* 修复收到重复syn/ack时,kni_get_tcpopt的内存泄漏

* uuid需要加锁,修改traceid的生成方式为pid+clocktime * 重新整理fs2的各项统计 * 修改stream_error发通联日志的信息
2019-09-20 19:15:32 +08:00
parent f8b1d371e3
commit f54dfbf86f
3 changed files with 280 additions and 218 deletions
--- a/common/include/kni_utils.h
+++ b/common/include/kni_utils.h
@@ -73,59 +73,59 @@ struct kni_tcpopt_info{
 enum kni_field{
 	KNI_FIELD_BYP_STM,
 	KNI_FIELD_BYP_STM_POLICY,
 	KNI_FIELD_BYP_STM_PME_NEW_FAIL,
 	KNI_FIELD_BYP_STM_NO_TFE,
 	KNI_FIELD_BYP_STM_DUP_TFC,
 	KNI_FIELD_BYP_STM_ERR,
 	//stream error
 	KNI_FIELD_STMERR_ASYM_ROUTING,
 	KNI_FIELD_STMERR_NO_SYN,
-	KNI_FIELD_STMERR_SINGLE_DIR,
+	KNI_FIELD_STMERR_NO_SYN_ACK,
 	KNI_FIELD_STMERR_PROTO_UNKNOWN,
 	KNI_FIELD_STMERR_NO_SA,
 	KNI_FIELD_STMERR_ACTION_INVALID,
 	KNI_FIELD_STMERR_NO_DATA,
-	KNI_FIELD_STMERR_IPHDR_PARSE_FAIL,
+	KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL,
 	KNI_FIELD_STMERR_INVALID_IP_HDR,
 	KNI_FIELD_STMERR_EXCEED_MTU,
-	KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL,
+	//stream error: internal error
 	KNI_FIELD_STMERR_INVALID_ACTION,
 	KNI_FIELD_STMERR_SENDTO_TFE_FAIL,
-	//others
+	KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL,
-	KNI_FIELD_NULL_PKT,
+	KNI_FIELD_STMERR_NO_TFE,
-	KNI_FIELD_STATE_UNKNOWN,
+	KNI_FIELD_STMERR_PME_INIT_FAIL,
-	KNI_FIELD_DUP_TFC_STM,
+	KNI_FIELD_STMERR_DUP_TRAFFIC,
-	KNI_FIELD_DUP_TFC_BYTE,
+	KNI_FIELD_STMERR_CMSG_ADD_FAIL,
-	KNI_FIELD_IPV4_STM,
+	//intercept stream
-	KNI_FIELD_IPV6_STM,
+	KNI_FIELD_INTCP_STM,
 	KNI_FIELD_INTCP_BYTE,
 	KNI_FIELD_SSL_STM,
 	KNI_FIELD_HTTP_STM,
-	KNI_FIELD_SENDLOG_SUCC,
+	KNI_FIELD_IPV4_STM,
-	KNI_FIELD_SENDLOG_FAIL,
+	KNI_FIELD_IPV6_STM,
-	KNI_FIELD_PME_NEW_SUCC,
+	KNI_FIELD_DUP_TFC_STM,
-	KNI_FIELD_PME_FREE,
+	KNI_FIELD_DUP_TFC_BYTE,
-	KNI_FIELD_IPV4HDR_PARSE_FAIL,
+	//intercept ready stream
 	KNI_FIELD_IPV6HDR_PARSE_FAIL,
 	KNI_FIELD_ID2PME_ADD_SUCC,
 	KNI_FIELD_ID2PME_ADD_FAIL,
 	KNI_FIELD_ID2PME_DEL_SUCC,
 	KNI_FIELD_ID2PME_DEL_FAIL,
 	KNI_FIELD_TUPLE2STM_ADD_SUCC,
 	KNI_FIELD_TUPLE2STM_ADD_FAIL,
 	KNI_FIELD_TUPLE2STM_DEL_SUCC,
 	KNI_FIELD_TUPLE2STM_DEL_FAIL,
 	KNI_FIELD_TUPLE2STM_SEARCH_SUCC,
 	KNI_FIELD_TUPLE2STM_SEARCH_FAIL,
 	KNI_FIELD_SAPP_INJECT_SUCC,
 	KNI_FIELD_SAPP_INJECT_FAIL,
 	KNI_FIELD_BLOOM_SEARCH_SUCC,
 	KNI_FIELD_BLOOM_SEARCH_FAIL,
 	KNI_FIELD_BLOOM_ADD_SUCC,
 	KNI_FIELD_BLOOM_ADD_FAIL,
 	KNI_FIELD_BLOOM_HIT,
 	KNI_FIELD_BLOOM_MISS,
 	//intercetp traffic stat
 	KNI_FIELD_INTCP_READY_STM,
 	KNI_FIELD_INTCP_READY_BYTE,
-	KNI_FIELD_TX_TFE_STM,
+	//pme
-	KNI_FIELD_TX_TFE_BYTE,
+	KNI_FIELD_PME_NEW_SUCC,
 	KNI_FIELD_PME_FREE,
 	//errors
 	KNI_FIELD_SENDLOG_FAIL,
 	KNI_FIELD_ID2PME_ADD_FAIL,
 	KNI_FIELD_ID2PME_DEL_FAIL,
 	KNI_FIELD_TUPLE2STM_ADD_FAIL,
 	KNI_FIELD_TUPLE2STM_DEL_FAIL,
 	KNI_FIELD_SAPP_INJECT_FAIL,
 	KNI_FIELD_BLOOM_SEARCH_FAIL,
 	KNI_FIELD_BLOOM_ADD_FAIL,
 	//htable
 	KNI_FIELD_ID2PME_ADD_SUCC,
 	KNI_FIELD_ID2PME_DEL_SUCC,
 	KNI_FIELD_TUPLE2STM_ADD_SUCC,
 	KNI_FIELD_TUPLE2STM_DEL_SUCC,
 	//send_log
 	KNI_FIELD_SENDLOG_SUCC,
 	//sapp_inject
 	KNI_FIELD_SAPP_INJECT_SUCC,
 	//dabloom
 	KNI_FIELD_BLOOM_HIT,
 	KNI_FIELD_BLOOM_MISS,
 	//KNI_FIELD_TFE_STATUS_BASE must be last 
 	KNI_FIELD_TFE_STATUS_BASE,
 };
@@ -175,7 +175,7 @@ uint16_t kni_ip_checksum(const void *buf, size_t hdr_len);
 uint16_t kni_tcp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr);
 uint16_t kni_tcp_checksum_v6(const void *_buf, size_t len, struct in6_addr src_addr, struct in6_addr dest_addr);
 uint16_t kni_udp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr);
-struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr, int tcphdr_len);
+void kni_get_tcpopt(struct kni_tcpopt_info *tcpopt, struct tcphdr* tcphdr,int tcphdr_len);
 int kni_ipv4_addr_get_by_eth(const char *ifname, uint32_t *ip);
 int kni_ipv4_header_parse(const void *a_packet, struct pkt_info *pktinfo);
 int kni_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo);
--- a/common/src/kni_utils.cpp
+++ b/common/src/kni_utils.cpp
@@ -144,9 +144,7 @@ uint16_t kni_udp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_a
 	return ( (uint16_t)(~sum)  );
 }
-
+void kni_get_tcpopt(struct kni_tcpopt_info *tcpopt, struct tcphdr* tcphdr,int tcphdr_len){
 struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len){
    struct kni_tcpopt_info* tcpopt = (struct kni_tcpopt_info*)ALLOC(struct kni_tcpopt_info, 1);
 	tcpopt->mss = KNI_DEFAULT_MSS;
 	tcpopt->wscale = KNI_DEFAULT_WINSCLE;
@@ -158,16 +156,16 @@ struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len){
 		int opsize;
 		switch (opcode){
            case TCPOPT_EOL:
-                return tcpopt;
+                return;
            case TCPOPT_NOP:	/* Ref: RFC 793 section 3.1 */
                length--;
                continue;
            default:
                opsize = *ptr++;
                if (opsize < 2) /* "silly options" */
-                    return tcpopt;
+                    return;
                if (opsize > length)
-                    return tcpopt;	/* don't parse partial options */
+                    return;	/* don't parse partial options */
                switch (opcode){
                    case TCPOPT_MAXSEG:
                        if (opsize == TCPOLEN_MAXSEG){
@@ -208,7 +206,7 @@ struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len){
                length -= opsize;
        }
 	}
-	return tcpopt;
+	return;
 }
--- a/entry/src/kni_entry.cpp
+++ b/entry/src/kni_entry.cpp
