#pragma once
#define KNI_MAAT_READCONF_IRIS			0
#define KNI_MAAT_READCONF_JSON			1
#define KNI_MAAT_READCONF_REDIS			2
#define KNI_MAAT_RULE_NUM_MAX           8
struct kni_maat_handle;


/* action
	0x00: none
	0x01: monitor
	0x02: intercept
	0x10: reject
	0x30: Manipulate
	0x60: steer
	0x80: bypass
*/
enum kni_action{
	KNI_ACTION_NONE = 0x00,
	KNI_ACTION_MONITOR = 0x01,
	KNI_ACTION_INTERCEPT = 0x02,
	KNI_ACTION_REJECT = 0x10,
	KNI_ACTION_MANIPULATE = 0x30,
	KNI_ACTION_STEER = 0x60,
	KNI_ACTION_BYPASS = 0x80
};

struct kni_maat_handle* kni_maat_init(const char* profile, void *logger);
void kni_maat_destroy(struct kni_maat_handle *handle);
enum kni_action intercept_policy_scan(struct kni_maat_handle* handle, struct ipaddr *addr, char *domain, int domain_len, 
		int thread_seq, int *policy_id, int *do_log, int *is_hit_policy);
char* kni_maat_action_trans(enum kni_action action);