diff --git a/bin/kni/kni.inf b/bin/kni/kni.inf
index 69947f6..97da165 100644
--- a/bin/kni/kni.inf
+++ b/bin/kni/kni.inf
@@ -10,7 +10,7 @@ DESTROY_FUNC=
 
 
 [TCP_ALL]
-FUNC_FLAG=all
+FUNC_FLAG=HTTP_HOST
 FUNC_NAME=kni_tcpall_entry
 
 
diff --git a/bin/project_list.conf b/bin/project_list.conf
index 4849ee7..c7aa782 100644
--- a/bin/project_list.conf
+++ b/bin/project_list.conf
@@ -18,4 +18,4 @@
 #test_project		struct
 tcp_flow_stat		struct
 udp_flow_stat		struct
-protocol_tag		int
+protocol_tag		struct
diff --git a/kni.c b/kni.c
index e54d2e3..b329351 100644
--- a/kni.c
+++ b/kni.c
@@ -60,7 +60,7 @@ int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet)
 	int iplen=ntohs(a_packet->ip_len);
 	struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(a_packet->ip_hl));
 
-	unsigned int seq=ntohl(tcphdr->seq);
+//	unsigned int seq=ntohl(tcphdr->seq);
 
 	unsigned short sport=0;
 	unsigned short dport=0;
@@ -72,7 +72,7 @@ int kni_debug_info_v4(char* module,int state_flag,struct ip* a_packet)
 	inet_ntop(AF_INET, (void *)&((a_packet->ip_src).s_addr), saddr_v4, INET_ADDRSTRLEN);
 	inet_ntop(AF_INET, (void *)&((a_packet->ip_dst).s_addr), daddr_v4, INET_ADDRSTRLEN);
 
-	MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d,seq:%u",saddr_v4,sport,daddr_v4,dport,state_flag,iplen,seq);
+	MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_DEBUG,module,"addr:%s,%d,%s,%d,state_flag:%d,ip_len:%d",saddr_v4,sport,daddr_v4,dport,state_flag,iplen);
 
 	return 0;
 
@@ -523,13 +523,13 @@ int kni_sendpkt_routdir(int thread_seq,int iplen,char* ip,struct stream_tuple4_v
 	}
 	else
 	{
-		printf("interface name is too long\n");
+		MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,KNI_MODULE_SENDPKT,"interface name :%s is too long\n",if_name);
 		return -1;
 	}
 
 	if(-1==ioctl(g_kni_comminfo.ipv4_fd[thread_seq],SIOCGIFINDEX,&ifr))
 	{
-		printf("get if index error:%d,%s",errno,strerror(errno));
+		MESA_handle_runtime_log(g_kni_comminfo.logger,RLOG_LV_FATAL,KNI_MODULE_SENDPKT,"get if index error:%d,%s,name:%d",errno,strerror(errno),if_name);
 		return -1;
 	}
 
@@ -812,7 +812,7 @@ int init_domain_fd()
 	}
 
 	
-	MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"init_domain_fd():domain socket connect succ! ");
+	MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,"init_domain_fd","domain socket connect succ! ");
 	return i_fd;
 }
 
@@ -1173,8 +1173,8 @@ int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packe
 	struct kni_tcp_state fake_client;
 	struct kni_tcp_state fake_server;
 
-	struct ip* iphdr=(struct ip*)a_packet;
-	struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl));
+//	struct ip* iphdr=(struct ip*)a_packet;
+//	struct tcphdr* tcphdr=(struct tcphdr*)((char*)a_packet+4*(iphdr->ip_hl));
 //	int tcplen=ntohs(iphdr->ip_len)-4*iphdr->ip_hl-4*tcphdr->doff;
 	
 	fd_client = socket(AF_INET, SOCK_STREAM, 0);
@@ -1207,7 +1207,6 @@ int tcp_repair_process(const struct streaminfo* pstream,const struct ip* a_packe
 	fds[1]=fd_server;
 	fds[2]=protocol;
 	
