summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/stellar/scanner.h2
-rw-r--r--scanner/scanner.c59
-rw-r--r--scanner/scanner_maat.c265
3 files changed, 278 insertions, 48 deletions
diff --git a/include/stellar/scanner.h b/include/stellar/scanner.h
index febe777..512b77c 100644
--- a/include/stellar/scanner.h
+++ b/include/stellar/scanner.h
@@ -52,7 +52,7 @@ size_t scanner_state_get_history_rules(struct scanner_state *exdata, enum RULE_T
size_t scanner_state_get_current_packet_rule_count(struct scanner_state *exdata, enum RULE_TYPE rule_type);
size_t scanner_state_get_current_packet_rules(struct scanner_state *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], size_t n_rule_uuids);
-struct maat *scanne_get_maat_instance(struct scanner *scanner);
+struct maat *scanner_get_maat_instance(struct scanner *scanner);
const char *scanner_get_application_sub_action(struct scanner *scanner, int32_t appid);
const char *scanner_get_security_settings(struct scanner *scanner, int32_t t_vsys_id);
diff --git a/scanner/scanner.c b/scanner/scanner.c
index aa69573..00ec4e9 100644
--- a/scanner/scanner.c
+++ b/scanner/scanner.c
@@ -76,41 +76,6 @@ int32_t is_dup_tag_uuid(uuid_t *tag_uuids, size_t tag_uuids_num, uuid_t tag_uuid
return FALSE;
}
-const char *scanner_get_device_id(struct scanner *scanner)
-{
- return ((scanner->global_para.device_id[0]=='\0') ? NULL : scanner->device_id);
-}
-
-const char *scanner_get_device_group(struct scanner *scanner)
-{
- return ((scanner->global_para.device_group[0]=='\0') ? NULL : scanner->device_group);
-}
-
-const char *scanner_get_data_center(struct scanner *scanner)
-{
- return ((scanner->global_para.data_center[0]=='\0') ? NULL : scanner->data_center);
-}
-
-const char *scanner_get_device_tag(struct scanner *scanner)
-{
- return ((scanner->global_para.device_tag[0]=='\0') ? NULL : scanner->device_tag);
-}
-
-const char *scanner_get_device_sn(struct scanner *scanner)
-{
- return ((scanner->global_para.device_sn[0]=='\0') ? NULL : scanner->device_sn);
-}
-
-const char *scanner_get__sled_ip(struct scanner *scanner)
-{
- return ((scanner->global_para.sled_ip[0]=='\0') ? NULL : scanner->sled_ip);
-}
-
-int scanner_get_traffic_vsystem_id(struct scanner *scanner)
-{
- return scanner->global_para.traffic_vsystem_id;
-}
-
void device_sn_value_parser(char *filename, char *device_sn, size_t device_sn_sz)
{
if(filename==NULL || device_sn==NULL || device_sn_sz==0)
@@ -732,11 +697,11 @@ enum MAAT_RULE_TABLE maat_rule_table_string2type(char *rule_name, size_t rule_na
{
if(rule_name==NULL || rule_name_sz==0)
{
- return MAAT_RULE_TABLE_UNKNOWN;
+ return RULE_TYPE_UNKNOWN;
}
struct rule_table_string2type rule_name_array[RULE_TYPE_MAX]={
- {MAAT_RULE_TABLE_UNKNOWN, 0, NULL},
+ {RULE_TYPE_UNKNOWN, 0, NULL},
{RULE_TYPE_SECURITY, 13, (char *)"SECURITY_RULE"},
{RULE_TYPE_PXY_INTERCEPT, 18, (char *)"PXY_INTERCEPT_RULE"},
{RULE_TYPE_SERVICE_CHAINING, 21, (char *)"SERVICE_CHAINING_RULE"},
@@ -762,7 +727,7 @@ enum MAAT_RULE_TABLE maat_rule_table_string2type(char *rule_name, size_t rule_na
}
}
- return MAAT_RULE_TABLE_UNKNOWN;
+ return RULE_TYPE_UNKNOWN;
}
void scanner_convert_rule(const char *readable_addr, struct maat_state *scan_state, struct scanner_state *policy_state, uuid_t *rule_uuids, size_t n_rule_uuids)
@@ -824,7 +789,7 @@ void scanner_scan_not_logic_attribute(const char *readable_addr, struct attribut
size_t n_rule_uuids=0;
uuid_t rule_uuids[MAX_HITS_RULES_NUM];
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
int hits_status=maat_scan_not_logic(cm_maat, table_name, schema->scan_attribute_name, rule_uuids, MAX_HITS_RULES_NUM, &n_rule_uuids, scan_state);
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
@@ -852,7 +817,7 @@ void scanner_scan_object_attribute(const char *readable_addr, struct attribute_s
size_t n_rule_uuids=0;
uuid_t rule_uuids[MAX_HITS_RULES_NUM];
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
