#include #include #include #include int tfe_scan_subscribe_id(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; uint16_t opt_out_size; char dest_subscribe_id[TFE_STRING_MAX] = {0}; char source_subscribe_id[TFE_STRING_MAX] = {0}; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_SUB_ID, (unsigned char *)dest_subscribe_id, sizeof(dest_subscribe_id), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch dst sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } } TFE_LOG_DEBUG(logger, "fetch src sub id:%s dst sub id:%s addr: %s", source_subscribe_id, dest_subscribe_id, stream->str_stream_info); if (strlen(source_subscribe_id)) { scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), source_subscribe_id, strlen(source_subscribe_id),result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", source_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", source_subscribe_id, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } } if (strlen(dest_subscribe_id)) { scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), dest_subscribe_id, strlen(dest_subscribe_id),result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip,&n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %lld addr: %s", dest_subscribe_id, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan dst TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", dest_subscribe_id, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_SUBSCRIBER_ID), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } } return hit_cnt_ip; } int tfe_scan_fqdn_cat(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger, int table_id) { int scan_ret = 0; unsigned int i = 0; uint16_t opt_out_size; int hit_cnt_fqdn = 0; size_t n_hit_result = 0; unsigned int category_id_num = 0; unsigned int category_id_val[TFE_SYMBOL_MAX] = {0}; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_NUM, (unsigned char *)&category_id_num, sizeof(category_id_num), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch fqdn cat id num from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_VAL, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch fqdn cat id val from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } } TFE_LOG_DEBUG(logger, "fetch fqdn cat id:%d val:%d,%d,%d,%d,%d,%d,%d,%d addr: %s", category_id_num, (category_id_num >= 1 ? category_id_val[0] : 0), (category_id_num >= 2 ? category_id_val[1] : 0), (category_id_num >= 3 ? category_id_val[2] : 0), (category_id_num >= 4 ? category_id_val[3] : 0), (category_id_num >= 5 ? category_id_val[4] : 0), (category_id_num >= 6 ? category_id_val[5] : 0), (category_id_num >= 7 ? category_id_val[6] : 0), (category_id_num >= 8 ? category_id_val[7] : 0), stream->str_stream_info); for (i = 0; i < category_id_num && i < 8; i++) { scan_ret = maat_scan_integer((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, category_id_val[i], result + hit_cnt + hit_cnt_fqdn, MAX_SCAN_RESULT - hit_cnt - hit_cnt_fqdn, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan FQDN_CAT, Hit catid: %d scan ret: %d policy_id: %lld addr: %s", category_id_val[i], scan_ret, result[hit_cnt + hit_cnt_fqdn], stream->str_stream_info); hit_cnt_fqdn += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan FQDN_CAT, NO hit catid: %d scan ret: %d addr: %s", category_id_val[i], scan_ret, stream->str_stream_info); } } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result + hit_cnt + hit_cnt_fqdn, MAX_SCAN_RESULT - hit_cnt - hit_cnt_fqdn, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_fqdn += n_hit_result; } return hit_cnt_fqdn; } int tfe_scan_ip_location(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger, char **location_server, char **location_client) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; uint16_t opt_out_size; char src_ip_location[TFE_STRING_MAX * 5] = {0}; char dst_ip_location[TFE_STRING_MAX * 5] = {0}; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_IP_LOCATION, (unsigned char *)src_ip_location, sizeof(src_ip_location), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch src country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_IP_LOCATION, (unsigned char *)dst_ip_location, sizeof(dst_ip_location), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch dst country from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } } TFE_LOG_DEBUG(logger, "fetch src ip location: %s dst ip location: %s addr: %s", src_ip_location, dst_ip_location, stream->str_stream_info); if (strlen(dst_ip_location)) { scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION), dst_ip_location, strlen(dst_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, Hit location: %s scan ret: %d policy_id: %lld addr: %s", dst_ip_location, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_LOCATION, NO hit location: %s scan ret: %d addr: %s", dst_ip_location, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_LOCATION), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } *location_server = (char *)ALLOC(char, strlen(dst_ip_location)); memcpy(*location_server,dst_ip_location,strlen(dst_ip_location)-1); } if (strlen(src_ip_location)) { scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION), src_ip_location, strlen(src_ip_location), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, Hit location: %s scan ret: %d policy_id: %lld addr: %s", src_ip_location, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan TSG_SECURITY_SOURCE_LOCATION, NO hit location: %s scan ret: %d addr: %s", src_ip_location, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_LOCATION), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } *location_client = (char *)ALLOC(char, strlen(src_ip_location)); memcpy(*location_client,src_ip_location, strlen(src_ip_location)-1); } return hit_cnt_ip; } int