-//	ret=MESA_lqueue_try_join_head(g_kni_structinfo.lqueue_for_domain,(void*)fds,KNI_FDS_NUM*sizeof(int));
 	ret=MESA_lqueue_join_head(g_kni_structinfo.lqueue_for_domain,(void*)fds,KNI_FDS_NUM*sizeof(int));
 	if(ret <0)
     {
@@ -1231,180 +1230,42 @@ return :state_flag
 kni_bmd:STAT_FLAG_SNIBMD
 not kni_bmd:STAT_FLAG_SSL_NOBMD
 ***************************************************************************************/
-int kni_judge_sni(char* sni,int sni_len,int thread_seq,scan_status_t mid)
+int kni_scan_whitelist_domain(char* domain,int domain_len,int thread_seq,scan_status_t mid)
 {
 	int i=0;
 	int action=KNI_ACTION_NONE;
-	int state_flag=KNI_FLAG_NOTPROC;
 
 	int string_scan_num=0;
 	int found_pos;
 	struct Maat_rule_t maat_result[KNI_MAX_SAMENUM];
 
-	string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,sni,sni_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq);
+	string_scan_num=Maat_full_scan_string(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_domain,CHARSET_GBK,domain,domain_len,maat_result,&found_pos,KNI_MAX_SAMENUM,&mid,thread_seq);
+
+	if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(string_scan_num==0))
+	{
+		action=KNI_ACTION_WHITELIST;
+		return action;
+	}
 	
 	for(i=0;i<string_scan_num;i++)
 	{
 		action=abs(maat_result[i].action);
 		if(action==KNI_ACTION_WHITELIST)
 		{
-			state_flag=KNI_FLAG_SNIBMD;
-			return state_flag;
+			action=KNI_ACTION_WHITELIST;
+			return action;
 		}
 	}
 	