@@ -20,6 +20,7 @@ bypass: drome:  pme_new_fail:    destroy_pme
 #include "cjson/cJSON.h"
 #include "kni_send_logger.h"
 #include <linux/if_ether.h>
 #include <signal.h>
 #include "tfe_mgr.h"
 #ifdef __cplusplus
 extern "C" {
@@ -47,16 +48,21 @@ enum kni_protocol{
 };
 enum stream_error{
-	STREAM_ERROR_PENDING_NO_SYN = -1,
+	STREAM_ERROR_ASYM_ROUTING = -1,
-	STREAM_ERROR_SINGLE_DIR = -2,
+	STREAM_ERROR_NO_SYN = -2,
-	STREAM_ERROR_PROTOCOL_UNKNOWN = -3,
+	STREAM_ERROR_NO_SYN_ACK = -3,
-	STREAM_ERROR_NO_SYN_ACK = -4,
+	STREAM_ERROR_NO_DATA = -4,
-	STREAM_ERROR_INVALID_ACTION = -5,
+	STREAM_ERROR_UNSUPPORTED_PROTOCOL = -5,
-	STREAM_ERROR_NO_DATA = -6,
+	STREAM_ERROR_INVALID_IP_HDR = -6,
-	STREAM_ERROR_IPHDR_PARSE_FAIL = -7,
+	STREAM_ERROR_EXCEED_MTU = -7,
-	STREAM_ERROR_EXCEED_MTU = -8,
+	//internal
 	STREAM_ERROR_INVALID_ACTION = -8,
 	STREAM_ERROR_SENDTO_TFE_FAIL = -9,
 	STREAM_ERROR_TUPLE2STM_ADD_FAIL = -10,
 	STREAM_ERROR_NO_TFE = -11,
 	STREAM_ERROR_PME_INIT_FAIL= -12,
 	STREAM_ERROR_DUP_TRAFFIC = -13,
 	STREAM_ERROR_CMSG_ADD_FAIL = -14,
 };
 struct http_project{
@@ -85,8 +91,10 @@ struct pme_info{
 	int maat_hit;
 	enum kni_action action;
 	int service;
-	struct kni_tcpopt_info *client_tcpopt;
+	struct kni_tcpopt_info client_tcpopt;
-	struct kni_tcpopt_info *server_tcpopt;
+	struct kni_tcpopt_info server_tcpopt;
 	char has_syn;
 	char has_syn_ack;
 	uint16_t client_window;
 	uint16_t server_window;
 	int tfe_id;      
@@ -201,28 +209,36 @@ struct traceid2pme_search_cb_args{
 	void *logger;
 };
-static char* stream_errmsg_get(enum stream_error _errno){
+static char* stream_errmsg_session_record(enum stream_error _errno){
 	switch(_errno){
-		case STREAM_ERROR_PENDING_NO_SYN:
+		case STREAM_ERROR_ASYM_ROUTING:
-			return (char*)"pending not syn";
+			return (char*)"e_asym_routing";
-		case STREAM_ERROR_SINGLE_DIR:
+		case STREAM_ERROR_NO_SYN:
-			return (char*)"single dir";
+			return (char*)"e_no_syn";
 		case STREAM_ERROR_PROTOCOL_UNKNOWN:
 			return (char*)"protocol unknown";
 		case STREAM_ERROR_NO_SYN_ACK:
-			return (char*)"no syn/ack";
+			return (char*)"e_no_synack";
 		case STREAM_ERROR_INVALID_ACTION:
 			return (char*)"invalid aciton";
 		case STREAM_ERROR_NO_DATA:
-			return (char*)"no data";
+			return (char*)"e_no_data";
-		case STREAM_ERROR_IPHDR_PARSE_FAIL:
+		case STREAM_ERROR_UNSUPPORTED_PROTOCOL:
-			return (char*)"ip header parse fail";
+			return (char*)"e_unsupported_protocol";
 		case STREAM_ERROR_INVALID_IP_HDR:
 			return (char*)"e_invalid_ip_hdr";
 		case STREAM_ERROR_EXCEED_MTU:
-			return (char*)"exceed mtu(1500)";
+			return (char*)"e_exceed_mtu";
 		case STREAM_ERROR_INVALID_ACTION:
 			return (char*)"e_internal_1";
 		case STREAM_ERROR_SENDTO_TFE_FAIL:
-			return (char*)"sendto_tfe_fail";
+			return (char*)"e_internal_2";
 		case STREAM_ERROR_TUPLE2STM_ADD_FAIL:
-			return (char*)"tuple2stm_add_fail";
+			return (char*)"e_internal_3";
 		case STREAM_ERROR_NO_TFE:
 			return (char*)"e_internal_4";
 		case STREAM_ERROR_PME_INIT_FAIL:
 			return (char*)"e_internal_5";
 		case STREAM_ERROR_DUP_TRAFFIC:
 			return (char*)"e_internal_6";
 		case STREAM_ERROR_CMSG_ADD_FAIL:
 			return (char*)"e_internal_7";
 		default:
 			return (char*)"unknown error";
 	}
@@ -233,9 +249,10 @@ static int dup_traffic_dabloom_key_get(struct pkt_info *pktinfo, struct dup_traf
 	struct tcphdr *tcphdr = pktinfo->tcphdr;
 	key->seq = tcphdr->seq;
 	key->ack_seq = tcphdr->ack_seq;
-	struct kni_tcpopt_info* tcpopt = kni_get_tcpopt(tcphdr, pktinfo->tcphdr_len);
+	struct kni_tcpopt_info tcpopt;
-	key->timestamp = tcpopt->ts_value;
+	memset(&tcpopt, 0, sizeof(tcpopt));
-	FREE(&tcpopt);
+	kni_get_tcpopt(&tcpopt, tcphdr, pktinfo->tcphdr_len);
 	key->timestamp = tcpopt.ts_value;
 	if(pktinfo->addr_type == ADDR_TYPE_IPV6){
 		struct ip6_hdr *iphdr = pktinfo->iphdr.v6;
 		memcpy(key->addr.v6.saddr, &(iphdr->ip6_src), sizeof(key->addr.v6.saddr));
@@ -260,14 +277,6 @@ static void pme_info_destroy(void *data){
 	struct pme_info *pmeinfo = (struct pme_info *)data;
 	void *logger = g_kni_handle->local_logger;
 	if(pmeinfo != NULL){
 		//free client_tcpopt
 		if(pmeinfo->client_tcpopt != NULL){
 			FREE(&(pmeinfo->client_tcpopt));
 		}
 		//free server tcpopt
 		if(pmeinfo->server_tcpopt != NULL){
 			FREE(&(pmeinfo->server_tcpopt));
 		}
 		//free layer_addr
 		layer_addr_free(pmeinfo->addr);
 		pmeinfo->addr=NULL;
@@ -285,16 +294,17 @@ static void pme_info_destroy(void *data){
 	}
 }
-static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread_seq){
+static int pme_info_init(struct pme_info *pmeinfo, const struct streaminfo *stream, int thread_seq){
 	void *logger = g_kni_handle->local_logger;
 	struct pme_info* pmeinfo = ALLOC(struct pme_info, 1);
 	pmeinfo->addr_type = (enum addr_type_t)stream->addr.addrtype;
 	pmeinfo->ssl_cert_verify = -1;
-	uuid_t uu; 
+	//uuid_t uu; 
-    uuid_generate_random(uu);
+    //uuid_generate_random(uu);
-    uuid_unparse(uu, pmeinfo->stream_traceid);
+    //uuid_unparse(uu, pmeinfo->stream_traceid);
 	pmeinfo->addr = layer_addr_dup(&(stream->addr));
 	clock_gettime(CLOCK_REALTIME, &(pmeinfo->start_time));
 	snprintf(pmeinfo->stream_traceid, sizeof(pmeinfo->stream_traceid), "%d%lld.%.9ld", 
 					thread_seq, (long long)pmeinfo->start_time.tv_sec, pmeinfo->start_time.tv_nsec);
 	pmeinfo->addr = layer_addr_dup(&(stream->addr));
 	char stream_addr[KNI_ADDR_MAX] = "";
 	//init pme_lock
 	int ret = pthread_mutex_init(&(pmeinfo->lock), NULL);
