当bypass命中多条配置时,返回policy_id最大的配置

entry/src/kni_maat.cpp

@@ -185,24 +185,36 @@ error_out:
 
 static int index_of_enforce_policy(struct Maat_rule_t* result, size_t size)
 {
-	size_t i=0;
-	int biggest_policy_id=0, ret_intercept_idx=0;
-	for(i=0; i<size; i++)
+	size_t i = 0;
+	int biggest_intercept_policy_id = -1, ret_intercept_idx;
+	int biggest_bypass_policy_id = -1, ret_bypass_idx;
+	for(i = 0; i < size; i++)
 	{
-		if((unsigned char)result[i].action==KNI_ACTION_BYPASS)
+		if((unsigned char)result[i].action == KNI_ACTION_BYPASS)
 		{
-			return i;
+			if(result[i].config_id > biggest_bypass_policy_id)
+			{
+				biggest_bypass_policy_id = result[i].config_id;
+				ret_bypass_idx = i;
+			}
 		}
 		else
 		{
-			if(result[i].config_id>biggest_policy_id)
+			if(result[i].config_id > biggest_intercept_policy_id)
 			{
-				biggest_policy_id=result[i].config_id;
-				ret_intercept_idx=i;
+				biggest_intercept_policy_id = result[i].config_id;
+				ret_intercept_idx = i;
 			}
 		}
 	}
-	return ret_intercept_idx;
+	if(biggest_bypass_policy_id != -1)
+	{
+		return ret_bypass_idx;
+	}
+	else
+	{
+		return ret_intercept_idx;
+	}
 }
 
 enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipaddr *addr, char *domain, int domain_len,