#include #include #include #include static int scan_object(uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct maat_hit_object objects, const char *table_name, const char *filed_name) { size_t n_hit_result=0; int scan_ret=0, hit_cnt_group=0; scan_ret = maat_scan_object(tfe_get_maat_handle(), table_name, filed_name, &objects, 1, result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_group+=n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_name, filed_name, result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_group+=n_hit_result; } return hit_cnt_group; } static int get_route_dir(const struct tfe_stream * stream) { uint16_t out_size; unsigned int route_dir; int ret=0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_COMMON_DIRECTION, (unsigned char *)&route_dir, sizeof(route_dir), &out_size); if (ret != 0) { return ret; } } return (route_dir==69) ? 1 : 0; } int tfe_get_entry_tags(const struct tfe_stream * stream, enum tfe_cmsg_tlv_type tlv_type, uuid_t *opt_val) { int n_tag_ids = 0; uint16_t opt_out_size = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if(cmsg == NULL) { return 0; } int ret = tfe_cmsg_get_value(cmsg, tlv_type, (unsigned char *)opt_val, 128, &opt_out_size); if(ret == 0 && opt_out_size > 0) { n_tag_ids = opt_out_size/(int)sizeof(uuid_t); } return n_tag_ids; } void tfe_tags_log(uuid_t *opt_val, int n_tag_ids, const char *log_key, void *logger) { char tag_uuid_str[UUID_STRING_SIZE] = {0}; char *tag_uuids_for_log = ALLOC(char, n_tag_ids*UUID_STRING_SIZE); for(int i = 0; i < n_tag_ids; i++) { memset(tag_uuid_str, 0, UUID_STRING_SIZE); uuid_unparse(opt_val[i],tag_uuid_str); strcat(tag_uuids_for_log, tag_uuid_str); if (i < n_tag_ids - 1) { strcat(tag_uuids_for_log, ","); } } TFE_LOG_DEBUG(logger, "fetch %s tags: %s", log_key, tag_uuids_for_log); FREE(&tag_uuids_for_log); } int tfe_get_library_tags(const struct tfe_stream *stream, cJSON *common_obj, tfe_cmsg_tlv_type tlv_type, const char *tag_key) { uuid_t opt_val[128]={0}; char tag_uuid_str[UUID_STRING_SIZE] = {0}; int n_tag_ids = tfe_get_entry_tags(stream, tlv_type, opt_val); if(n_tag_ids == 0) { return 0; } char value[128]={0}; cJSON *tags_array = cJSON_CreateArray(); for(int i = 0; i < n_tag_ids; i++) { memset(tag_uuid_str, 0, UUID_STRING_SIZE); uuid_unparse(opt_val[i],tag_uuid_str); struct library_tag_ctx *library_tag =(struct library_tag_ctx *)maat_plugin_table_get_ex_data(tfe_get_maat_handle(), "LIBRARY_TAG", (const char *)tag_uuid_str, strlen(tag_uuid_str)); if(library_tag != NULL) { if(library_tag->category == CATEGORY_TYPE_ASN && tlv_type == TFE_CMSG_SRC_IP_TAGS_IDS_ARR && atol(library_tag->tag_value) > 0) { cJSON_AddNumberToObject(common_obj, "source_asn", atol(library_tag->tag_value)); } if(library_tag->category == CATEGORY_TYPE_CONTRY_CODE && tlv_type== TFE_CMSG_SRC_IP_TAGS_IDS_ARR) { cJSON_AddStringToObject(common_obj, "source_country", library_tag->tag_value); } if(library_tag->category == CATEGORY_TYPE_ASN && tlv_type == TFE_CMSG_DST_IP_TAGS_IDS_ARR && atol(library_tag->tag_value) > 0) { cJSON_AddNumberToObject(common_obj, "destination_asn", atol(library_tag->tag_value)); } if(library_tag->category == CATEGORY_TYPE_CONTRY_CODE && tlv_type== TFE_CMSG_DST_IP_TAGS_IDS_ARR) { cJSON_AddStringToObject(common_obj, "destination_country", library_tag->tag_value); } memset(value, 0, sizeof(value)); snprintf(value, sizeof(value), "%s:%s", library_tag->tag_key, library_tag->tag_value); cJSON_AddItemToArray(tags_array, cJSON_CreateString(value)); } library_tag_free(library_tag); } cJSON_AddItemToObject(common_obj, tag_key, tags_array); return 0; } int tfe_scan_ip_tags(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { size_t n_hit_result = 0; struct maat_hit_object objects; char result_str[UUID_STRING_SIZE]={0}; int scan_ret = 0, hit_cnt_ip = 0, n_tag_ids = 0; uuid_t opt_val[128]={0}; n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_SRC_IP_TAGS_IDS_ARR, opt_val); if(n_tag_ids == 0) { TFE_LOG_DEBUG(logger, "fetch src ip tags: NULL"); } tfe_tags_log(opt_val, n_tag_ids, "src ip", logger); for (int i = 0; i < n_tag_ids; i++) { memset(&objects, 0, sizeof(objects)); uuid_copy(objects.object_uuid, opt_val[i]); scan_ret = maat_scan_object(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", &objects, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { memset(result_str, 0, sizeof(result_str)); uuid_unparse(result[hit_cnt + hit_cnt_ip], result_str); TFE_LOG_INFO(logger, "Scan Src TAGS, Hit scan ret: %d policy_id: %s addr: %s", scan_ret, result_str, stream->str_stream_info); hit_cnt_ip+=n_hit_result; } else { TFE_LOG_INFO(logger, "Scan Src TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } } memset(opt_val, 0, sizeof(opt_val)); n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_DST_IP_TAGS_IDS_ARR, opt_val); if(n_tag_ids == 0) { TFE_LOG_DEBUG(logger, "fetch dst ip tags: NULL"); return hit_cnt_ip; } tfe_tags_log(opt_val, n_tag_ids, "dst ip", logger); for (int i = 0; i < n_tag_ids; i++) { memset(&objects, 0, sizeof(objects)); uuid_copy(objects.object_uuid, opt_val[i]); scan_ret = maat_scan_object(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP", &objects, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { memset(result_str, 0, sizeof(result_str)); uuid_unparse(result[hit_cnt + hit_cnt_ip], result_str); TFE_LOG_INFO(logger, "Scan Dst TAGS, Hit scan ret: %d policy_id: %s addr: %s", scan_ret, result_str, stream->str_stream_info); hit_cnt_ip += scan_ret; } else { TFE_LOG_INFO(logger, "Scan Dst TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } } return hit_cnt_ip; } int tfe_scan_fqdn_tags(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { uuid_t opt_val[128]={0}; struct maat_hit_object objects; int scan_ret = 0, hit_cnt_fqdn = 0, n_tag_ids = 0; n_tag_ids = tfe_get_entry_tags(stream, (enum tfe_cmsg_tlv_type)TFE_CMSG_FQDN_TAGS_IDS_ARR, opt_val); if(n_tag_ids == 0) { TFE_LOG_DEBUG(logger, "fetch fqdn tags: NULL"); return hit_cnt_fqdn; } tfe_tags_log(opt_val, n_tag_ids, "fqdn", logger); for (int i = 0; i < n_tag_ids; i++) { memset(&objects, 0, sizeof(objects)); uuid_copy(objects.object_uuid, opt_val[i]); scan_ret = scan_object(result, scan_mid, hit_cnt, objects, "TSG_OBJ_FQDN", "SERVER_FQDN"); if (scan_ret > 0) { char result_str[UUID_STRING_SIZE]={0}; uuid_unparse( result[hit_cnt + hit_cnt_fqdn], result_str); TFE_LOG_INFO(logger, "Scan Fqdn TAGS, Hit scan ret: %d policy_id: %s addr: %s", scan_ret, result_str, stream->str_stream_info); hit_cnt_fqdn += scan_ret; } else { TFE_LOG_INFO(logger, "Scan Fqdn TAGS, NO hit scan ret: %d addr: %s", scan_ret, stream->str_stream_info); } } return hit_cnt_fqdn; } int tfe_scan_app_id(uuid_t *result, struct maat_state *scan_mid, int hit_cnt, long long app_id) { int scan_ret = 0; int hit_app_id = 0; size_t n_hit_result = 0; struct maat_hit_object objects; struct app_id_dict *app_dict = (struct app_id_dict*)maat_plugin_table_get_ex_data(tfe_get_maat_handle(), "APP_ID_DICT", (const char *)&app_id, sizeof(long long)); if(app_dict!=NULL) { memset(&objects, 0, sizeof(objects)); uuid_copy(objects.object_uuid, app_dict->object_uuid); scan_ret=maat_scan_object(tfe_get_maat_handle(), "APP_ID_DICT", "APP_ID", &objects, 1, result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_app_id += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "APP_ID_DICT", "APP_ID", result+hit_cnt+hit_app_id, MAX_SCAN_RESULT-hit_cnt-hit_app_id, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_app_id += n_hit_result; } app_id_dict_free(app_dict); } return hit_app_id; } int tfe_scan_value_by_cmsg(const struct tfe_stream *stream, enum tfe_cmsg_tlv_type