@@ -309,11 +319,10 @@ static struct pme_info* pme_info_new(const struct streaminfo *stream, int thread
 		kni_addr_trans_v4(stream->addr.tuple4_v4, stream_addr, sizeof(stream_addr));
 	}
 	KNI_LOG_INFO(logger, "stream addr = %s, stream traceid = %s", stream_addr, pmeinfo->stream_traceid);
-	return pmeinfo;
+	return 0;
 error_out:
-	pme_info_destroy(pmeinfo);
+	return -1;
 	return NULL;
 }
 static int log_generate(struct pme_info *pmeinfo, void *local_logger){
@@ -388,7 +397,9 @@ static int log_generate(struct pme_info *pmeinfo, void *local_logger){
 	//ssl downstream version: from tfe
 	cJSON_AddStringToObject(log_obj, "ssl_client_side_version", pmeinfo->ssl_client_side_version);
 	//ssl cert verify
-	cJSON_AddNumberToObject(log_obj, "ssl_cert_verify", pmeinfo->ssl_cert_verify);
+	if(pmeinfo->ssl_cert_verify != -1){
 		cJSON_AddNumberToObject(log_obj, "ssl_cert_verify", pmeinfo->ssl_cert_verify);
 	}
 	//direction: 0
 	cJSON_AddNumberToObject(log_obj, "direction", 0);
@@ -420,7 +431,7 @@ static int log_generate(struct pme_info *pmeinfo, void *local_logger){
 	cJSON_AddNumberToObject(log_obj, "has_dup_traffic", pmeinfo->has_dup_traffic);
 	//stream_error
 	if(pmeinfo->error < 0){
-		char *stream_errmsg = stream_errmsg_get(pmeinfo->error);
+		char *stream_errmsg = stream_errmsg_session_record(pmeinfo->error);
 		cJSON_AddStringToObject(log_obj, "stream_error", stream_errmsg);
 	}
 	int ret = -1;
@@ -542,8 +553,8 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
 	char *trace_id = NULL;
 	uint32_t seq = pktinfo->tcphdr->seq;
 	uint32_t ack = pktinfo->tcphdr->ack_seq;
-	uint16_t client_mss = htons(pmeinfo->client_tcpopt->mss);
+	uint16_t client_mss = htons(pmeinfo->client_tcpopt.mss);
-	uint16_t server_mss = htons(pmeinfo->server_tcpopt->mss);
+	uint16_t server_mss = htons(pmeinfo->server_tcpopt.mss);
 	uint16_t client_window = htons(pmeinfo->client_window);
 	uint16_t server_window = htons(pmeinfo->server_window);
 	//seq
@@ -559,25 +570,25 @@ static unsigned char* kni_cmsg_serialize_header_new(struct pme_info *pmeinfo, st
 	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_MSS_SERVER, (const unsigned char*)&server_mss, 2, pmeinfo->stream_traceid);
 	if(ret < 0) goto error_out;
 	//both = 1, send to tfe
-	if(pmeinfo->client_tcpopt->wscale_set && pmeinfo->server_tcpopt->wscale_set){
+	if(pmeinfo->client_tcpopt.wscale_set && pmeinfo->server_tcpopt.wscale_set){
 		//client wscale
-		ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->wscale), 1, pmeinfo->stream_traceid);
+		ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.wscale), 1, pmeinfo->stream_traceid);
 		if(ret < 0) goto error_out;
 		//server wscale
-		ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->wscale), 1, pmeinfo->stream_traceid);
+		ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_WSACLE_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.wscale), 1, pmeinfo->stream_traceid);
 		if(ret < 0) goto error_out;
 	}
 	//client sack
-	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->sack), 1, pmeinfo->stream_traceid);
+	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.sack), 1, pmeinfo->stream_traceid);
 	if(ret < 0) goto error_out;
 	//server sack
-	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->sack), 1, pmeinfo->stream_traceid);
+	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_SACK_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.sack), 1, pmeinfo->stream_traceid);
 	if(ret < 0) goto error_out;
 	//client timestamp
-	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt->ts_set), 1, pmeinfo->stream_traceid);
+	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_CLIENT, (const unsigned char*)&(pmeinfo->client_tcpopt.ts_set), 1, pmeinfo->stream_traceid);
 	if(ret < 0) goto error_out;
 	//server  timestamp
-	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt->ts_set), 1, pmeinfo->stream_traceid);
+	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_TS_SERVER, (const unsigned char*)&(pmeinfo->server_tcpopt.ts_set), 1, pmeinfo->stream_traceid);
 	if(ret < 0) goto error_out;
 	//protocol
 	ret = wrapped_kni_cmsg_set(cmsg, TFE_CMSG_TCP_RESTORE_PROTOCOL, (const unsigned char*)&protocol_type, 1, pmeinfo->stream_traceid);
@@ -789,7 +800,7 @@ static int wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmein
 			char *errmsg = kni_ipv6_errmsg_get((enum kni_ipv6hdr_parse_error)ret);
 			KNI_LOG_DEBUG(logger, "Stream error: failed at parse ipv6 header, errmsg = %s, stream treaceid = %s", 
 					errmsg, pmeinfo->stream_traceid);
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
+			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
 			return -1;
 		}
 	}
@@ -799,7 +810,7 @@ static int wrapped_kni_header_parse(const void *a_packet, struct pme_info *pmein
 			char *errmsg = kni_ipv4_errmsg_get((enum kni_ipv4hdr_parse_error)ret);
 			KNI_LOG_ERROR(logger, "Stream error: failed at parse ipv4 header, errmsg = %s, stream treaceid = %s", 
 					errmsg, pmeinfo->stream_traceid);
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
+			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
 			return -1;
 		}
 	}
@@ -928,15 +939,15 @@ static char pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo,
 	struct pkt_info pktinfo;
 	int ret = wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo);
 	if(ret < 0){
-		pmeinfo->error = STREAM_ERROR_IPHDR_PARSE_FAIL;
+		pmeinfo->error = STREAM_ERROR_INVALID_IP_HDR;
