#include #include #include #include static int scan_group(struct maat_hit_group hit_group, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id) { size_t n_hit_result=0; int scan_ret=0, hit_cnt_group=0; scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_group+=n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_group+=n_hit_result; } return hit_cnt_group; } int tfe_get_tags_id_array(char *tag_ids, long long *tag_id_array) { if(tag_ids==NULL) { return 0; } int n_tag_ids=0; char *tag_ids_tmp = ALLOC(char, strlen(tag_ids)+1); strcpy(tag_ids_tmp, tag_ids); char *tag_ids_str=strtok(tag_ids_tmp, ","); while(tag_ids_str!=NULL && n_tag_ids < 128) { tag_id_array[n_tag_ids++]=strtoll(tag_ids_str, NULL, 10); tag_ids_str=strtok(NULL, ","); } FREE(&tag_ids_tmp); return n_tag_ids; } static int get_route_dir(const struct tfe_stream * stream) { uint16_t out_size; unsigned int route_dir; int ret=0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size); if (ret != 0) { return ret; } } return (route_dir==69) ? 1 : 0; } int get_table_id(const struct tfe_stream *stream, enum scan_common_table table_type) { int table_id = 0, c2s = 0; int dir_is_e2i = get_route_dir(stream); if (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP || table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) { c2s = (table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_SOURCE_PORT) ? 1 : 0; if(table_type == PXY_CTRL_SOURCE_IP || table_type == PXY_CTRL_DESTINATION_IP) { table_id = (c2s == dir_is_e2i) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_IP) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_IP); } if(table_type == PXY_CTRL_SOURCE_PORT || table_type == PXY_CTRL_DESTINATION_PORT) { table_id = (c2s == dir_is_e2i) ? tfe_bussiness_tableid_get(PXY_CTRL_INTERNAL_PORT) : tfe_bussiness_tableid_get(PXY_CTRL_EXTERNAL_PORT); } } return table_id; } int tfe_scan_internal_exteral_by_last_group(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, enum scan_common_table table_type) { size_t array_size=256, n_hit_result = 0; int hit_cnt_group = 0, scan_ret = 0, table_id = 0; struct maat_hit_group last_hit_groups[256] = {0}; table_id = get_table_id(stream, table_type); if(table_id <= 0) { return hit_cnt_group; } size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(scan_mid); if(n_last_hit_group > 0) { maat_state_get_last_hit_groups(scan_mid, last_hit_groups, array_size); scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, last_hit_groups, array_size, result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_group += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_group += n_hit_result; } } return hit_cnt_group; } /**for Provisional compilation definitions**/ #define TFE_CMSG_FQDN_TAGS_ID_STR 60 /*1,2,3,4,5*/ #define TFE_CMSG_SRC_TAGS_ID_STR 61 /*11,12,13,14*/ #define TFE_CMSG_DST_TAGS_ID_STR 62 /*6,7,8,9,10*/ #define TFE_CMSG_FQDN_TAGS_LOG_STR 63 /*"Category Name:Search Engines, Cloude Provider:aws, CDN Provider:aws, category_name: ab"*/ #define TFE_CMSG_SRC_TAGS_LOG_STR 64 /*"administrative_area:Singapore, country:Singapore", CDN Provider:Light CDN*/ #define TFE_CMSG_DST_TAGS_LOG_STR 65 /*"ASN:55967, CDN Provider:Light CDN, country:Hong Kong"*/ int tfe_scan_ip_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { size_t n_hit_result = 0; long long tag_id_array[128]={0}; int scan_ret = 0, hit_cnt_ip = 0, n_tag_ids = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if(cmsg == NULL) { return hit_cnt_ip; } char opt_val[128]={0}; uint16_t opt_out_size = 0; int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_SRC_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); if(ret == 0) { n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); if(n_tag_ids == 0) { return hit_cnt_ip; } } TFE_LOG_DEBUG(logger, "fetch src ip tags: %s", opt_val); struct maat_hit_group hit_group; for (int i = 0; i < n_tag_ids; i++) { memset(&hit_group, 0, sizeof(hit_group)); hit_group.group_id=tag_id_array[i]; scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), &hit_group, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan Src TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += scan_ret; } else { TFE_LOG_INFO(logger, "Scan Src TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } } n_tag_ids=0; memset(tag_id_array, 0, sizeof(tag_id_array)); ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_DST_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); if(ret == 0) { n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); if(n_tag_ids == 0) { return hit_cnt_ip; } } TFE_LOG_DEBUG(logger, "fetch dst ip tags: %s", opt_val); for (int i = 0; i < n_tag_ids; i++) { memset(&hit_group, 0, sizeof(hit_group)); hit_group.group_id=tag_id_array[i]; scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), &hit_group, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan Dst TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += scan_ret; } else { TFE_LOG_INFO(logger, "Scan Dst TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } } return hit_cnt_ip; } int tfe_scan_fqdn_tags(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int table_id, void *logger) { long long tag_id_array[128]={0}; int scan_ret = 0, hit_cnt_fqdn = 0, n_tag_ids = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if(cmsg == NULL) { return hit_cnt_fqdn; } char