修正redirect功能处理流程的若干问题，增加拦截协议识别过滤单项流的流程

* 将在pending状态下判断报文是否存在在redirect表中的逻辑提前，因修改后的SYN-ACK会单独成为一个流，再次触发pending状态。
* 修正读入控制域时内存越界的问题；
* 增加拦截协议识别过滤单项流的流程，如需要拦截的流量为单项流，则不执行拦截流程直接转发。

kni_entry.c

@@ -563,7 +563,12 @@ char kni_first_tcpdata(const struct streaminfo* pstream,const void* a_packet,str
 	
 	int domain_len=0;
 	char domain[KNI_DEFAULT_MTU]={0};
-	
+
+	if(pstream->dir != DIR_DOUBLE)
+    {
+        kni_log_info((char*)KNI_MODULE_INFO,&(pstream->addr),pmeinfo->protocol,domain,(char*)"NOT-DOUBLE",(char*)"BYPASS",pmeinfo);
+        return ret;
+    }
 
 	pmeinfo->protocol=kni_protocol_identify(pstream,a_packet,data,datalen,domain,&domain_len);
 	assert(domain_len<(int)sizeof(domain));
@@ -703,20 +708,21 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p
 		kni_filestate2_set(thread_seq,FS_WHITELIST,0,1);
 		return ret;	
 	}
+	
 //add kni_action_redirect  20181216 start
+	else if(redirect_search_htable(pstream->addr.addrtype,pmeinfo,thread_seq,a_packet,protocol) == 1)
+	{
+		ret = process_redirect_data(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir);
+		return ret;			
+	}
+
 	else if(pmeinfo->action == KNI_ACTION_REDIRECT)
 	{
 		ret = process_redirect_pending(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir);
 		return ret;
 	}
-	else if(redirect_search_htable(pstream->addr.addrtype,pmeinfo,thread_seq,a_packet,protocol) == 1)
-	{
-		ret = process_redirect_data(pstream,pmeinfo,thread_seq,a_packet,protocol,pstream->routedir);
-		return ret;	
-			
-	}
-//end
 
+//end
 	pmeinfo->protocol=KNI_FLAG_UNKNOW;
 
 	if(protocol == PROTO_TYPE_TCP)
@@ -1073,10 +1079,6 @@ extern "C" char kni_http_entry(stSessionInfo* session_info,  void **pme, int thr
 	return ret;
 }
 
-
-
-
-
 extern "C" char kni_ipv4_entry(const struct streaminfo *pstream,unsigned char routedir,int thread_seq, struct ip* ipv4_hdr)
 {
 	if(ipv4_hdr->ip_p !=IPPROTO_ICMP )