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
 	if(!pktinfo.tcphdr->syn){
 		//pending_opstate not syn, bypass and dropme
 		KNI_LOG_DEBUG(logger, "Stream error: pending opstate, not syn, stream traceid = %s", pmeinfo->stream_traceid);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SYN], 0, FS_OP_ADD, 1);
-		pmeinfo->error = STREAM_ERROR_PENDING_NO_SYN;
+		pmeinfo->error = STREAM_ERROR_NO_SYN;
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
@@ -958,7 +969,8 @@ static char pending_opstate(struct streaminfo *stream, struct pme_info *pmeinfo,
 		}
 	}
 	pmeinfo->client_window = ntohs(pktinfo.tcphdr->window);
-	pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo.tcphdr, pktinfo.tcphdr_len);
+	pmeinfo->has_syn = 1;
 	kni_get_tcpopt(&(pmeinfo->client_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
 	return APP_STATE_FAWPKT | APP_STATE_GIVEME;	
 }
@@ -1036,6 +1048,22 @@ static void traceid2pme_htable_del(struct pme_info *pmeinfo){
 }
 static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, char *stream_addr, int thread_seq){
 	//dup_traffic_check
 	if(g_kni_handle->dup_traffic_switch == 1){
 		//has dup traffic
 		if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1){
 			pmeinfo->has_dup_traffic = 1;
 		}
 		if(pmeinfo->has_dup_traffic == 1){
 			if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
 				KNI_LOG_DEBUG(g_kni_handle->local_logger, "Stream error: stream has dup traffic, dup_traffic_action = bypass, stream traceid = %s", pmeinfo->stream_traceid);
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_DUP_TRAFFIC], 0, FS_OP_ADD, 1);
 				pmeinfo->intercept_state=0;
 				pmeinfo->error = STREAM_ERROR_DUP_TRAFFIC;
 				return APP_STATE_FAWPKT | APP_STATE_DROPME;
 			}
 		}
 	}
 	void *logger = g_kni_handle->local_logger;
 	int ret;
 	//only intercept: add to tuple2stream_htable
@@ -1043,6 +1071,7 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 	if(ret < 0){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL], 0, FS_OP_ADD, 1);
 		KNI_LOG_DEBUG(logger, "Stream error: tuple2stm add fail, stream traceid = %s", pmeinfo->stream_traceid);
 		pmeinfo->intercept_state=0;
 		pmeinfo->error = STREAM_ERROR_TUPLE2STM_ADD_FAIL;
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
@@ -1051,15 +1080,22 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 	traceid2pme_htable_add(pmeinfo);
 	//action = KNI_ACTION_INTERCEPT, sendto tfe
 	int len = 0;
 	//add cmsg
 	char *buff = add_cmsg_to_packet(pmeinfo, stream, pktinfo, &len);
 	if(buff == NULL){
-		KNI_LOG_ERROR(logger, "Failed at add cmsg to packet, stream traceid = %s", pmeinfo->stream_traceid);
+		KNI_LOG_DEBUG(logger, "Stream error: failed at add cmsg to packet, stream traceid = %s", pmeinfo->stream_traceid);
 		pmeinfo->error = STREAM_ERROR_CMSG_ADD_FAIL;
 		pmeinfo->intercept_state=0;
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_CMSG_ADD_FAIL], 0, FS_OP_ADD, 1);
 		FREE(&buff);
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
 	//send to tfe
 	ret = send_to_tfe(buff, len, thread_seq, pmeinfo->tfe_id, pmeinfo->addr_type);
 	if(ret < 0){
 		KNI_LOG_DEBUG(logger, "Stream error: failed at send first packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid);
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
 		pmeinfo->intercept_state=0;
 		pmeinfo->error = STREAM_ERROR_SENDTO_TFE_FAIL;
 		FREE(&buff);
 		tuple2stream_htable_del(g_kni_handle->threads_handle[thread_seq].tuple2stream_htable, stream);
@@ -1070,6 +1106,28 @@ static int first_data_intercept(struct streaminfo *stream, struct pme_info *pmei
 		KNI_LOG_DEBUG(logger, "Succeed at send first packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid);
 	}
 	FREE(&buff);
 	//fs stat
 	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_STM], 0, FS_OP_ADD, 1);
 	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
 	//ipv4 or ipv6
 	if(stream->addr.addrtype == ADDR_TYPE_IPV6){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1);
 	}
 	else{
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1);
 	}
 	//http or ssl
 	if(pmeinfo->protocol == KNI_PROTOCOL_SSL){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1);
 	}	
 	if(pmeinfo->protocol == KNI_PROTOCOL_HTTP){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
 	}
 	//dup_traffic_stm
 	if(pmeinfo->has_dup_traffic == 1){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
 		KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
 	}
 	return APP_STATE_DROPPKT | APP_STATE_GIVEME;
 }
@@ -1085,7 +1143,7 @@ static int dabloom_search(struct pkt_info *pktinfo, int thread_seq){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL], 0, FS_OP_ADD, 1);
 	}
 	else{
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
+		//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
 		if(ret == 1){
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_HIT], 0, FS_OP_ADD, 1);
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE], 0, FS_OP_ADD, pktinfo->ip_totlen);
@@ -1110,7 +1168,7 @@ static int dabloom_add(struct pkt_info *pktinfo, int thread_seq){
 		KNI_LOG_ERROR(logger, "Failed at expiry_dablooms_add, errmsg = %s", expiry_dablooms_errno_trans((enum expiry_dablooms_errno)ret));
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL], 0, FS_OP_ADD, 1);
 	}
-	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC], 0, FS_OP_ADD, 1);
+	//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC], 0, FS_OP_ADD, 1);
 	uint64_t count = 0;