-	return state_flag;
+	return action;
 }
 
 
-/***************************************************************************************
-return :state_flag
-ssl:STAT_FLAG_SSL_NOBMD
-not ssl:STAT_FLAG_NOTSSL
-***************************************************************************************/
-/*
-int kni_judge_ssl_bak(char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
-{
-//	int state_flag=KNI_FLAG_UNKNOW;
-//	return STAT_FLAG_SSL_NOBMD;
-
-
-	int ssl_header_len=0;
-	char* ssl_header=NULL;
-	unsigned char content_type=0;
-	unsigned short version_in_header=0;
-	unsigned short len_in_header=0;
-
-
-	int ssl_body_len=0;
-	char* ssl_body=NULL;
-	unsigned char handshark_type=0;
-	unsigned int len_in_body=0;
-	unsigned short version_in_body=0;
-	unsigned char session_id_len=0;
-	unsigned short ciphersuite_len=0;
-	unsigned char compression_method_len=0;
-
-
-	int ssl_extention_len=0;
-	char* ssl_extention=NULL;
-	unsigned short extension_len_less=0;
-	unsigned short type_in_extension=0;
-	unsigned short len_in_extension=0;
-
-//ssl header
-	ssl_header=tcp_data;
-
-	content_type=*(unsigned char*)&ssl_header[ssl_header_len];
-	if(content_type!=SSL_CONTENTTYPE_HANDSHAKE)
-	{
-		return STAT_FLAG_NOTSSL;
-	}
-	ssl_header_len+=1;
-
-	version_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
-	if((version_in_header!=SSL_VERSION_TLS1_0)&&(version_in_header!=SSL_VERSION_TLS1_1)&&(version_in_header!=SSL_VERSION_TLS1_2))
-	{
-		return STAT_FLAG_NOTSSL;
-	}
-	ssl_header_len+=2;
-
-	len_in_header=ntohs(*(unsigned short*)&(ssl_header[ssl_header_len]));
-	if(len_in_header!=tcp_datalen-SSL_HEADER_LEN)
-	{
-		return STAT_FLAG_NOTSSL;
-	}
-	ssl_header_len+=2;
-	
-//ssl body
-	ssl_body=ssl_header+ssl_header_len;
-
-	handshark_type=*(unsigned char*)&(ssl_body[ssl_body_len]);
-	if(handshark_type!=SSL_HANDSHAR_TYPE_CLIENTHELLO)	
-	{
-		return STAT_FLAG_NOTSSL;
-	}
-	ssl_body_len+=1;
-
-//	memcpy(&len_in_body,&ssl_body[ssl_body_len],3);
-	len_in_body=*(unsigned char*)&ssl_body[ssl_body_len+2]+256*(*(unsigned char*)&ssl_body[ssl_body_len+1])+65536*(*(unsigned char*)&ssl_body[ssl_body_len]);
-	if(len_in_body!=(len_in_header-SSL_BODY_LEN))
-	{
-		return STAT_FLAG_NOTSSL;
-	}
-
-	ssl_body_len+=3;
-
-	version_in_body=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
-	if((version_in_body!=SSL_VERSION_TLS1_0)&&(version_in_body!=SSL_VERSION_TLS1_1)&&(version_in_body!=SSL_VERSION_TLS1_2))
-	{
-		return STAT_FLAG_NOTSSL;
-	}
-	ssl_body_len+=2;
-
-	ssl_body_len+=32;			//4byte time,28bytes random
-
-	session_id_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
-	ssl_body_len+=1;
-	ssl_body_len+=session_id_len;
-
-	ciphersuite_len=ntohs(*(unsigned short*)&(ssl_body[ssl_body_len]));
-	ssl_body_len+=2;
-	ssl_body_len+=ciphersuite_len;
-
-	compression_method_len=*(unsigned char*)&(ssl_body[ssl_body_len]);
-	ssl_body_len+=1;
-	ssl_body_len+=compression_method_len;
-
-//ssl extention
-	ssl_extention=ssl_body+ssl_body_len;
-
-	extension_len_less=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
-	if(extension_len_less!=len_in_body-2-32-1-session_id_len-2-ciphersuite_len-1-compression_method_len-2)
-	{
-		return STAT_FLAG_NOTSSL;
-	}
-	ssl_extention_len+=2;
-
-	while(ssl_extention_len<extension_len_less)
-	{
-		type_in_extension=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
-		ssl_extention_len+=2;
-
-		len_in_extension=ntohs(*(unsigned short*)&ssl_extention[ssl_extention_len]);
-		ssl_extention_len+=2;
-		
-		if(type_in_extension==SSL_EXTENSION_TYPE_SNI)
-		{
-			if(len_in_extension>KNI_SNI_MAXLEN)
-			{
-				//error
-				return STAT_FLAG_NOTSSL;
-			}
-
-			memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension);
-			*sni_len=len_in_extension;
-
-			return STAT_FLAG_SSL_NOBMD;
-		}
-		else
-		{
-			ssl_extention_len+=len_in_extension;
-
-			continue;
-		}
-	}
-	                                                                  
-	return STAT_FLAG_NOTSSL;
-}
-
-*/
-
 /***************************************************************************************
 return :action
 default:ipscan_num =0 or =1,not >1
 ***************************************************************************************/
-int kni_judge_ipbmd(struct ipaddr* addr,int thread_seq,int protocol,scan_status_t mid)
+int kni_scan_whitelist_ip(struct ipaddr* addr,int thread_seq,int protocol,scan_status_t mid)
 {
 	int i=0;
 	int action=KNI_ACTION_NONE;
@@ -1414,6 +1275,13 @@ int kni_judge_ipbmd(struct ipaddr* addr,int thread_seq,int protocol,scan_status_
 
 	ipscan_num=Maat_scan_proto_addr(g_kni_maatinfo.maat_feather,g_kni_maatinfo.tableid_ip,addr,protocol,maat_result,KNI_MAX_SAMENUM,&mid,thread_seq);
 
+	if((g_kni_switch_info.maat_default_mode==KNI_DEFAULT_MODE_BYPASS)&&(ipscan_num==0))
+	{
+		
+		action=KNI_ACTION_WHITELIST;
+		return action;
+	}
+
 	for(i=0;i<ipscan_num;i++)
 	{
 		action=abs(maat_result[i].action);
@@ -1705,6 +1573,10 @@ int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
 				return KNI_FLAG_UNKNOW;
 			}
 
+			if(len_in_extension>KNI_DEFAULT_MTU)
+			{
+				len_in_extension=KNI_DEFAULT_MTU;
+			}
 			memcpy(sni,&ssl_extention[ssl_extention_len],len_in_extension);
 			*sni_len=len_in_extension;
 