int hits_status=maat_scan_object(cm_maat, table_name, schema->scan_attribute_name, objects, n_object, rule_uuids, MAX_HITS_RULES_NUM, &n_rule_uuids, scan_state);
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
@@ -881,7 +846,7 @@ void scanner_scan_string_attribute(const char *readable_addr, struct attribute_s
size_t n_rule_uuids=0;
uuid_t rule_uuids[MAX_HITS_RULES_NUM];
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
int hits_status=maat_scan_string(cm_maat, table_name, schema->scan_attribute_name, scan_string, scan_string_sz, rule_uuids, MAX_HITS_RULES_NUM, &n_rule_uuids, scan_state);
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
@@ -909,7 +874,7 @@ void scanner_scan_integer_attribute(const char *readable_addr, struct attribute_
size_t n_rule_uuids=0;
uuid_t rule_uuids[MAX_HITS_RULES_NUM];
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
int hits_status=maat_scan_integer(cm_maat, table_name, schema->scan_attribute_name, scan_integer, rule_uuids, MAX_HITS_RULES_NUM, &n_rule_uuids, scan_state);
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
@@ -938,7 +903,7 @@ void scanner_scan_flag_attribute(const char *readable_addr, struct attribute_sch
size_t n_rule_uuids=0;
uuid_t rule_uuids[MAX_HITS_RULES_NUM];
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
int hits_status=maat_scan_flag(cm_maat, table_name, schema->scan_attribute_name, scan_flag, rule_uuids, MAX_HITS_RULES_NUM, &n_rule_uuids, scan_state);
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
@@ -967,7 +932,7 @@ void scanner_scan_ipv4_attribute(const char *readable_addr, struct attribute_sch
size_t n_rule_uuids=0;
uuid_t rule_uuids[MAX_HITS_RULES_NUM];
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
int hits_status=maat_scan_ipv4_port(cm_maat, table_name, schema->scan_attribute_name, scan_ipv4, scan_port, rule_uuids, MAX_HITS_RULES_NUM, &n_rule_uuids, scan_state);
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
@@ -996,7 +961,7 @@ void scanner_scan_ipv6_attribute(const char *readable_addr, struct attribute_sch
size_t n_rule_uuids=0;
uuid_t rule_uuids[MAX_HITS_RULES_NUM];
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
int hits_status=maat_scan_ipv6_port(cm_maat, table_name, schema->scan_attribute_name, scan_ipv6, scan_port, rule_uuids, MAX_HITS_RULES_NUM, &n_rule_uuids, scan_state);
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
@@ -1029,7 +994,7 @@ void scanner_scan_stream_attribute(const char *readable_addr, struct attribute_s
if(*stream_handle==NULL)
{
- const char *table_name=firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name);
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name);
*stream_handle=maat_stream_new(cm_maat, table_name, schema->scan_attribute_name, scan_state);
FIREWALL_DEBUG_LOG("maat_stream_new", "new table: %s attribute: %s %s addr: %s",
table_name,
@@ -1045,7 +1010,7 @@ void scanner_scan_stream_attribute(const char *readable_addr, struct attribute_s
scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
FIREWALL_DEBUG_LOG("maat_stream_scan", "scan table: %s attribute: %s hits_status: %d, n_hits: %d, addr: %s",
- firewall_attribuite_mapping_table_name_get0(cm_maat, schema->scan_attribute_name),
+ scanner_maat_get_object_table_name(cm_maat, schema->scan_attribute_name),
schema->scan_attribute_name,
hits_status,
n_rule_uuids,
diff --git a/scanner/scanner_maat.c b/scanner/scanner_maat.c
index ed9a7f7..e8ae674 100644
--- a/scanner/scanner_maat.c
+++ b/scanner/scanner_maat.c
@@ -8,6 +8,9 @@
#include "scanner_maat.h"
#include "scanner_toml.h"
+#include "scanner_state.h"
+
+#define MAX_MATCH_RULES_NUM 128
struct maat_parameter
{
@@ -1034,4 +1037,266 @@ struct scanner_maat *scanner_sd_maat_new(struct logger *logger, const char *toml
sd_maat->plugin_table=scaner_maat_sd_plugin_new(sd_maat);
return sd_maat;
+}
+
+struct rule_table_string2type
+{
+ enum RULE_TYPE type;
+ size_t string_sz;
+ char *string;
+};
+
+enum RULE_TYPE maat_rule_table_string2type(char *rule_name, size_t rule_name_sz)
