1.Manipulate动作重构修改

2.修改pangu_send_log中log字段名 3.修改可信证书颁发机构表名
2019-05-28 14:59:39 +08:00
parent ea1f876eb7
commit f106facd7b
6 changed files with 347 additions and 353 deletions
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -43,7 +43,7 @@ enum pangu_action //Bigger action number is prior.
 	__PG_ACTION_MAX
 };
-enum manipulate_actin
+enum manipulate_action
 {
 	MA_ACTION_REDIRECT = 0,
 	MA_ACTION_BLOCK,
@@ -81,17 +81,17 @@ enum pangu_http_stat
 	__PG_STAT_MAX
 };
-enum policy_table
+enum manipulate_profile_table
 {
-	POLICY_TABLE_REJECT,
+	POLICY_PROFLIE_TABLE_REJECT,
-	POLICY_TABLE_HIJACK,
+	POLICY_PROFILE_TABLE_HIJACK,
-	POLICY_TABLE_INSERT,
+	POLICY_PROFILE_TABLE_INSERT,
-	POLICY_TABLE_MAX
+	POLICY_PROFILE_TABLE_MAX
 };
-struct policy_object
+struct manipulate_profile
 {
-	int cfg_id;
+	int profile_id;
 	size_t msg_len;
 	char *profile_name;
 	char *profile_msg;
@@ -99,10 +99,10 @@ struct policy_object
 	ctemplate::Template * tpl;
 };
-struct plolicy_param
+struct policy_action_param
 {
 	int ref_cnt;
-	int action;
+	enum manipulate_action action;
 	char *message;
 	char *position;
@@ -119,13 +119,13 @@ struct pangu_rt
 {
 	Maat_feather_t maat;
 	Maat_feather_t dyn_maat;
-	int subscribe_id_table_id;
+	int subscriber_id_table_id;
 	struct pangu_logger * send_logger;
 	void * local_logger;
 	int log_level;
 	int thread_num;
 	int scan_table_id[__SCAN_TABLE_MAX];
-	int plolicy_table_id[POLICY_TABLE_MAX];
+	int plolicy_table_id[POLICY_PROFILE_TABLE_MAX];
 	ctemplate::Template * tpl_403, * tpl_404, * tpl_451;
 	char * reject_page;
 	int page_size;
@@ -140,7 +140,7 @@ struct pangu_rt
 	struct event_base* gc_evbase;
 	struct event* gcev;
-	int plolicy_param_idx;
+	int ctrl_compile_idx;
 	int ca_store_reseting;
 };
@@ -443,26 +443,26 @@ void subscribe_id_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void
 	*ad=NULL;
 }
-static
+static enum manipulate_action manipulate_action_str2idx(const char *action_str)
 int to_val_idx(const char *key)
 {
-	const char *clue_action_map[] = {"redirect",
+	const char *clue_action_map[__MA_ACTION_MAX];
-		"block",
+	clue_action_map[MA_ACTION_REDIRECT]= "redirect";
-		"replace",
+	clue_action_map[MA_ACTION_BLOCK]= "block";
-		"hijack",
+	clue_action_map[MA_ACTION_REPLACE]= "replace";
-		"insert"
+	clue_action_map[MA_ACTION_HIJACK]= "hijack";
-	};
+	clue_action_map[MA_ACTION_INSERT]= "insert";
 	size_t i = 0;
 	for (i = 0; i < sizeof(clue_action_map) / sizeof(const char *); i++)
 	{
-		if (0 == strcasecmp(key, clue_action_map[i]))
+		if (0 == strcasecmp(action_str, clue_action_map[i]))
 			break;
 	}
-	return i;
+	return (enum manipulate_action)i;
 }
-void policy_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
+void policy_action_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
 					 MAAT_RULE_EX_DATA* ad, long argl, void *argp)
 {
 	*ad=NULL;
@@ -470,6 +470,7 @@ void policy_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_d
 	{
 		return;
 	}
 	int rule_id;
 	cJSON *json=NULL, *rules=NULL, *item=NULL;
 	json=cJSON_Parse(srv_def_large);
 	if(json==NULL)
@@ -478,64 +479,71 @@ void policy_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_d
 		return;
 	}
-	struct plolicy_param* param=ALLOC(struct plolicy_param, 1);
+	struct policy_action_param* param=ALLOC(struct policy_action_param, 1);
 	param->ref_cnt=1;