 	expiry_dablooms_element_count_get(g_kni_handle->threads_handle[thread_seq].dabloom_handle, &count);
 	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->line_ids[0], g_kni_fs_handle->column_ids[thread_seq], FS_OP_SET, count);
@@ -1144,8 +1202,8 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 	struct pkt_info pktinfo;
 	ret = wrapped_kni_header_parse(a_packet, pmeinfo, &pktinfo);
 	if(ret < 0){
-		pmeinfo->error = STREAM_ERROR_IPHDR_PARSE_FAIL;
+		pmeinfo->error = STREAM_ERROR_INVALID_IP_HDR;
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR], 0, FS_OP_ADD, 1);
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
 	//pmeinfo->action has only 3 value: KNI_ACTION_NONE， KNI_ACTION_INTERCEPT， KNI_ACTION_BYPASS
@@ -1156,7 +1214,7 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 		case KNI_ACTION_NONE:
 			break;
 		case KNI_ACTION_INTERCEPT:
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
+			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
 			//search dabloom
 			if(g_kni_handle->dup_traffic_switch == 1){
 				if(pmeinfo->has_dup_traffic == 1){
@@ -1180,6 +1238,9 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 				KNI_LOG_ERROR(logger, "Failed at send continue packet to tfe%d, stream traceid = %s", pmeinfo->tfe_id, pmeinfo->stream_traceid);
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL], 0, FS_OP_ADD, 1);
 			}
 			else{
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
 			}
 			return APP_STATE_DROPPKT | APP_STATE_GIVEME;
 		case KNI_ACTION_BYPASS:
 			return APP_STATE_FAWPKT | APP_STATE_GIVEME;
@@ -1197,7 +1258,8 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 	// syn/ack
 	if(pktinfo.tcphdr->syn && pktinfo.tcphdr->ack){
 		pmeinfo->server_window = ntohs(pktinfo.tcphdr->window);
-		pmeinfo->server_tcpopt = kni_get_tcpopt(pktinfo.tcphdr, pktinfo.tcphdr_len);
+		pmeinfo->has_syn_ack = 1;
 		kni_get_tcpopt(&(pmeinfo->server_tcpopt), pktinfo.tcphdr, pktinfo.tcphdr_len);
 		//dup traffic detect
 		if(g_kni_handle->dup_traffic_switch == 1){
 			if(pmeinfo->syn_ack_packet == NULL){
@@ -1223,9 +1285,9 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 	}
 	//not double dir, bypass and dropme
 	if(stream->dir != DIR_DOUBLE){
-		KNI_LOG_DEBUG(logger, "Stream error: single dir = %d, stream traceid = %s", stream->dir, pmeinfo->stream_traceid);
+		KNI_LOG_DEBUG(logger, "Stream error: asym routing, stream traceid = %s", pmeinfo->stream_traceid);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_SINGLE_DIR], 0, FS_OP_ADD, 1);
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_ASYM_ROUTING], 0, FS_OP_ADD, 1);
-		pmeinfo->error = STREAM_ERROR_SINGLE_DIR;
+		pmeinfo->error = STREAM_ERROR_ASYM_ROUTING;
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
 	struct protocol_identify_result protocol_identify_res;
@@ -1236,46 +1298,26 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 		//can not identify protocol from first data packet, bypass and dropme
 		case KNI_PROTOCOL_UNKNOWN:
 			KNI_LOG_DEBUG(logger, "Stream error: failed at protocol_identify, stream traceid = %s", pmeinfo->stream_traceid);
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_PROTO_UNKNOWN], 0, FS_OP_ADD, 1);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL], 0, FS_OP_ADD, 1);
-			pmeinfo->error = STREAM_ERROR_PROTOCOL_UNKNOWN;
+			pmeinfo->error = STREAM_ERROR_UNSUPPORTED_PROTOCOL;
 			return APP_STATE_FAWPKT | APP_STATE_DROPME;
 		case KNI_PROTOCOL_SSL:
 			strncpy(pmeinfo->domain.sni, protocol_identify_res.domain, strnlen(protocol_identify_res.domain, sizeof(pmeinfo->domain.sni) - 1));
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_SSL_STM], 0, FS_OP_ADD, 1);	
 			break;
 		case KNI_PROTOCOL_HTTP:
 			strncpy(pmeinfo->domain.host, protocol_identify_res.domain, strnlen(protocol_identify_res.domain, sizeof(pmeinfo->domain.host) - 1));
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_HTTP_STM], 0, FS_OP_ADD, 1);
 			break;
 		default:
 			break;
 	}
 	//receive client hello, but no syn/ack, bypass and dropme
-	if(pmeinfo->client_tcpopt == NULL || pmeinfo->server_tcpopt == NULL){
+	if(pmeinfo->has_syn == 0 || pmeinfo->has_syn_ack == 0){
-		KNI_LOG_DEBUG(logger, "Stream error: %s, %s, stream traceid = %s", pmeinfo->client_tcpopt == NULL ? "no syn" : "have syn", 
+		KNI_LOG_DEBUG(logger, "Stream error: %s, %s, stream traceid = %s", pmeinfo->has_syn == 0 ? "no syn" : "have syn", 
-								pmeinfo->server_tcpopt == NULL ? "no syn/ack" : "have syn/ack", pmeinfo->stream_traceid);
+								pmeinfo->has_syn_ack == 0 ? "no syn/ack" : "have syn/ack", pmeinfo->stream_traceid);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SA], 0, FS_OP_ADD, 1);
+		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_SYN_ACK], 0, FS_OP_ADD, 1);
 		pmeinfo->error = STREAM_ERROR_NO_SYN_ACK;
 		return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
 	//dup_traffic_check
 	if(g_kni_handle->dup_traffic_switch == 1){
 		//has dup traffic
 		if(pmeinfo->has_dup_syn == 1 || pmeinfo->has_dup_syn_ack == 1){
 			pmeinfo->has_dup_traffic = 1;
 		}
 		if(pmeinfo->has_dup_traffic == 1){
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_DUP_TFC_STM], 0, FS_OP_ADD, 1);
 			KNI_LOG_DEBUG(logger, "stream has dup traffic, traceid = %s", pmeinfo->stream_traceid);
 			if(g_kni_handle->dup_traffic_action == KNI_ACTION_BYPASS){
 				pmeinfo->action = KNI_ACTION_BYPASS;
 				pmeinfo->intercept_state=0;
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_DUP_TFC], 0, FS_OP_ADD, 1);