opt_val[128]={0}; uint16_t opt_out_size = 0; int ret = tfe_cmsg_get_value(cmsg, (enum tfe_cmsg_tlv_type)TFE_CMSG_FQDN_TAGS_ID_STR, (unsigned char *)opt_val, sizeof(opt_val), &opt_out_size); if(ret == 0) { n_tag_ids = tfe_get_tags_id_array(opt_val, tag_id_array); if(n_tag_ids == 0) { return hit_cnt_fqdn; } } TFE_LOG_DEBUG(logger, "fetch fqdn tags: %s", opt_val); struct maat_hit_group hit_group; for (int i = 0; i < n_tag_ids; i++) { memset(&hit_group, 0, sizeof(hit_group)); hit_group.group_id=tag_id_array[i]; scan_ret = scan_group(hit_group, result, scan_mid, hit_cnt, table_id); if (scan_ret > 0) { TFE_LOG_INFO(logger, "Scan Fqdn TAGS, Hit scan ret: %d policy_id: %lld addr: %s", scan_ret, result[hit_cnt + hit_cnt_fqdn], stream->str_stream_info); hit_cnt_fqdn += scan_ret; } else { TFE_LOG_INFO(logger, "Scan Fqdn TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } } return hit_cnt_fqdn; } int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, long long app_id, int table_id) { int scan_ret = 0; int hit_app_id = 0; size_t n_hit_result = 0; struct maat_hit_group hit_group; struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_APP_ID_DICT), (const char *)&app_id, sizeof(long long)); if(app_dict!=NULL) { memset(&hit_group, 0, sizeof(hit_group)); hit_group.group_id=app_dict->group_id; scan_ret = maat_scan_group(tfe_get_maat_handle(), table_id, &hit_group, 1, result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_app_id += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_id, result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_app_id += n_hit_result; } app_id_dict_free(app_dict); } return hit_app_id; } int tfe_scan_port(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest) { int scan_ret = 0; int hit_cnt_port = 0; size_t n_hit_result = 0; scan_ret=maat_scan_integer(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), ntohs(source), result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_PORT); if(scan_ret > 0) { hit_cnt_port+=scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_PORT), result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } scan_ret=maat_scan_integer(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), ntohs(dest), result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_PORT); if(scan_ret > 0) { hit_cnt_port+=scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_PORT), result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } return hit_cnt_port; } #define PROTOCOL_TCP_GROUP_ID 6 int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; struct maat_hit_group hit_group; memset(&hit_group, 0, sizeof(hit_group)); hit_group.group_id=PROTOCOL_TCP_GROUP_ID; scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v4->saddr, ntohs(sapp_addr.v4->source), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v4->daddr, ntohs(sapp_addr.v4->dest), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } return hit_cnt_ip; } int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; struct maat_hit_group hit_group; memset(&hit_group, 0, sizeof(hit_group)); hit_group.group_id=PROTOCOL_TCP_GROUP_ID; scan_ret = maat_scan_group(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), &hit_group, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_IP_PROTOCOL), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), sapp_addr.v6->saddr, ntohs(sapp_addr.v6->source), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_SOURCE_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SOURCE_IP), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), sapp_addr.v6->daddr, ntohs(sapp_addr.v6->dest), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_by_last_group(stream, result, scan_mid, hit_cnt, PXY_CTRL_DESTINATION_IP); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_DESTINATION_IP), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } return hit_cnt_ip; } int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; uint16_t opt_out_size; char dest_subscribe_id[TFE_STRING_MAX] = {0}; char source_subscribe_id[TFE_STRING_MAX] = {0}; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_SUB_ID, (unsigned char *)dest_subscribe_id, sizeof(dest_subscribe_id), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch dst sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } } TFE_LOG_DEBUG(logger, "fetch src sub id:%s dst sub id:%s addr: %s", source_subscribe_id, dest_subscribe_id, stream->str_stream_info); if (strlen(source_subscribe_id)) { scan_ret = maat_scan_string(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), source_subscribe_id, strlen(source_subscribe_id),result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", source_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", source_subscribe_id, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } } if (strlen(dest_subscribe_id)) { scan_ret = maat_scan_string(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), dest_subscribe_id, strlen(dest_subscribe_id),result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,&n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", dest_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", dest_subscribe_id, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), tfe_bussiness_tableid_get(PXY_CTRL_SUBSCRIBER_ID), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } } return hit_cnt_ip; }