 	pthread_mutex_init(&(param->lock), NULL);
 	item=cJSON_GetObjectItem(json,"method");
-	if(item && item->type==cJSON_String){
+	if(item && item->type==cJSON_String)
-		param->action =to_val_idx(item->valuestring);
+	{
 		param->action =manipulate_action_str2idx(item->valuestring);
 	}
 	switch(param->action)
 	{
 		case MA_ACTION_REDIRECT:
 			item=cJSON_GetObjectItem(json,"code");
-			if(item && item->type==cJSON_Number){
+			if(item && item->type==cJSON_Number)
 			{
 				param->status_code = item->valueint;
 			}
 			item=cJSON_GetObjectItem(json,"to");
-			if(item && item->type==cJSON_String){
+			if(item && item->type==cJSON_String)
 			{
 				param->message = tfe_strdup(item->valuestring);
 			}
 			break;
 		case MA_ACTION_BLOCK:
 			item=cJSON_GetObjectItem(json,"code");
-			if(item && item->type==cJSON_Number){
+			if(item && item->type==cJSON_Number)
 			{
 				param->status_code = item->valueint;
 			}
 			item=cJSON_GetObjectItem(json,"message");
-			if(item && item->type==cJSON_String){
+			if(item && item->type==cJSON_String)
 			{
 				param->message = tfe_strdup(item->valuestring);
 			}
 			item=cJSON_GetObjectItem(json,"html_profile");
-			if(item && item->type==cJSON_Number){
+			if(item && item->type==cJSON_Number)
 			{
 				param->profile_id = item->valueint;
 			}
 			break;
 		case MA_ACTION_REPLACE:
 			rules = cJSON_GetObjectItem(json, "rules");
-			if(rules)
+			if(rules == NULL)
 			{
-				size_t idx = 0;
+				break;
 				param->rule = ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM);
 				for (item = rules->child; item != NULL; item = item->next)
 				{
 					char * search  = cJSON_GetObjectItem(item , "search_in")->valuestring;
 					if (search == NULL) break;
 					param->rule[idx].zone = zone_name_to_id(search);
 					if (param->rule[idx].zone == kZoneMax)
 					{
 						break;
 					}
 					param->rule[idx].find = tfe_strdup(cJSON_GetObjectItem(item , "find")->valuestring);
 					param->rule[idx].replace_with = tfe_strdup(cJSON_GetObjectItem(item , "replace_with")->valuestring);
 					idx++;
 				}
 				param->n_rule = idx;
 			}
 			rule_id = 0;
 			param->rule = ALLOC(struct replace_rule, MAX_EDIT_ZONE_NUM);
 			for (item = rules->child; item != NULL; item = item->next)
 			{
 				char * search  = cJSON_GetObjectItem(item , "search_in")->valuestring;
 				if (search == NULL) break;
 				param->rule[rule_id].zone = zone_name_to_id(search);
 				if (param->rule[rule_id].zone == kZoneMax)
 				{
 					break;
 				}
 				param->rule[rule_id].find = tfe_strdup(cJSON_GetObjectItem(item , "find")->valuestring);
 				param->rule[rule_id].replace_with = tfe_strdup(cJSON_GetObjectItem(item , "replace_with")->valuestring);
 				rule_id++;
 			}
 			param->n_rule = rule_id;
 			break;
 		case MA_ACTION_HIJACK:
 			item=cJSON_GetObjectItem(json,"hijack_profile");
@@ -561,14 +569,14 @@ void policy_param_new(int idx, const struct Maat_rule_t* rule, const char* srv_d
 	return;
 }
-void policy_param_free(int idx, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp)
+void policy_action_param_free_cb(int table_id, const struct Maat_rule_t* rule, const char* srv_def_large, MAAT_RULE_EX_DATA* ad, long argl, void *argp)
 {
 	unsigned int i=0;
 	if(*ad==NULL)
 	{
 		return;
 	}
-	struct plolicy_param* param=(struct plolicy_param*)*ad;