tfe_scan_ip_asn(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, void *logger, char **asn_server, char **asn_client) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; uint16_t opt_out_size; char buff[TFE_STRING_MAX * 5] = {0}; char src_asn[TFE_STRING_MAX] = {0}; char dst_asn[TFE_STRING_MAX] = {0}; char src_org[TFE_STRING_MAX] = {0}; char dst_org[TFE_STRING_MAX] = {0}; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ASN, (unsigned char *)src_asn, sizeof(src_asn), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch src asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ASN, (unsigned char *)dst_asn, sizeof(dst_asn), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch dst asn from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_ORGANIZATION, (unsigned char *)src_org, sizeof(src_org), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch src org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DST_ORGANIZATION, (unsigned char *)dst_org, sizeof(dst_org), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch dst org from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } } TFE_LOG_DEBUG(logger, "fetch src asn:%s org:%s; dst asn:%s org:%s addr: %s", src_asn, src_org, dst_asn, dst_org, stream->str_stream_info); if (strlen(dst_asn)) { scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN), dst_asn, strlen(dst_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, Hit asn: %s scan ret: %d policy_id: %lld addr: %s", dst_asn, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan TSG_SECURITY_DESTINATION_ASN, NO hit asn: %s scan ret: %d addr: %s", dst_asn, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_DESTINATION_ASN), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } memset(buff, 0, sizeof(buff)); snprintf(buff, sizeof(buff), "%s(%s)", dst_asn, dst_org); *asn_server = tfe_strdup(buff); } if (strlen(src_asn)) { scan_ret = maat_scan_string((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN), src_asn, strlen(src_asn), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, Hit asn: %s scan ret: %d policy_id: %lld addr: %s", src_asn, scan_ret, result[hit_cnt + hit_cnt_ip], stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan ATTR_SOURCE_ASN, NO hit asn: %s scan ret: %d addr: %s", src_asn, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_SECURITY_SOURCE_ASN), result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } memset(buff, 0, sizeof(buff)); snprintf(buff, sizeof(buff), "%s(%s)", src_asn, src_org); *asn_client = tfe_strdup(buff); } return hit_cnt_ip; } int tfe_scan_app_id(long long *result, struct maat_state *scan_mid, int hit_cnt, int app_id, int table_id) { int scan_ret = 0; int hit_app_id = 0; size_t n_hit_result = 0; struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), tfe_bussiness_tableid_get(TABLE_OBJ_APP_ID_DICT), (const char *)&app_id, sizeof(long long)); if(app_dict!=NULL) { scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, &app_dict->group_id, 1, result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_app_id += n_hit_result; } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_app_id += n_hit_result; } app_id_dict_free(app_dict); } return hit_app_id; } static int get_route_dir(const struct tfe_stream * stream) { uint16_t out_size; unsigned int route_dir; int ret=0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size); if (ret != 0) { return ret; } } return (route_dir==69) ? 1 : 0; } int tfe_scan_internal_exteral_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, int c2s) { int scan_ret = 0; int table_id=0; int hit_cnt_ip = 0; size_t array_size=256; size_t n_hit_result = 0; long long group_id_array[256]={0}; int dir_is_e2i = get_route_dir(stream); int scan_internal_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_INTERNAL_ADDR"); int scan_external_table_id=maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_EXTERNAL_ADDR"); if(c2s == 1) table_id = (dir_is_e2i == 1) ? scan_internal_table_id : scan_external_table_id; if(c2s == 0) table_id = (dir_is_e2i == 0) ? scan_internal_table_id : scan_external_table_id; size_t n_last_hit_group = maat_state_get_last_hit_group_id_cnt(scan_mid); if(n_last_hit_group > 0) { maat_state_get_last_hit_group_ids(scan_mid, group_id_array, array_size); scan_ret = maat_scan_group((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, group_id_array, array_size, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } } return hit_cnt_ip; } int tfe_scan_ipv4_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int table_id=0; int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->saddr, sapp_addr.v4->source, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); scan_ret = maat_scan_ipv4((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v4->daddr, sapp_addr.v4->dest, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } return hit_cnt_ip; } int tfe_scan_ipv6_addr(const struct tfe_stream *stream, long long *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int table_id=0; int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_SOURCE_ADDR"); scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->saddr, sapp_addr.v6->source, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 1); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } table_id = maat_get_table_id((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), "ATTR_DESTINATION_ADDR"); scan_ret = maat_scan_ipv6((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, sapp_addr.v6->daddr, sapp_addr.v6->dest, 6, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic((struct maat *)tfe_bussiness_resouce_get(STATIC_MAAT), table_id, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = tfe_scan_internal_exteral_addr(stream, result, scan_mid, hit_cnt, 0); if(scan_ret > 0) { hit_cnt_ip += scan_ret; } return hit_cnt_ip; }