修改action判断逻辑

entry/src/kni_maat.cpp

@@ -3,7 +3,13 @@
 
 extern int g_iThreadNum;
 
-int g_maat_default_action = -1;
+
+/* 关于没有命中配置情况下的默认配置
+	1. g_maat_default_action = KNI_ACTION_INTERCEPT， policy_id = 0
+	2. 如果maat的编译配置表中有policy_id = 0的配置，则将 g_maat_default_action设为对应的action, policy_id = 0
+*/
+
+int g_maat_default_action = KNI_ACTION_INTERCEPT;
 
 struct kni_maat_handle{
 	Maat_feather_t feather;
@@ -191,11 +197,12 @@ int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int th
 	}
 	int action = maat_process_scan_result(handle, ret, result, policy_id);
 	
-	//for debug
+	/*for debug
 	char stream_addr[KNI_SYMBOL_MAX] = "";
 	kni_stream_addr_trans(addr, stream_addr, sizeof(stream_addr));
 	KNI_LOG_DEBUG(logger, "maat_scan_ip, %s, policy_id = %d, action = %s\n", 
 			stream_addr, *policy_id, action == KNI_ACTION_BYPASS ? "bypss" : "intercept");
+	*/
 	return action;
 }