+	struct policy_action_param* param=(struct policy_action_param*)*ad;
 	pthread_mutex_lock(&(param->lock));
 	param->ref_cnt--;
 	if(param->ref_cnt>0)
@@ -592,52 +600,58 @@ void policy_param_free(int idx, const struct Maat_rule_t* rule, const char* srv_
 	return;
 }
-void policy_param_dup(int idx,	MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp)
+void policy_action_param_free(struct policy_action_param* param)
 {
-	struct plolicy_param* from_param=*((struct plolicy_param**)from);
+	policy_action_param_free_cb(0, NULL, NULL, (void**)&param, 0, NULL);
 	pthread_mutex_lock(&(from_param->lock));
 	from_param->ref_cnt++;
 	pthread_mutex_unlock(&(from_param->lock));
 	*((struct plolicy_param**)to)=from_param;
 	return;
 }
-void policy_table_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
+void policy_action_param_dup(int idx,	MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp)
 {
-	int ret=0, cfg_id=0, is_valid=0;
+	struct policy_action_param* from_param=*((struct policy_action_param**)from);
 	pthread_mutex_lock(&(from_param->lock));
 	from_param->ref_cnt++;
 	pthread_mutex_unlock(&(from_param->lock));
 	*((struct policy_action_param**)to)=from_param;
 	return;
 }
 void ma_profile_table_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
 {
 	int ret=0, profile_id=0, is_valid=0;
 	char profile_name[128]={0}, formate[128]={0};
 	char profile_path[TFE_PATH_MAX]={0};
-	ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%d", &cfg_id, profile_name, formate, profile_path, &is_valid);
+	ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%d", &profile_id, profile_name, formate, profile_path, &is_valid);
 	if(ret!=5)
 	{
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Policy table parse config failed: %s", table_line);
 		return;
 	}
-	struct policy_object* ply_obj=ALLOC(struct policy_object, 1);
+	struct manipulate_profile* ply_profile=ALLOC(struct manipulate_profile, 1);
-	ply_obj->cfg_id=cfg_id;
+	ply_profile->profile_id=profile_id;
 	if(strcasecmp(formate, "template") == 0)
 	{
-		ply_obj->tpl = ctemplate::Template::GetTemplate(profile_path, ctemplate::DO_NOT_STRIP);
+		ply_profile->tpl = ctemplate::Template::GetTemplate(profile_path, ctemplate::DO_NOT_STRIP);
 	}else
 	{
-		ply_obj->profile_msg = execute_read_file(profile_path, &ply_obj->msg_len);
+		ply_profile->profile_msg = execute_read_file(profile_path, &ply_profile->msg_len);
-		if (ply_obj->profile_msg == NULL)
+		if (ply_profile->profile_msg == NULL)
 		{
-			TFE_LOG_ERROR(g_pangu_rt->local_logger, "Read file failed %d:%s:%s", cfg_id, profile_name, profile_path);
+			TFE_LOG_ERROR(g_pangu_rt->local_logger, "Read file failed %d:%s:%s", profile_id, profile_name, profile_path);
 		}
 	}
-	ply_obj->profile_name=tfe_strdup(profile_name);
+	ply_profile->profile_name=tfe_strdup(profile_name);
-	ply_obj->profile_type=tfe_strdup(formate);
+	ply_profile->profile_type=tfe_strdup(formate);
-	*ad = ply_obj;
+	*ad = ply_profile;
 	return;
 }
-void policy_table_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+void ma_profile_table_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
 {
-	struct policy_object* ply_obj=(struct policy_object*)(*ad);
+	struct manipulate_profile* ply_obj=(struct manipulate_profile*)(*ad);
 	FREE(&ply_obj->profile_type);
 	FREE(&ply_obj->profile_msg);
 	FREE(&ply_obj->profile_name);