@@ -1721,20 +1593,29 @@ int kni_judge_ssl(char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
 	return KNI_FLAG_UNKNOW;
 }
 
-int kni_judge_http(const struct streaminfo *stream)
+int kni_judge_http(const struct streaminfo *stream,char* domain,int* domain_len)
 {
-	int val=project_req_get_int(stream,g_kni_comminfo.project_id);
+	int val=1;
+	struct kni_http_project* host=(struct kni_http_project*)project_req_get_struct(stream,g_kni_comminfo.project_id);
+	if(host==NULL)
+	{
+		*domain_len=0;
+		return -1;
+	}
+
+	*domain_len=host->host_len>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:host->host_len;
+	memcpy(domain,host->host,*domain_len);
 
 	return val;
 }
 
-int kni_protocol_identify(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* sni,int* sni_len)
+int kni_protocol_identify(const struct streaminfo* pstream,char* tcp_data,int tcp_datalen,char* domain,int* domain_len)
 {
-	if(kni_judge_http(pstream)==1)
+	if(kni_judge_http(pstream,domain,domain_len)==1)
 	{
 		return KNI_FLAG_HTTP;
 	}
-	else if(kni_judge_ssl(tcp_data,tcp_datalen,sni,sni_len)==KNI_FLAG_SSL) 
+	else if(kni_judge_ssl(tcp_data,tcp_datalen,domain,domain_len)==KNI_FLAG_SSL) 
 	{
 		return KNI_FLAG_SSL;
 	}
@@ -1767,20 +1648,26 @@ char kni_first_tcpdata(const struct streaminfo* pstream,const struct ip* ip_hdr,
 {
 	char ret=APP_STATE_FAWPKT|APP_STATE_DROPME;	
 	
-	int sni_len=0;
-	char sni[KNI_MAX_BUFLEN]={0};
+	int domain_len=0;
+	char domain[KNI_DEFAULT_MTU]={0};
 
-	pmeinfo->status_flag=kni_protocol_identify(pstream,data,datalen,sni,&sni_len);	
-	MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"kni_protocol_identify","protocol:%d",pmeinfo->status_flag);
+	int action=KNI_ACTION_NONE;
+
+	pmeinfo->status_flag=kni_protocol_identify(pstream,data,datalen,domain,&domain_len);
+	MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"domain","domain:%s,domain_len:%d",(char*)(domain),domain_len);
 
-	if(pmeinfo->status_flag==KNI_FLAG_SSL)
-	{
-		pmeinfo->status_flag=kni_judge_sni(sni,sni_len,pstream->threadnum,pmeinfo->mid);
-		MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"kni_judge_sni","status_flag:%d",pmeinfo->status_flag);
-	}
-	
 	if((pmeinfo->status_flag==KNI_FLAG_HTTP) ||(pmeinfo->status_flag==KNI_FLAG_SSL))
 	{
+		action=kni_scan_whitelist_domain(domain,domain_len,pstream->threadnum,pmeinfo->mid);
+		if(action==KNI_ACTION_WHITELIST)
+		{
+			MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"whitelist_domain","domain:%s,domain_len:%d",(char*)(domain+5),domain_len);
+			kni_debug_info_v4((char*)"DOMIN_WHITELIST",0,(struct ip*)ip_hdr);
+
+			pmeinfo->status_flag=KNI_FLAG_NOTPROC;
+			return ret;
+		}
+		
 		
 		if(tcp_repair_process(pstream,ip_hdr,pmeinfo,pmeinfo->status_flag)<0)
 		{
@@ -1833,10 +1720,10 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p
 	struct kni_tcp_hdr* tcphdr=(struct kni_tcp_hdr*)((char*)ip_hdr+4*(ip_hdr->ip_hl));
 
 
-	ipscan_action=kni_judge_ipbmd((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo->mid);
-	MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_DEBUG,(char*)"kni_judge_ipbmd","action:%d",ipscan_action);
+	ipscan_action=kni_scan_whitelist_ip((struct ipaddr*)&(pstream->addr),thread_seq,protocol,pmeinfo->mid);
 	if(ipscan_action==KNI_ACTION_WHITELIST)
 	{
+		kni_debug_info_v4((char*)"IP_WHITELIST",0,(struct ip*)ip_hdr);
 		return ret;	
 	}
 
