利用maat回调获得默认action

2019-05-19 17:50:51 +08:00
parent 82efb303c0
commit 1e58549e8a
3 changed files with 11 additions and 9 deletions
--- a/entry/src/kni_maat.cpp
+++ b/entry/src/kni_maat.cpp
@@ -2,6 +2,7 @@
 #include "kni_maat.h"

 extern int g_iThreadNum;
+int g_maat_default_action = -1;

 void kni_maat_destroy(struct kni_maat_handle *handle){
 	if(handle != NULL){
@@ -16,17 +17,18 @@ void kni_maat_destroy(struct kni_maat_handle *handle){
 void compile_ex_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp){
 	printf("call compile_ex_param_new\n");
 	if(rule->config_id == 0){
-		int *action = (int*)argp;
-		*action = rule->action;
+		g_maat_default_action = rule->action;
 	}
 	return;
 }

 void compile_ex_param_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp){
+	printf("call compile_ex_param_free\n");
 	return;
 }

 void compile_ex_param_dup(int idx,	MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp){
+	printf("call compile_ex_param_dup\n");
 	return;
 }

@@ -89,7 +91,8 @@ struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){
 		return NULL;
 	}
 	struct kni_maat_handle *handle = ALLOC(struct kni_maat_handle, 1);
-	ret = Maat_rule_get_ex_new_index(feather, "COMPILE_ALIAS", compile_ex_param_new, compile_ex_param_free, compile_ex_param_dup, 0, (void*)&(handle->default_action));
+	ret = Maat_rule_get_ex_new_index(feather, compile_alias, compile_ex_param_new, compile_ex_param_free, compile_ex_param_dup, 0, NULL);
+	printf("Maat_rule_get_ex_new_index: compile_alias is %s, ret is %d\n", compile_alias, ret);
 	if(ret < 0){
 		KNI_LOG_ERROR(logger, "Failed at Maat_rule_get_ex_new_index, ret is %d", ret);
 		kni_maat_destroy(handle);
@@ -98,14 +101,13 @@ struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){
 	handle->feather = feather;
 	handle->tableid_intercept_ip = tableid_intercept_ip;
 	handle->tableid_intercept_domain = tableid_intercept_domain;
-	//handle->default_action = KNI_ACTION_INTERCEPT;
 	handle->logger = logger;
 	return handle;
 }

 static int maat_process_scan_result(struct kni_maat_handle *handle, int num, struct Maat_rule_t *result){
 	//void *logger = handle->logger;
-	int action = handle->default_action;
+	int action = g_maat_default_action;
 	for(int i = 0; i < num; i++){
 		action = result[i].action;
 		if(action == KNI_ACTION_BYPASS){
@@ -118,6 +120,7 @@ static int maat_process_scan_result(struct kni_maat_handle *handle, int num, str

 //TODO: Maat_rule_get_ex_new_index   compile_ex_param_new: config_id = 0, 取action即为全局变量, 一旦配置更新就回调, tableinfo怎么写，回调表， 编译配置表 
 int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int thread_seq){
+	//printf("default action is %d\n", g_maat_default_action);
 	void *logger = handle->logger;
 	struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX];
 	scan_status_t mid = NULL;
@@ -125,7 +128,7 @@ int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int th
 								KNI_MAAT_RULE_NUM_MAX, &mid, thread_seq);
 	if(ret < 0){
 		KNI_LOG_ERROR(logger, "Failed at Maat_scan_proto_addr, ret is %d", ret);
-		return handle->default_action;
+		return g_maat_default_action;
 	}
 	int action = maat_process_scan_result(handle, ret, result);
 	
@@ -146,7 +149,7 @@ int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domai
 			domain, domain_len, result, NULL, KNI_MAAT_RULE_NUM_MAX, &mid, thread_seq);
 	if(ret < 0){
 		KNI_LOG_ERROR(logger, "Failed at Maat_full_scan_string, ret is %d", ret);
-		return handle->default_action;
+		return g_maat_default_action;
 	}
 	int action = maat_process_scan_result(handle, ret, result);