@@ -645,9 +659,9 @@ void policy_table_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void
 	*ad=NULL;
 }
-void policy_table_dup_cb(int table_id,	MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
+void ma_profile_table_dup_cb(int table_id,	MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
 {
-	struct policy_object* ply_obj=(struct policy_object*)(*from);
+	struct manipulate_profile* ply_obj=(struct manipulate_profile*)(*from);
 	*to=ply_obj;
 }
@@ -658,103 +672,46 @@ int maat_table_init(const char* table_name,
 	int table_id=0;
 	table_id=Maat_table_register(g_pangu_rt->maat, table_name);
-	if(table_id<0)
+	if(table_id>=0)
 	{
-		goto finish;
+		Maat_table_callback_register(g_pangu_rt->maat, table_id,
 									 start, update, finish,	u_para);
 	}
 	Maat_table_callback_register(g_pangu_rt->maat, table_id,
 								 start, update, finish,	u_para);
 finish:
 	return table_id;
 }
-int maat_table_ex_init(const char* table_name, int policy_id,
+int maat_table_ex_init(int profile_idx,
 					   Maat_plugin_EX_new_func_t* new_func,
 					   Maat_plugin_EX_free_func_t* free_func,
 					   Maat_plugin_EX_dup_func_t* dup_func)
 {
 	int table_id = 0;
 	table_id=g_pangu_rt->plolicy_table_id[policy_id]=Maat_table_register(g_pangu_rt->maat, table_name);
 	if(table_id<0)
 	{
 		goto finish;
 	}
 	table_id=Maat_plugin_EX_register(g_pangu_rt->maat,
 								     table_id,
 								     new_func,free_func,
 								     dup_func,NULL,0,NULL);
 finish:
 	return table_id;
 }
 int panggu_policy_init()
 {
 	int table_id=0, policy_id = 0;
 	const char *table_name_map[] = {"PXY_PROFILE_RESPONSE_PAGES",
-		"PXY_PROFILE_HIJACK_FILES",
+									"PXY_PROFILE_HIJACK_FILES",
-		"PXY_PROFILE_INSERT_SCRIPTS",
+									"PXY_PROFILE_INSERT_SCRIPTS"};
 	};
-	table_id = maat_table_init("PXY_OBJ_TRUSTED_CA_CERT",
+	table_id=g_pangu_rt->plolicy_table_id[profile_idx]=Maat_table_register(g_pangu_rt->maat, table_name_map[profile_idx]);
-							   trusted_CA_update_start_cb,
+	if(table_id >= 0)
 							   trusted_CA_update_cert_cb,
 							   trusted_CA_update_finish_cb,
 							   g_pangu_rt);
 	if(table_id<0)
 	{
-		TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_OBJ_TRUSTED_CA_CERT failed.");
+		table_id=Maat_plugin_EX_register(g_pangu_rt->maat,
-		goto finish;
+									     table_id,
 									     new_func,
 									     free_func,
 									     dup_func,
 									     NULL, 0, NULL);
 		return 0;
 	}
 	TFE_LOG_INFO(NULL, "Pangu HTTP register table %s failed.", table_name_map[profile_idx]);
-	table_id = maat_table_init("PXY_OBJ_TRUSTED_CA_CRL",
+	return -1;
 							   trusted_CA_update_start_cb,
 							   trusted_CA_update_crl_cb,
 							   trusted_CA_update_finish_cb,
 							   g_pangu_rt);
 	if(table_id<0)
 	{
 		TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_OBJ_TRUSTED_CA_CRL failed.");
 		goto finish;
 	}
 	for (policy_id = 0; policy_id <POLICY_TABLE_MAX; policy_id++)
 	{
 		table_id = maat_table_ex_init(table_name_map[policy_id], policy_id,
 									  policy_table_new_cb,
 									  policy_table_free_cb,
 									  policy_table_dup_cb);
 		if(table_id<0)
 		{
 			TFE_LOG_INFO(NULL, "Pangu HTTP register table %s failed.", table_name_map[policy_id]);
 			goto finish;
 		}
 	}
 finish:
 	return table_id;
 }
-int pangu_http_init(struct tfe_proxy * proxy)