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
 				return APP_STATE_FAWPKT | APP_STATE_GIVEME;  //GIVEME: for session record
 			}
 		}
 	}
 	pmeinfo->action = intercept_policy_scan(g_kni_handle->maat_handle, (struct ipaddr*)(&stream->addr), 
 				protocol_identify_res.domain, protocol_identify_res.domain_len, 
 				thread_seq, &(pmeinfo->policy_id), &(pmeinfo->do_log), &(pmeinfo->maat_hit));
@@ -1285,12 +1327,6 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 			stream_addr, protocol_identify_res.domain, pmeinfo->policy_id, pmeinfo->action, action_str, pmeinfo->maat_hit, pmeinfo->stream_traceid);
 	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_STM], 0, FS_OP_ADD, 1);
 	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
 	if(stream->addr.addrtype == ADDR_TYPE_IPV6){
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6_STM], 0, FS_OP_ADD, 1);
 	}
 	else{
 		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4_STM], 0, FS_OP_ADD, 1);
 	}	
 	switch(pmeinfo->action){
 		case KNI_ACTION_BYPASS:
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_POLICY], 0, FS_OP_ADD, 1);
@@ -1299,14 +1335,12 @@ static char data_opstate(struct streaminfo *stream, struct pme_info *pmeinfo, co
 			return APP_STATE_FAWPKT | APP_STATE_GIVEME;  //GIVEME: for session record
 		case KNI_ACTION_INTERCEPT:
 			pmeinfo->intercept_state=1;
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_STM], 0, FS_OP_ADD, 1);
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TX_TFE_BYTE], 0, FS_OP_ADD, pktinfo.ip_totlen);
 			return first_data_intercept(stream, pmeinfo, &pktinfo, stream_addr, thread_seq);
 		default:
 			//action != intercept && action != bypass，bypass and dropme
 			KNI_LOG_DEBUG(logger, "Stream error: action %d(%s) = invalid: policy_id = %d, stream traceid = %s, domain = ",
 				  pmeinfo->action, action_str, pmeinfo->policy_id, pmeinfo->stream_traceid, protocol_identify_res.domain);
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_ACTION_INVALID], 0, FS_OP_ADD, 1);
+			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_INVALID_ACTION], 0, FS_OP_ADD, 1);
 			pmeinfo->error = STREAM_ERROR_INVALID_ACTION;
 			return APP_STATE_FAWPKT | APP_STATE_DROPME;
 	}
@@ -1356,28 +1390,31 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
 		close: a_packet may be null, if a_packet = null, do not send to tfe
 	*/
 	if(a_packet == NULL && stream->pktstate != OP_STATE_CLOSE){
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1);
+		//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_NULL_PKT], 0, FS_OP_ADD, 1);
 		return APP_STATE_FAWPKT | APP_STATE_GIVEME;
 	}
 	int tfe_id = -1;
 	switch(stream->pktstate){
 		case OP_STATE_PENDING:
-			tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
+			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_PENDING], 0, FS_OP_ADD, 1);
-			if(tfe_id < 0){
+			pmeinfo = ALLOC(struct pme_info, 1);
 				KNI_LOG_ERROR(logger, "No alive tfe available, bypass and dropme");
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE], 0, FS_OP_ADD, 1);
 				return APP_STATE_FAWPKT | APP_STATE_DROPME;
 			}
 			*pme = pmeinfo = pme_info_new(stream, thread_seq);
 			if(pmeinfo == NULL){
 				KNI_LOG_ERROR(logger, "Failed at new pmeinfo, bypass and dropme");
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM], 0, FS_OP_ADD, 1);
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_BYP_STM_PME_NEW_FAIL], 0, FS_OP_ADD, 1);
 				return APP_STATE_FAWPKT | APP_STATE_DROPME;
 			}
 			pmeinfo->tfe_id = tfe_id;
 			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_PME_NEW_SUCC], 0, FS_OP_ADD, 1);
 			*pme = pmeinfo;
 			//stream error: pme init fail
 			ret = pme_info_init(pmeinfo, stream, thread_seq);
 			if(ret < 0){
 				KNI_LOG_DEBUG(logger, "Stream error: fail at pme_info_init, stream traceid = %s", pmeinfo->stream_traceid);
 				pmeinfo->error = STREAM_ERROR_PME_INIT_FAIL;
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_PME_INIT_FAIL], 0, FS_OP_ADD, 1);
 				goto error_out;
 			}
 			//stream error: no tfe
 			pmeinfo->tfe_id = tfe_mgr_alive_node_get(g_kni_handle->_tfe_mgr, thread_seq);
 			if(pmeinfo->tfe_id < 0){
 				KNI_LOG_DEBUG(logger, "Stream error: no available tfe, stream traceid = %s", pmeinfo->stream_traceid);
 				pmeinfo->error = STREAM_ERROR_NO_TFE;
 				FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STMERR_NO_TFE], 0, FS_OP_ADD, 1);
 				goto error_out;
 			}
 			ret = pending_opstate(stream, pmeinfo, a_packet, thread_seq);
 			if(pmeinfo->error < 0){
 				goto error_out;
@@ -1392,6 +1429,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
 			break;
 		case OP_STATE_CLOSE:
 			//sapp stream close
 			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_CLOSE], 0, FS_OP_ADD, 1);
 			ret = close_opstate(stream, pmeinfo, thread_seq);
 			if(pmeinfo->error < 0){
 				goto error_out;
@@ -1399,7 +1437,7 @@ extern "C" char kni_tcpall_entry(struct streaminfo *stream, void** pme, int thre
 			break;
 		default:
 			ret = APP_STATE_FAWPKT | APP_STATE_GIVEME;
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
+			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_STATE_UNKNOWN], 0, FS_OP_ADD, 1);
 			KNI_LOG_ERROR(logger, "Unknown stream opstate %d, stream traceid = %s", stream->pktstate, pmeinfo->stream_traceid);
 			break;
 	}
@@ -1423,7 +1461,7 @@ error_out:
 		pmeinfo->policy_id = -1;
 		stream_destroy(pmeinfo, 1);
 	}
-	return ret;