+{
+ if(rule_name==NULL || rule_name_sz==0)
+ {
+ return RULE_TYPE_UNKNOWN;
+ }
+
+ struct rule_table_string2type rule_name_array[RULE_TYPE_MAX]={
+ {RULE_TYPE_UNKNOWN, 0, NULL},
+ {RULE_TYPE_SECURITY, 13, (char *)"SECURITY_RULE"},
+ {RULE_TYPE_PXY_INTERCEPT, 18, (char *)"PXY_INTERCEPT_RULE"},
+ {RULE_TYPE_SERVICE_CHAINING, 21, (char *)"SERVICE_CHAINING_RULE"},
+ {RULE_TYPE_SHAPING, 20, (char *)"TRAFFIC_SHAPING_RULE"},
+ {RULE_TYPE_APP_SIGNATURE, 12, (char *)"APP_SIG_RULE"},
+ {RULE_TYPE_STATISTICS, 15, (char *)"STATISTICS_RULE"},
+ {RULE_TYPE_MONITOR, 12, (char *)"MONITOR_RULE"},
+ {RULE_TYPE_DOS_PROTECTION, 19, (char *)"DOS_PROTECTION_RULE"},
+ {RULE_TYPE_TUNNEL, 11, (char *)"TUNNEL_RULE"}
+ };
+
+ for(int i=0; i<RULE_TYPE_MAX; i++)
+ {
+ if(rule_name_array[i].string_sz==0)
+ {
+ continue;
+ }
+
+ if(rule_name_array[i].string_sz==rule_name_sz && (strncasecmp(rule_name_array[i].string, rule_name, rule_name_array[i].string_sz))==0
+ )
+ {
+ return rule_name_array[i].type;
+ }
+ }
+
+ return RULE_TYPE_UNKNOWN;
+}
+
+void scanner_convert_rule(const char *readable_addr __attribute__((unused)), struct maat_state *scan_state, struct scanner_state *policy_state, uuid_t *rule_uuids, size_t n_rule_uuids)
+{
+ if(scan_state==NULL || policy_state==NULL || rule_uuids==NULL || n_rule_uuids==0)
+ {
+ return ;
+ }
+
+ for(size_t i=0; i<n_rule_uuids; i++)
+ {
+ char *rule_table_name=NULL;
+ int ret=maat_state_get_rule_table_names(scan_state, &(rule_uuids[i]), 1, &rule_table_name);
+ if(ret<=0)
+ {
+ return ;
+ }
+ size_t rule_table_name_sz=((rule_table_name!=NULL) ? strlen(rule_table_name) : 0);
+ enum RULE_TYPE rule_type=maat_rule_table_string2type(rule_table_name, rule_table_name_sz);
+ scanner_state_add_current_packet_rules(policy_state, rule_type, &(rule_uuids[i]), 1);
+ }
+}
+
+void scanner_scan_not_logic_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || policy_state==NULL || attribute_name==NULL)
+ {
+ return ;
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ int hits_status=maat_scan_not_logic(cm_maat->feather, table_name, attribute_name, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_not_logic: scan table: %s attribute_name: %s hits_status: %d n_hits: %d addr: %s",
+ table_name,
+ attribute_name,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+}
+
+void scanner_scan_object_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct maat_hit_object *objects, size_t n_object, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || policy_state==NULL || attribute_name==NULL || objects==NULL || n_object==0)
+ {
+ return ;
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ int hits_status=maat_scan_object(cm_maat->feather, table_name, attribute_name, objects, n_object, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_object: scan table: %s attribute_name: %s object_ids: %d hits_status: %d n_hits: %d addr: %s",
+ table_name,
+ attribute_name,
+ n_object,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+}
+
+void scanner_scan_string_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, const char *scan_string, size_t scan_string_sz, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || scan_string==NULL || attribute_name==NULL || scan_string_sz==0 || policy_state==NULL)
+ {
+ return ;
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ int hits_status=maat_scan_string(cm_maat->feather, table_name, attribute_name, scan_string, scan_string_sz, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_string: scan table: %s attribute_name: %s string: hits_status: %d n_hits: %d addr: %s",
+ table_name,
+ attribute_name,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+}
+
+void scanner_scan_integer_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint64_t scan_integer, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || policy_state==NULL || attribute_name==NULL)
+ {
+ return ;