+int pangu_policy_init(const char* profile_path, const char* static_section, const char* dynamic_section)
 {
-	const char * profile = "./conf/pangu/pangu_pxy.conf";
+	int ret = 0;
-	const char * logfile = "./log/pangu_pxy.log";
+	int profile_table_idx = 0;
 	int table_id=0, temp=0;
-	g_pangu_rt = ALLOC(struct pangu_rt, 1);
+	g_pangu_rt->maat = create_maat_feather("static", profile_path, static_section, g_pangu_rt->thread_num, g_pangu_rt->local_logger);
 	g_pangu_rt->thread_num = tfe_proxy_get_work_thread_count();
 	g_pangu_rt->gc_evbase=tfe_proxy_get_gc_evbase();
 	MESA_load_profile_int_def(profile, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level), 0);
 	g_pangu_rt->local_logger = MESA_create_runtime_log_handle(logfile, g_pangu_rt->log_level);
 	g_pangu_rt->send_logger = pangu_log_handle_create(profile, "LOG", g_pangu_rt->local_logger);
 	if (!g_pangu_rt->send_logger)
 	{
 		goto error_out;
 	}
 	g_pangu_rt->fs_handle = tfe_proxy_get_fs_handle();
 	pangu_http_stat_init(g_pangu_rt);
 	g_pangu_rt->maat = create_maat_feather("static", profile, "MAAT", g_pangu_rt->thread_num, g_pangu_rt->local_logger);
 	if (!g_pangu_rt->maat)
 	{
 		goto error_out;
@@ -778,57 +735,119 @@ int pangu_http_init(struct tfe_proxy * proxy)
 		}
 	}
-	g_pangu_rt->plolicy_param_idx=Maat_rule_get_ex_new_index(g_pangu_rt->maat, "PXY_CTRL_COMPILE",
+	g_pangu_rt->ctrl_compile_idx=Maat_rule_get_ex_new_index(g_pangu_rt->maat, "PXY_CTRL_COMPILE",
-													         policy_param_new, policy_param_free, policy_param_dup,
+													         policy_action_param_new,
 													         policy_action_param_free_cb,
 													         policy_action_param_dup,
 													  		 0, NULL);
-	table_id = panggu_policy_init();
+	ret = maat_table_init("PXY_PROFILE_TRUSTED_CA_CERT",
-	if(table_id<0)
+						   trusted_CA_update_start_cb,
 						   trusted_CA_update_cert_cb,
 						   trusted_CA_update_finish_cb,
 						   g_pangu_rt);
 	if(ret<0)
 	{
 		TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_OBJ_TRUSTED_CA_CERT failed.");
 		goto error_out;
 	}
-	g_pangu_rt->dyn_maat = create_maat_feather("dyn", profile, "DYNAMIC_MAAT", g_pangu_rt->thread_num, g_pangu_rt->local_logger);
+	ret = maat_table_init("PXY_OBJ_TRUSTED_CA_CRL",
 						   trusted_CA_update_start_cb,
 						   trusted_CA_update_crl_cb,
 						   trusted_CA_update_finish_cb,
 						   g_pangu_rt);
 	if(ret<0)
 	{
 		TFE_LOG_INFO(NULL, "Pangu HTTP register table PXY_OBJ_TRUSTED_CA_CRL failed.");
 		goto error_out;
 	}
 	for (profile_table_idx = 0; profile_table_idx <POLICY_PROFILE_TABLE_MAX; profile_table_idx++)
 	{
 		ret = maat_table_ex_init(profile_table_idx,
 								 ma_profile_table_new_cb,
 								 ma_profile_table_free_cb,
 								 ma_profile_table_dup_cb);
 		if(ret<0)
 		{
 			goto error_out;
 		}
 	}
 	g_pangu_rt->dyn_maat = create_maat_feather("dyn", profile_path, dynamic_section, g_pangu_rt->thread_num, g_pangu_rt->local_logger);
 	if (!g_pangu_rt->maat)
 	{
 		goto error_out;
 	}
-	g_pangu_rt->subscribe_id_table_id=Maat_table_register(g_pangu_rt->dyn_maat, "IPD_DYN_SUBSCRIBE_IP");
+	g_pangu_rt->subscriber_id_table_id=Maat_table_register(g_pangu_rt->dyn_maat, "IPD_DYN_SUBSCRIBE_IP");
-	temp=Maat_plugin_EX_register(g_pangu_rt->dyn_maat,
+	ret=Maat_plugin_EX_register(g_pangu_rt->dyn_maat,
-							g_pangu_rt->subscribe_id_table_id,