+	return APP_STATE_FAWPKT | APP_STATE_DROPME;
 }
 void http_project_free(int thread_seq, void *project_req_value){
@@ -1492,7 +1530,7 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h
 		if(ret < 0){
 			char *errmsg = kni_ipv6_errmsg_get((enum kni_ipv6hdr_parse_error)ret);
 			KNI_LOG_ERROR(logger, "failed at parse ipv6 header, errmsg = %s", errmsg);
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
+			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV6HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
 			return -1;
 		}
 		struct stream_tuple4_v6 key;
@@ -1506,7 +1544,7 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h
 		if(ret < 0){
 			char *errmsg = kni_ipv4_errmsg_get((enum kni_ipv4hdr_parse_error)ret);
 			KNI_LOG_ERROR(logger, "failed at parse ipv4 header, errmsg = %s", errmsg);
-			FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
+			//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_IPV4HDR_PARSE_FAIL], 0, FS_OP_ADD, 1);
 			return -1;
 		}
 		struct stream_tuple4_v4 key;
@@ -1516,10 +1554,10 @@ int tuple2stream_htable_search(MESA_htable_handle handle, struct ethhdr *ether_h
 	}
 	if(value == NULL){
 		KNI_LOG_ERROR(logger, "MESA_htable: failed at search, key = %s", key_str);
-		FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL], 0, FS_OP_ADD, 1);
+		//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL], 0, FS_OP_ADD, 1);
 		return -1;
 	}
-	FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
+	//FS_operate(g_kni_fs_handle->handle, g_kni_fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC], 0, FS_OP_ADD, 1);
 	unsigned char dir = value->route_dir;
 	if(reversed != value->reversed){
 		dir = MESA_dir_reverse(dir);
@@ -1882,60 +1920,71 @@ static struct kni_field_stat_handle * fs_init(const char *profile){
 	FS_set_para(handle, MAX_STAT_FIELD_NUM, &value, sizeof(value));
 	fs_handle = ALLOC(struct kni_field_stat_handle, 1);
 	fs_handle->handle = handle;
 	//bypass stream
 	fs_handle->fields[KNI_FIELD_BYP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm");
 	fs_handle->fields[KNI_FIELD_BYP_STM_POLICY] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_policy");
 	fs_handle->fields[KNI_FIELD_BYP_STM_PME_NEW_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_pme_new_F");
 	fs_handle->fields[KNI_FIELD_BYP_STM_NO_TFE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_no_tfe");
 	fs_handle->fields[KNI_FIELD_BYP_STM_DUP_TFC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_dup_tfc");
 	fs_handle->fields[KNI_FIELD_BYP_STM_ERR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "byp_stm_err");
 	//stream error
-	fs_handle->fields[KNI_FIELD_STMERR_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_syn");
+	fs_handle->fields[KNI_FIELD_STMERR_ASYM_ROUTING] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_asym_route");
-	fs_handle->fields[KNI_FIELD_STMERR_SINGLE_DIR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_sig_dir");
+	fs_handle->fields[KNI_FIELD_STMERR_NO_SYN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_syn");
-	fs_handle->fields[KNI_FIELD_STMERR_PROTO_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_pro_unknow");
+	fs_handle->fields[KNI_FIELD_STMERR_NO_SYN_ACK] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_s/a");
-	fs_handle->fields[KNI_FIELD_STMERR_NO_SA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_s/a");
+	fs_handle->fields[KNI_FIELD_STMERR_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_data");
-	fs_handle->fields[KNI_FIELD_STMERR_ACTION_INVALID] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_act_invaid");
+	fs_handle->fields[KNI_FIELD_STMERR_UNSUPPORTED_PROTOCOL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_unspt_pro");
-	fs_handle->fields[KNI_FIELD_STMERR_NO_DATA] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_no_data");
+	fs_handle->fields[KNI_FIELD_STMERR_INVALID_IP_HDR] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_ip_hdr");
-	fs_handle->fields[KNI_FIELD_STMERR_IPHDR_PARSE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_ip_hdr");
+	fs_handle->fields[KNI_FIELD_STMERR_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_exc_mtu");
-	fs_handle->fields[KNI_FIELD_STMERR_EXCEED_MTU] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_exced_mtu");
+	//stream error: internal error
-	fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_tfe_tx");
+	fs_handle->fields[KNI_FIELD_STMERR_INVALID_ACTION] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_invaid_act");
-	fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "err_tup2stmAdd");
+	fs_handle->fields[KNI_FIELD_STMERR_SENDTO_TFE_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tfe_tx");
-	//others
+	fs_handle->fields[KNI_FIELD_STMERR_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_add");
-	fs_handle->fields[KNI_FIELD_NULL_PKT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "null_pkt");
+	fs_handle->fields[KNI_FIELD_STMERR_NO_TFE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_no_tfe");
-	fs_handle->fields[KNI_FIELD_STATE_UNKNOWN] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "state_unknow");
+	fs_handle->fields[KNI_FIELD_STMERR_PME_INIT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_pme_init");
-	fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm");
+	fs_handle->fields[KNI_FIELD_STMERR_DUP_TRAFFIC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_dup_tfc");
-	fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B");