tlv_type, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, const char *table_name, const char *filed_name, char *opt_val) { uint16_t opt_out_size = 0; int hit_cnt_string=0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if(cmsg == NULL) { return hit_cnt_string; } int ret = tfe_cmsg_get_value(cmsg, tlv_type, (unsigned char *)opt_val, 128, &opt_out_size); if(ret == 0 && opt_out_size > 0) { size_t n_hit_result=0; int scan_ret = maat_scan_string(tfe_get_maat_handle(), table_name, filed_name, opt_val, strlen(opt_val), result+hit_cnt+hit_cnt_string, MAX_SCAN_RESULT-hit_cnt-hit_cnt_string, &n_hit_result,scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_string+=n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), table_name, filed_name, result+hit_cnt+hit_cnt_string, MAX_SCAN_RESULT-hit_cnt-hit_cnt_string, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_string+=n_hit_result; } } return hit_cnt_string; } int tfe_scan_device(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { char opt_val[4][128]={0}; int scan_ret = 0, htt_cnt_device = 0; scan_ret = tfe_scan_value_by_cmsg(stream, TFE_CMSG_SRC_IMSI_STR, result, scan_mid, hit_cnt, "TSG_OBJ_IMSI", "GTP_IMSI", opt_val[0]); if(scan_ret > 0) { htt_cnt_device += scan_ret; } scan_ret = tfe_scan_value_by_cmsg(stream, TFE_CMSG_SRC_IMEI_STR, result, scan_mid, hit_cnt, "TSG_OBJ_IMEI","GTP_IMEI", opt_val[1]); if(scan_ret > 0) { htt_cnt_device += scan_ret; } scan_ret = tfe_scan_value_by_cmsg(stream, TFE_CMSG_SRC_PHONE_NUM_STR, result, scan_mid, hit_cnt, "TSG_OBJ_PHONE_NUMBER","GTP_PHONE_NUMBER", opt_val[2]); if(scan_ret > 0) { htt_cnt_device += scan_ret; } scan_ret = tfe_scan_value_by_cmsg(stream, TFE_CMSG_SRC_APN_STR, result, scan_mid, hit_cnt, "TSG_OBJ_APN", "GTP_APN", opt_val[3]); if(scan_ret > 0) { htt_cnt_device += scan_ret; } TFE_LOG_DEBUG(logger, "fetch device string, imsi:%s imei:%s phone_number:%s apn:%s", opt_val[0], opt_val[1], opt_val[2], opt_val[3]); return htt_cnt_device; } int tfe_scan_port(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, uint16_t source, uint16_t dest) { int scan_ret = 0; int hit_cnt_port = 0; size_t n_hit_result = 0; scan_ret=maat_scan_integer(tfe_get_maat_handle(), "TSG_OBJ_PORT", "SOURCE_PORT", ntohs(source), result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_PORT", "SOURCE_PORT", result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } scan_ret=maat_scan_integer(tfe_get_maat_handle(), "TSG_OBJ_PORT", "DESTINATION_PORT", ntohs(dest), result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_PORT", "DESTINATION_PORT", result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } return hit_cnt_port; } #define INTERNAL_ZONE_OBJECT_UUID "00000000-0000-0000-0000-000000000008" #define EXTERNAL_ZONE_OBJECT_UUID "00000000-0000-0000-0000-000000000009" int tfe_scan_zone(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt) { int scan_ret = 0; int hit_cnt_zone = 0; struct maat_hit_object source_zone_objects, dest_zone_objects; uuid_t internal_objects_uuid; const char *internal_objects_uuid_str = INTERNAL_ZONE_OBJECT_UUID; uuid_parse(internal_objects_uuid_str, internal_objects_uuid); uuid_t external_objects_uuid; const char *external_objects_uuid_str = EXTERNAL_ZONE_OBJECT_UUID; uuid_parse(external_objects_uuid_str, external_objects_uuid); if(get_route_dir(stream)) { uuid_copy(source_zone_objects.object_uuid, internal_objects_uuid); uuid_copy(dest_zone_objects.object_uuid, external_objects_uuid); } else { uuid_copy(source_zone_objects.object_uuid, external_objects_uuid); uuid_copy(dest_zone_objects.object_uuid, internal_objects_uuid); } scan_ret = scan_object(result, scan_mid, hit_cnt, source_zone_objects, "TSG_OBJ_ZONE", "SOURCE_ZONE"); if (scan_ret > 0) { hit_cnt_zone += scan_ret; } scan_ret = scan_object(result, scan_mid, hit_cnt, source_zone_objects, "TSG_OBJ_ZONE", "DESTINATION_ZONE"); if (scan_ret > 0) { hit_cnt_zone += scan_ret; } return hit_cnt_zone; } #define PROTOCOL_TCP_UUID_ID "00000000-0000-0000-0000-000000000006" int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int scan_ret = 0; int hit_cnt_ip = 0; uuid_t objects_uuid; size_t n_hit_result = 0; struct maat_hit_object objects; const char *protocol_uuid =PROTOCOL_TCP_UUID_ID; memset(&objects, 0, sizeof(objects)); uuid_parse(protocol_uuid, objects_uuid); uuid_copy(objects.object_uuid, objects_uuid); scan_ret = maat_scan_object(tfe_get_maat_handle(), "TSG_OBJ_IP_PROTOCOL", "IP_PROTOCOL", &objects, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_PROTOCOL", "IP_PROTOCOL", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", sapp_addr.v4->saddr, ntohs(sapp_addr.v4->source), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv4_port(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP", sapp_addr.v4->daddr, ntohs(sapp_addr.v4->dest), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } return hit_cnt_ip; } int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, struct ipaddr sapp_addr) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; uuid_t objects_uuid; struct maat_hit_object objects; const char *protocol_uuid =PROTOCOL_TCP_UUID_ID; memset(&objects, 0, sizeof(objects)); uuid_parse(protocol_uuid, objects_uuid); uuid_copy(objects.object_uuid, objects_uuid); scan_ret = maat_scan_object(tfe_get_maat_handle(), "TSG_OBJ_IP_PROTOCOL", "IP_PROTOCOL", &objects, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_PROTOCOL", "IP_PROTOCOL", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", sapp_addr.v6->saddr, ntohs(sapp_addr.v6->source), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "SOURCE_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_ipv6_port(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP", sapp_addr.v6->daddr, ntohs(sapp_addr.v6->dest), result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_IP_ADDR", "DESTINATION_IP", result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } return hit_cnt_ip; } int tfe_scan_subscribe_id(const struct tfe_stream *stream, uuid_t *result, struct maat_state *scan_mid, int hit_cnt, void *logger) { int scan_ret = 0; int hit_cnt_ip = 0; size_t n_hit_result = 0; uint16_t opt_out_size; char source_subscribe_id[TFE_STRING_MAX] = {0}; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(stream); if (cmsg != NULL) { scan_ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_SRC_SUB_ID, (unsigned char *)source_subscribe_id, sizeof(source_subscribe_id), &opt_out_size); if (scan_ret != 0) { TFE_LOG_ERROR(logger, "fetch src sub id from cmsg failed, ret: %d addr: %s", scan_ret, stream->str_stream_info); } } TFE_LOG_DEBUG(logger, "fetch src sub id:%s addr: %s", source_subscribe_id, stream->str_stream_info); if (strlen(source_subscribe_id)) { scan_ret = maat_scan_string(tfe_get_maat_handle(), "TSG_OBJ_SUBSCRIBER_ID", "SUBSCRIBER_ID", source_subscribe_id, strlen(source_subscribe_id),result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { char result_str[UUID_STRING_SIZE]={0}; uuid_unparse(result[hit_cnt + hit_cnt_ip], result_str); TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, Hit subid: %s scan ret: %d policy_id: %s addr: %s", source_subscribe_id, scan_ret, result_str, stream->str_stream_info); hit_cnt_ip += n_hit_result; } else { TFE_LOG_INFO(logger, "Scan src TSG_OBJ_SUBSCRIBER_ID, NO hit subid: %s scan ret: %d addr: %s", source_subscribe_id, scan_ret, stream->str_stream_info); } scan_ret = maat_scan_not_logic(tfe_get_maat_handle(), "TSG_OBJ_SUBSCRIBER_ID", "SUBSCRIBER_ID", result + hit_cnt + hit_cnt_ip, MAX_SCAN_RESULT - hit_cnt - hit_cnt_ip, &n_hit_result, scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip += n_hit_result; } } return hit_cnt_ip; }