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ int hits_status=maat_scan_integer(cm_maat->feather, table_name, attribute_name, scan_integer, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_integer: scan table: %s attribute_name: %s integer: %lu hits_status: %d n_hits: %d addr: %s",
+ table_name,
+ attribute_name,
+ scan_integer,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+}
+
+void scanner_scan_flag_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint64_t scan_flag, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || policy_state==NULL || attribute_name==NULL)
+ {
+ return ;
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ int hits_status=maat_scan_flag(cm_maat->feather, table_name, attribute_name, scan_flag, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_flags: scan table: %s attribute_name: %s flags: %lu hits_status: %d n_hits: %d addr: %s",
+ table_name,
+ attribute_name,
+ scan_flag,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+}
+
+void scanner_scan_ipv4_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint32_t scan_ipv4, int32_t scan_port, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || policy_state==NULL || attribute_name==NULL)
+ {
+ return ;
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ int hits_status=maat_scan_ipv4_port(cm_maat->feather, table_name, attribute_name, scan_ipv4, scan_port, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_ipv4_port: scan ipv4: %u port: %d table: %s attribute_name: %s hits_status: %d n_hits: %d addr: %s",
+ scan_ipv4,
+ scan_port,
+ table_name,
+ attribute_name,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+}
+
+void scanner_scan_ipv6_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, uint8_t *scan_ipv6, int32_t scan_port, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || policy_state==NULL || attribute_name)
+ {
+ return ;
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ int hits_status=maat_scan_ipv6_port(cm_maat->feather, table_name, attribute_name, scan_ipv6, scan_port, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_scan_ipv6_port: scan ipv6: %.08x-%.08x-%.08x-%.08x port: %d table: %s attribute_name: %s hits_status: %d, n_hits: %d, addr: %s",
+ ((uint32_t *)scan_ipv6)[0],
+ ((uint32_t *)scan_ipv6)[1],
+ ((uint32_t *)scan_ipv6)[2],
+ ((uint32_t *)scan_ipv6)[3],
+ scan_port,
+ table_name,
+ attribute_name,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+}
+
+void scanner_scan_stream_attribute(const char *readable_addr, char *attribute_name, struct scanner_maat *cm_maat, struct maat_state *scan_state, struct maat_stream **stream_handle, const char *scan_string, size_t scan_string_sz, struct scanner_state *policy_state)
+{
+ if(scan_state==NULL || policy_state==NULL || attribute_name==NULL || scan_string==NULL || scan_string_sz==0 || stream_handle==NULL)
+ {
+ return ;
+ }
+
+ if(*stream_handle==NULL)
+ {
+ const char *table_name=scanner_maat_get_object_table_name(cm_maat, attribute_name);
+ *stream_handle=maat_stream_new(cm_maat->feather, table_name, attribute_name, scan_state);
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_stream_new: new table: %s attribute_name: %s %s addr: %s",
+ table_name,
+ attribute_name,
+ (*stream_handle!=NULL) ? "success" : "failed",
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
+ }
+
+ size_t n_rule_uuids=0;
+ uuid_t rule_uuids[MAX_MATCH_RULES_NUM];
+ int hits_status=maat_stream_scan(*stream_handle, scan_string, scan_string_sz, rule_uuids, MAX_MATCH_RULES_NUM, &n_rule_uuids, scan_state);
+ scanner_convert_rule(readable_addr, scan_state, policy_state, rule_uuids, n_rule_uuids);
+
+ STELLAR_LOG_TRACE(cm_maat->logger, SCANNER_MODULE_NAME, "maat_stream_scan: scan table: %s attribute_name: %s hits_status: %d, n_hits: %d, addr: %s",
+ scanner_maat_get_object_table_name(cm_maat, attribute_name),
+ attribute_name,
+ hits_status,
+ n_rule_uuids,
+ ((readable_addr!=NULL) ? readable_addr : "")
+ );
} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 16:31:45 +0000