+	fs_handle->fields[KNI_FIELD_STMERR_CMSG_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_cmsg_add");
 	//intercept stream
 	fs_handle->fields[KNI_FIELD_INTCP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_stm");
 	fs_handle->fields[KNI_FIELD_INTCP_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_B");
 	fs_handle->fields[KNI_FIELD_IPV4_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv4_stm");
 	fs_handle->fields[KNI_FIELD_IPV6_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ipv6_stm");
 	fs_handle->fields[KNI_FIELD_SSL_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "ssl_stm");
 	fs_handle->fields[KNI_FIELD_HTTP_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "http_stm");
-	fs_handle->fields[KNI_FIELD_SENDLOG_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_S");
+	fs_handle->fields[KNI_FIELD_DUP_TFC_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_stm");
-	fs_handle->fields[KNI_FIELD_SENDLOG_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_F");
+	fs_handle->fields[KNI_FIELD_DUP_TFC_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "dup_tfc_B");
-	fs_handle->fields[KNI_FIELD_PME_NEW_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new");
+	
-	fs_handle->fields[KNI_FIELD_PME_FREE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_free");
+	//intercept ready stream
 	//intercept traffic stat
 	fs_handle->fields[KNI_FIELD_INTCP_READY_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_stm");
 	fs_handle->fields[KNI_FIELD_INTCP_READY_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "intcp_rdy_B");
-	fs_handle->fields[KNI_FIELD_TX_TFE_STM] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tx_tfe_stm");
+
-	fs_handle->fields[KNI_FIELD_TX_TFE_BYTE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tx_tfe_B");
+	//pme 
 	fs_handle->fields[KNI_FIELD_PME_NEW_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_new");
 	fs_handle->fields[KNI_FIELD_PME_FREE] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "pme_free");
 	//errors
 	fs_handle->fields[KNI_FIELD_SENDLOG_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_sendlog");
 	fs_handle->fields[KNI_FIELD_ID2PME_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_id2pme_add");
 	fs_handle->fields[KNI_FIELD_ID2PME_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_id2pme_del");
 	fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_add");
 	fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_tup2stm_del");
 	fs_handle->fields[KNI_FIELD_SAPP_INJECT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_sapp_inject");
 	fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_bloom_srch");
 	fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "e_bloom_add");
 	//htable
 	fs_handle->fields[KNI_FIELD_ID2PME_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_S");
 	fs_handle->fields[KNI_FIELD_ID2PME_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_add_F");
 	fs_handle->fields[KNI_FIELD_ID2PME_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_S");
 	fs_handle->fields[KNI_FIELD_ID2PME_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "id2pme_del_F");
 	fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_add_S");
 	fs_handle->fields[KNI_FIELD_TUPLE2STM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_add_F");
 	fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_del_S");
-	fs_handle->fields[KNI_FIELD_TUPLE2STM_DEL_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_del_F");
+
-	fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_srch_S");
+	//sendlog
-	fs_handle->fields[KNI_FIELD_TUPLE2STM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "tup2stm_srch_F");
+	fs_handle->fields[KNI_FIELD_SENDLOG_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sendlog_S");
 	//sapp_inject
 	fs_handle->fields[KNI_FIELD_SAPP_INJECT_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sapp_inject_S");
-	fs_handle->fields[KNI_FIELD_SAPP_INJECT_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "sapp_inject_F");
+
-	fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_srch_S");
+	//dabloom
 	fs_handle->fields[KNI_FIELD_BLOOM_HIT] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_hit");
 	fs_handle->fields[KNI_FIELD_BLOOM_MISS] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_miss");
 	fs_handle->fields[KNI_FIELD_BLOOM_SEARCH_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_srch_F");
 	fs_handle->fields[KNI_FIELD_BLOOM_ADD_SUCC] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_add_S");
 	fs_handle->fields[KNI_FIELD_BLOOM_ADD_FAIL] = FS_register(handle, FS_STYLE_FIELD, FS_CALC_CURRENT, "bloom_add_F");
 	if(g_kni_handle->deploy_mode == KNI_DEPLOY_MODE_NORMAL){
 		for(int i = 0; i < g_kni_handle->marsio_handle->tfe_enabled_node_count; i++){
 			int tfe_id = g_kni_handle->marsio_handle->tfe_enabled_nodes[i].tfe_id;
@@ -2022,7 +2071,22 @@ int dup_traffic_dabloom_init(const char *profile, void *logger){
 	return 0;
 }
 void my_handler(int s){
 	printf("Caught signal %d\n",s);	
 	exit(1);
 }
 int register_signal_handle(){
 	struct sigaction sigIntHandler;
 	sigIntHandler.sa_handler = my_handler;
 	sigemptyset(&sigIntHandler.sa_mask);
 	sigIntHandler.sa_flags = 0;
 	sigaction(SIGINT, &sigIntHandler, NULL);
 	return 0;
 }
 extern "C" int kni_init(){
 	register_signal_handle();
 	char *kni_git_verison = (char*)KNI_GIT_VERSION;
 	const char *profile = "./etc/kni/kni.conf";
 	const char *section = "global";