+							g_pangu_rt->subscriber_id_table_id,
 							subscribe_id_new_cb,
 							subscribe_id_free_cb,
 							subscribe_id_dup_cb,
 							NULL,
 							0,
 							NULL);
-	if(temp!=0)
+	if(ret!=0)
 	{
 		TFE_LOG_ERROR(NULL, "Pangu HTTP Dynamic Maat  IPD_DYN_SUBSCIBE_IP EX data register failed.");
 		goto error_out;
 	}
 error_out:
 	return ret;
 }
 int pangu_http_init(struct tfe_proxy * proxy)
 {
 	const char * profile_path = "./conf/pangu/pangu_pxy.conf";
 	const char * logfile = "./log/pangu_pxy.log";
 	int temp=0;
 	g_pangu_rt = ALLOC(struct pangu_rt, 1);
 	g_pangu_rt->thread_num = tfe_proxy_get_work_thread_count();
 	g_pangu_rt->gc_evbase=tfe_proxy_get_gc_evbase();
 	MESA_load_profile_int_def(profile_path, "DEBUG", "LOG_LEVEL", &(g_pangu_rt->log_level), 0);
 	g_pangu_rt->local_logger = MESA_create_runtime_log_handle(logfile, g_pangu_rt->log_level);
 	g_pangu_rt->send_logger = pangu_log_handle_create(profile_path, "LOG", g_pangu_rt->local_logger);
 	if (!g_pangu_rt->send_logger)
 	{
 		goto error_out;
 	}
 	g_pangu_rt->fs_handle = tfe_proxy_get_fs_handle();
 	pangu_http_stat_init(g_pangu_rt);
 	if(pangu_policy_init(profile_path, "MAAT", "DYNAMIC_MAAT")<0)
 	{
 		goto error_out;
 	}
 	char page_path[256];
 	memset(page_path, 0, sizeof(page_path));
-	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_403", page_path, sizeof(page_path),
+	MESA_load_profile_string_def(profile_path, "TEMPLATE", "PAGE_403", page_path, sizeof(page_path),
 		"./resource/pangu/HTTP403.html");
 	g_pangu_rt->tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
 	memset(page_path, 0, sizeof(page_path));
-	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_404", page_path, sizeof(page_path),
+	MESA_load_profile_string_def(profile_path, "TEMPLATE", "PAGE_404", page_path, sizeof(page_path),
 		"./resource/pangu/HTTP404.html");
 	g_pangu_rt->tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
 	memset(page_path, 0, sizeof(page_path));
-	MESA_load_profile_string_def(profile, "TEMPLATE", "PAGE_451", page_path, sizeof(page_path),
+	MESA_load_profile_string_def(profile_path, "TEMPLATE", "PAGE_451", page_path, sizeof(page_path),
 		"./resource/pangu/HTTP451.html");
 	g_pangu_rt->tpl_451 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
-	MESA_load_profile_int_def(profile, "TANGO_CACHE", "suspend_max", &(temp), 1024*1024);
+	MESA_load_profile_int_def(profile_path, "TANGO_CACHE", "suspend_max", &(temp), 1024*1024);
 	g_pangu_rt->suspend_max=temp;
-	MESA_load_profile_int_def(profile, "TANGO_CACHE", "enable_cache", &(g_pangu_rt->cache_enabled), 1);
+	MESA_load_profile_int_def(profile_path, "TANGO_CACHE", "enable_cache", &(g_pangu_rt->cache_enabled), 1);
 	if(g_pangu_rt->cache_enabled)
 	{
-		g_pangu_rt->cache = create_web_cache_handle(profile, "TANGO_CACHE", g_pangu_rt->gc_evbase,
+		g_pangu_rt->cache = create_web_cache_handle(profile_path, "TANGO_CACHE", g_pangu_rt->gc_evbase,
 															g_pangu_rt->maat, g_pangu_rt->local_logger);
 		if(!g_pangu_rt->cache)
 		{
@@ -874,7 +893,7 @@ struct pangu_http_ctx
 	struct Maat_rule_t * enforce_rules;
 	size_t n_enforce;
 	char * enforce_para;
-	struct plolicy_param *param;
+	struct policy_action_param *param;
 	struct evbuffer* log_req_body, *log_resp_body;
 	struct replace_ctx * rep_ctx;
@@ -910,6 +929,10 @@ void http_repl_ctx_free(struct replace_ctx* rep_ctx)