@@ -1847,7 +1734,6 @@ char kni_pending_opstate(const struct streaminfo* pstream,struct kni_pme_info* p
 	{
 		data=kni_get_data(pstream,&datalen);
 		kni_get_tcpopt(tcphdr,iplen-4*(ip_hdr->ip_hl)-datalen,&(pmeinfo->mss[pstream->curdir-1]),&(pmeinfo->wnscal[pstream->curdir-1]),&(pmeinfo->sack[pstream->curdir-1]),&(pmeinfo->timestamps[pstream->curdir-1]));
-
 	}
 
 	kni_get_tcpinfo(&(pmeinfo->lastpkt_info[pstream->curdir-1]),tcphdr,ntohs(ip_hdr->ip_len)-4*ip_hdr->ip_hl-4*tcphdr->th_off,(struct ip*)ip_hdr);
@@ -1972,89 +1858,28 @@ extern "C" char kni_tcpall_entry(const struct streaminfo* pstream,void** pme,int
 	return ret;
 	
 }
-/*
-
-long kni_state_htable_cb_v6(void* data,const unsigned char* key,unsigned int size,void* user_arg)
-{
-	struct ipaddr addr_ipbmd;
-	
-	struct datainfo_to_tun* datainfo=(struct datainfo_to_tun*)data;
-	struct args_to_tun* arg=(struct args_to_tun*)user_arg;
-	struct kni_ipv6_hdr* ipv6_hdr=(struct kni_ipv6_hdr*)(arg->a_packet);
-	
-	if(datainfo==NULL) 
-	{
-		datainfo=(struct datainfo_to_tun*)malloc(sizeof(struct datainfo_to_tun));
-		memset(datainfo,0,sizeof(struct datainfo_to_tun));
-		MESA_htable_add(g_kni_structinfo.htable_to_tun_v4, key,size,(void*)datainfo);
-
-		memset(&addr_ipbmd,0,sizeof(struct ipaddr));
-		addr_ipbmd.addrtype=ADDR_TYPE_IPV6;
-		addr_ipbmd.v4=(struct stream_tuple4_v4*)key;
-
-		datainfo->state_flag=kni_judge_ipbmd(&addr_ipbmd,arg->thread_seq,ipv6_hdr->ip6_nex_hdr);
-	}
-
-
-	return datainfo->state_flag;
-}
-
-
-char kni_ipv6_entry(struct streaminfo *pstream,unsigned char routedir,int thread_seq,void *a_packet)
-{
-	int ip_reverse=0;
-
-	
-	struct kni_ipv6_hdr* ipv6_hdr=(struct kni_ipv6_hdr*)a_packet;
-
-	long state_flag=0;
-	struct args_to_tun usr_arg;
-	struct stream_tuple4_v6 ipv6_addr;
-
-	
-	if(ipv6_hdr->ip6_nex_hdr!=PROTO_TYPE_TCP)
-	{
-		return APP_STATE_DROPME;
-	}
-	
-	ip_reverse=kni_get_ipaddr_v6(a_packet,&ipv6_addr);
-
-	memset(&usr_arg,0,sizeof(struct args_to_tun));
-	usr_arg.a_packet=(struct ip*)a_packet;
-	usr_arg.thread_seq=thread_seq;
-	if(ip_reverse==0)
-	{
-		usr_arg.routdir=routedir;
-	}
-	else
-	{
-		usr_arg.routdir=routedir^0x80;
-	}
-
-	MESA_htable_search_cb(g_kni_structinfo.htable_to_tun_v6,(unsigned char*)&ipv6_addr,sizeof(struct stream_tuple4_v6),kni_state_htable_cb_v6,&usr_arg,&state_flag);
-	if(state_flag==KNI_FLAG_IPBMD)
-	{
-		return APP_STATE_DROPPKT;
-	}
-
-	tun_write_data_v6(g_kni_comminfo.fd_tun[thread_seq],(char*)a_packet,ntohl(ipv6_hdr->ip6_payload_len));
-
-	return APP_STATE_DROPPKT;
-
-}
-*/
+ 
 extern "C" char kni_http_entry(stSessionInfo* session_info,  void **pme, int thread_seq,struct streaminfo *a_stream,const void *a_packet)
 {
 	char ret=PROT_STATE_DROPME;
-	int val=1;
-	
 
