diff --git a/conf/maat/maat_test.json b/conf/maat/maat_test.json index 0815230..18ba692 100644 --- a/conf/maat/maat_test.json +++ b/conf/maat/maat_test.json @@ -6,6 +6,7 @@ "compile_id": 0, "service": 1, "action": 1, + "table_name": "COMPILE_ALIAS", "do_blacklist": 1, "do_log": 1, "effective_rage": 0, @@ -68,7 +69,6 @@ "service": 1, "action":2, "do_blacklist": 1, - "table_name": "COMPILE_ALIAS", "do_log": 1, "effective_rage": 0, "user_region": "zone=pkt_payload;substitute=/AAAA/BBBB", diff --git a/entry/include/kni_maat.h b/entry/include/kni_maat.h index b4eccd1..66455de 100644 --- a/entry/include/kni_maat.h +++ b/entry/include/kni_maat.h @@ -5,7 +5,6 @@ #define KNI_MAAT_RULE_NUM_MAX 8 struct kni_maat_handle{ Maat_feather_t feather; - int default_action; int tableid_intercept_ip; int tableid_intercept_domain; void *logger; diff --git a/entry/src/kni_maat.cpp b/entry/src/kni_maat.cpp index fead6dd..a3436e4 100644 --- a/entry/src/kni_maat.cpp +++ b/entry/src/kni_maat.cpp @@ -2,6 +2,7 @@ #include "kni_maat.h" extern int g_iThreadNum; +int g_maat_default_action = -1; void kni_maat_destroy(struct kni_maat_handle *handle){ if(handle != NULL){ @@ -16,17 +17,18 @@ void kni_maat_destroy(struct kni_maat_handle *handle){ void compile_ex_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp){ printf("call compile_ex_param_new\n"); if(rule->config_id == 0){ - int *action = (int*)argp; - *action = rule->action; + g_maat_default_action = rule->action; } return; } void compile_ex_param_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp){ + printf("call compile_ex_param_free\n"); return; } void compile_ex_param_dup(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp){ + printf("call compile_ex_param_dup\n"); return; } @@ -89,7 +91,8 @@ struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){ return NULL; } struct kni_maat_handle *handle = ALLOC(struct kni_maat_handle, 1); - ret = Maat_rule_get_ex_new_index(feather, "COMPILE_ALIAS", compile_ex_param_new, compile_ex_param_free, compile_ex_param_dup, 0, (void*)&(handle->default_action)); + ret = Maat_rule_get_ex_new_index(feather, compile_alias, compile_ex_param_new, compile_ex_param_free, compile_ex_param_dup, 0, NULL); + printf("Maat_rule_get_ex_new_index: compile_alias is %s, ret is %d\n", compile_alias, ret); if(ret < 0){ KNI_LOG_ERROR(logger, "Failed at Maat_rule_get_ex_new_index, ret is %d", ret); kni_maat_destroy(handle); @@ -98,14 +101,13 @@ struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){ handle->feather = feather; handle->tableid_intercept_ip = tableid_intercept_ip; handle->tableid_intercept_domain = tableid_intercept_domain; - //handle->default_action = KNI_ACTION_INTERCEPT; handle->logger = logger; return handle; } static int maat_process_scan_result(struct kni_maat_handle *handle, int num, struct Maat_rule_t *result){ //void *logger = handle->logger; - int action = handle->default_action; + int action = g_maat_default_action; for(int i = 0; i < num; i++){ action = result[i].action; if(action == KNI_ACTION_BYPASS){ @@ -118,6 +120,7 @@ static int maat_process_scan_result(struct kni_maat_handle *handle, int num, str //TODO: Maat_rule_get_ex_new_index compile_ex_param_new: config_id = 0, 取action即为全局变量, 一旦配置更新就回调, tableinfo怎么写,回调表, 编译配置表 int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int thread_seq){ + //printf("default action is %d\n", g_maat_default_action); void *logger = handle->logger; struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX]; scan_status_t mid = NULL; @@ -125,7 +128,7 @@ int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int th KNI_MAAT_RULE_NUM_MAX, &mid, thread_seq); if(ret < 0){ KNI_LOG_ERROR(logger, "Failed at Maat_scan_proto_addr, ret is %d", ret); - return handle->default_action; + return g_maat_default_action; } int action = maat_process_scan_result(handle, ret, result); @@ -146,7 +149,7 @@ int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domai domain, domain_len, result, NULL, KNI_MAAT_RULE_NUM_MAX, &mid, thread_seq); if(ret < 0){ KNI_LOG_ERROR(logger, "Failed at Maat_full_scan_string, ret is %d", ret); - return handle->default_action; + return g_maat_default_action; } int action = maat_process_scan_result(handle, ret, result);