||||
if(app_dict!=NULL)
|
||||
{
|
||||
@@ -310,11 +310,8 @@ int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *r
|
||||
struct maat_hit_group last_hit_groups[256] = {0};
|
||||
|
||||
int dir_is_e2i = get_route_dir(stream);
|
||||
int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR");
|
||||
int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR");
|
||||
|
||||
if(c2s == 1) table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id;
|
||||
if(c2s == 0) table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id;
|
||||
if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP);
|
||||
if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP);
|
||||
|
||||
size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid);
|
||||
if(n_last_hit_group > 0)
|
||||
@@ -337,22 +334,109 @@ int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *r
|
||||
return hit_cnt_ip;
|
||||
}
|
||||
|
||||
int tfe_scan_internal_exteral_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s)
|
||||
{
|
||||
int scan_ret = 0;
|
||||
int table_id=0;
|
||||
int hit_cnt_port = 0;
|
||||
size_t array_size=256;
|
||||
size_t n_hit_result = 0;
|
||||
struct maat_hit_group last_hit_groups[256] = {0};
|
||||
|
||||
int dir_is_e2i = get_route_dir(stream);
|
||||
if(c2s == 1) table_id = (dir_is_e2i == 1) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT);
|
||||
if(c2s == 0) table_id = (dir_is_e2i == 0) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT);
|
||||
|
||||
size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid);
|
||||
if(n_last_hit_group > 0)
|
||||
{
|
||||
maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size);
|
||||
scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_port,
|
||||
MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
|
||||
if(scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_port += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_port += n_hit_result;
|
||||
}
|
||||
}
|
||||
return hit_cnt_port;
|
||||
}
|
||||
|
||||
int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest)
|
||||
{
|
||||
int scan_ret = 0;
|
||||
int hit_cnt_port = 0;
|
||||
size_t n_hit_result = 0;
|
||||
|
||||
scan_ret=maat_scan_integer((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), source,
|
||||
result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
|
||||
if(scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_port+=n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT),
|
||||
result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_port+=n_hit_result;
|
||||
}
|
||||
scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 1);
|
||||
if(scan_ret > 0)
|
||||
{
|
||||
hit_cnt_port+=scan_ret;
|
||||
}
|
||||
|
||||
scan_ret=maat_scan_integer((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), dest,
|
||||
result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
|
||||
if(scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_port+=n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT),
|
||||
result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_port+=n_hit_result;
|
||||
}
|
||||
scan_ret = tfe_scan_internal_exteral_port(stream, result, scan_mid, hit_cnt, 0);
|
||||
if(scan_ret > 0)
|
||||
{
|
||||
hit_cnt_port+=scan_ret;
|
||||
}
|
||||
|
||||
return hit_cnt_port;
|
||||
}
|
||||
|
||||
#define PROTOCOL_TCP_GROUP_ID 6
|
||||
int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
{
|
||||
int table_id=0;
|
||||
int scan_ret = 0;
|
||||
int hit_cnt_ip = 0;
|
||||
size_t n_hit_result = 0;
|
||||
struct maat_hit_group hit_group;
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
memset(&hit_group, 0, sizeof(hit_group));
|
||||
hit_group.group_id=PROTOCOL_TCP_GROUP_ID;
|
||||
scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if(scan_ret==MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v4->saddr,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP),
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
@@ -363,15 +447,14 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc
|
||||
hit_cnt_ip += scan_ret;
|
||||
}
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v4->daddr,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if(scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP),
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
@@ -387,19 +470,27 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struc
|
||||
|
||||
int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr)
|
||||
{
|
||||
int table_id=0;
|
||||
int scan_ret = 0;
|
||||
int hit_cnt_ip = 0;
|
||||
size_t n_hit_result = 0;
|
||||
struct maat_hit_group hit_group;
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR");
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
memset(&hit_group, 0, sizeof(hit_group));
|
||||
hit_group.group_id=PROTOCOL_TCP_GROUP_ID;
|
||||
scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if(scan_ret==MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP),
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
@@ -411,14 +502,13 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struc
|
||||
hit_cnt_ip += scan_ret;
|
||||
}
|
||||
|
||||
table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR");
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6,
|
||||
scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v6->daddr,
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
hit_cnt_ip += n_hit_result;
|
||||
}
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id,
|
||||
scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP),
|
||||
result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid);
|
||||
if (scan_ret == MAAT_SCAN_HIT)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user