-	project_req_add_int(a_stream,g_kni_comminfo.project_id,val);
+	int host_len=session_info->buflen>KNI_DEFAULT_MTU?KNI_DEFAULT_MTU:session_info->buflen;
+	struct kni_http_project* host_info=(struct kni_http_project*)malloc(sizeof(struct kni_http_project));
+	host_info->host_len=host_len;
+	memcpy(host_info->host,session_info->buf,host_len);
+	
+	project_req_add_struct(a_stream,g_kni_comminfo.project_id,host_info);
 
 	return ret;
 }
 
+void kni_free_project(int thread_seq, void *project_req_value)
+{
+	free(project_req_value);
+	project_req_value=NULL;
 
+	return ;
+}
 
 int init_profile_info(int* logger_level,char* logger_filepath,int* maat_json_switch,char* table_info_path,char* inc_cfg_dir,char* full_cfg_dir )
 {
@@ -2065,7 +1890,7 @@ int init_profile_info(int* logger_level,char* logger_filepath,int* maat_json_swi
 
 
 //kni.conf
-	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_switch",&(g_kni_switch_info.maat_default_switch),1);
+	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"default_work_mode",&(g_kni_switch_info.maat_default_mode),KNI_DEFAULT_MODE_INTERCEPT);
 	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_level",logger_level,RLOG_LV_INFO);
 	MESA_load_profile_int_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"maat_json_switch",maat_json_switch,0);
 	MESA_load_profile_string_def((char*)KNI_CONF_FILENAME,(char*)KNI_CONF_MODE,(char*)"logger_filepath",logger_filepath,KNI_CONF_MAXLEN,"./log/kni.log");
@@ -2219,14 +2044,14 @@ extern "C" char kni_init()
 	}
 //project
 	
-	g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_INT,NULL);
+	g_kni_comminfo.project_id=project_producer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT,kni_free_project);
 	if(g_kni_comminfo.project_id<0)
 	{
 		MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_producer_register() error!project_id:%d",g_kni_comminfo.project_id);
 		return -1;
 	}
 
-	g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_INT);
+	g_kni_comminfo.project_id=project_customer_register(KNI_PROJECT_NAME,PROJECT_VAL_TYPE_STRUCT);
 	if(g_kni_comminfo.project_id<0)
 	{
 		MESA_handle_runtime_log(g_kni_comminfo.logger, RLOG_LV_FATAL,KNI_MODULE_INIT,"project_customer_register() error!project_id:%d",g_kni_comminfo.project_id);
diff --git a/kni.h b/kni.h
index 0885db6..1b467c0 100644
--- a/kni.h
+++ b/kni.h
@@ -34,6 +34,8 @@
 #define KNI_ETHER_LEN				14
 #define TCPHDR_DEFAULT_LEN			20
 
+#define KNI_DEFAULT_MTU				1500
+
 #define LOCAL_IP_ADDR   			"192.168.100.1"
 
 #define KNI_MAX_BUFLEN				1500
@@ -69,9 +71,6 @@
 #define KNI_OFFSET_CARDNAME		3
 #define KNI_CARD_NUM			2
 
-
-
-
 #define PROTO_TYPE_TCP				6
 #define PROTO_TYPE_UDP				17
 
@@ -156,7 +155,8 @@
 
 #define KNI_PROJECT_NAME		"protocol_tag"
 
-
+#define KNI_DEFAULT_MODE_INTERCEPT		0
+#define KNI_DEFAULT_MODE_BYPASS			1
 
 enum kni_flag
 {
@@ -173,7 +173,14 @@ enum kni_flag
 
 struct kni_switch_info
 {
-	int maat_default_switch;		//0:KNI_ACTION_NONE is fwdpkt;1:KNI_ACTION_NONE is reject
+	int maat_default_mode;		//0:INTERCEPT 1:BYPASS
+};
+
+struct kni_http_project
+{
+	int host_len;
+	char host[KNI_DEFAULT_MTU];
+
 };