 void http_ins_ctx_free(struct insert_ctx* ins_ctx)
 {
 	FREE(&ins_ctx->rule->script);
 	FREE(&ins_ctx->rule->type);
 	if (ins_ctx->rule->position)
 		FREE(&ins_ctx->rule->position);
 	FREE(&(ins_ctx->rule));
 	if (ins_ctx->http_body)
 	{
@@ -1009,6 +1032,18 @@ static inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct
 	return;
 }
 static struct manipulate_profile* get_profile_by_id(int profile_table, int profile_id)
 {
 	struct manipulate_profile* result=NULL;
 	char cfg_id_str[16] = {0};
 	snprintf(cfg_id_str, sizeof(cfg_id_str), "%d", profile_id);
 	int table_id = g_pangu_rt->plolicy_table_id[profile_table];
 	result = (struct manipulate_profile*)Maat_plugin_get_EX_data(g_pangu_rt->maat, table_id, (const char*)cfg_id_str);
 	return result;
 }
 static int pangu_action_weight[__PG_ACTION_MAX] = {0};
 void __pangu_action_weight_init()  __attribute__((constructor, used));
 void __pangu_action_weight_init()
@@ -1027,7 +1062,7 @@ static inline int action_cmp(enum pangu_action a1, enum pangu_action a2)
 //enforce_rules[0] contains execute action.
 static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules, size_t n_hit,
-	struct Maat_rule_t ** enforce_rules, size_t * n_enforce, struct plolicy_param **param)
+	struct Maat_rule_t ** enforce_rules, size_t * n_enforce, struct policy_action_param **param)
 {
 	size_t n_monit = 0, exist_enforce_num = 0, i = 0;
 	const struct Maat_rule_t * prior_rule = hit_rules;
@@ -1089,10 +1124,10 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
 		memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct Maat_rule_t));
 	}
-	void *ex_data=Maat_rule_get_ex_data(g_pangu_rt->maat, prior_rule, g_pangu_rt->plolicy_param_idx);
+	void *ex_data=Maat_rule_get_ex_data(g_pangu_rt->maat, prior_rule, g_pangu_rt->ctrl_compile_idx);
 	if(ex_data!=NULL)
 	{
-		*param=(struct plolicy_param*)ex_data;
+		*param=(struct policy_action_param*)ex_data;
 	}
 	return prior_action;
@@ -1122,68 +1157,50 @@ static void template_generate(int status_code, int cfg_id, const char* msg, char
 	*page_buff = tfe_strdup(output.c_str());
 }
-static int html_generate(int cfg_id, const char* msg, char ** page_buff, size_t * page_size)
+void manipulate_profile_free(struct manipulate_profile* ma_profile)
 {
 	FREE(&ma_profile->profile_type);
 	FREE(&ma_profile->profile_msg);
 	FREE(&ma_profile->profile_name);
 	FREE(&ma_profile);
 }
 static int html_generate(int profile_id, const char* msg, char ** page_buff, size_t * page_size)
 {
 #define KEY_LEN 16
 	int ret = 0;
 	struct policy_object* ply_obj=NULL;
-	int tables_id = g_pangu_rt->plolicy_table_id[POLICY_TABLE_REJECT];
+	struct manipulate_profile* block_profile=get_profile_by_id(POLICY_PROFLIE_TABLE_REJECT, profile_id);
-
+	if(block_profile==NULL)
 	char cfg_id_str[KEY_LEN] = {0};
 	snprintf(cfg_id_str, KEY_LEN, "%d", cfg_id);
 	ply_obj = (struct policy_object*)Maat_plugin_get_EX_data(g_pangu_rt->maat, tables_id, (const char*)cfg_id_str);
 	if(ply_obj==NULL)
 	{
 		ret=-1;
 		return ret;
 	}
-	if(!strncmp(ply_obj->profile_type, "template", strlen(ply_obj->profile_type)))
+	if(!strncmp(block_profile->profile_type, "template", strlen(block_profile->profile_type)))
 	{
 		ctemplate::TemplateDictionary dict("pg_page_dict");	//dict is automatically finalized after function returned.
-		dict.SetIntValue("cfg_id", cfg_id);
+		dict.SetIntValue("cfg_id", profile_id);
 		dict.SetValue("msg", msg);
 		std::string output;
-		ply_obj->tpl->Expand(&output, &dict);
+		block_profile->tpl->Expand(&output, &dict);
 		*page_size = output.length() + 1;
 		*page_buff = tfe_strdup(output.c_str());
 	}
 	else
 	{
-		*page_size = ply_obj->msg_len;
+		*page_size = block_profile->msg_len;
-		*page_buff = ply_obj->profile_msg;
+		*page_buff = tfe_strdup(block_profile->profile_msg);
 	}
 	block_profile=NULL;
 	return ret;
 }
 static void html_free(char ** page_buff)
 {
-	if (*page_buff)
+	FREE(page_buff);
 		FREE(page_buff);
 	return;
 }
 static struct policy_object* get_obj_for_id(int cfg_id)
 {
 #define KEY_LEN 16
 	struct policy_object* ply_obj=NULL;
 	char cfg_id_str[KEY_LEN] = {0};
 	snprintf(cfg_id_str, KEY_LEN, "%d", cfg_id);
 	int tables_id = g_pangu_rt->plolicy_table_id[POLICY_TABLE_HIJACK];
 	ply_obj = (struct policy_object*)Maat_plugin_get_EX_data(g_pangu_rt->maat, tables_id, (const char*)cfg_id_str);
 	if(ply_obj==NULL)
 	{
 		goto finish;
 	}
 finish:
 	return ply_obj;
 }
 void http_replace(const struct tfe_stream * stream, const struct tfe_http_session * session, enum tfe_http_event events,
 	const unsigned char * body_frag, size_t frag_size, struct pangu_http_ctx * ctx)
 {
@@ -1206,7 +1223,7 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio
 		 * the header has been forwarded, only replace the body but not modify header will raise exception */
 		if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR))
 		{
-			struct plolicy_param *param = ctx->param;
+			struct policy_action_param *param = ctx->param;
 			ctx->rep_ctx = rep_ctx = ALLOC(struct replace_ctx, 1);
 			rep_ctx->rule = param->rule;
 			rep_ctx->n_rule = param->n_rule;
@@ -1344,7 +1361,7 @@ static void http_reject(const struct tfe_http_session * session, enum tfe_http_e
 	char *msg = NULL;
 	struct tfe_http_session * to_write_sess = NULL;
-	struct plolicy_param *param = ctx->param;
+	struct policy_action_param *param = ctx->param;
 	resp_code = param->status_code;
 	msg = param->message;
@@ -1384,7 +1401,7 @@ static void http_redirect(const struct tfe_http_session * session, enum tfe_http
 	struct tfe_http_half * response = NULL;
 	struct tfe_http_session * to_write = NULL;
-	struct plolicy_param *param = ctx->param;
+	struct policy_action_param *param = ctx->param;
 	int resp_code   = param->status_code;
 	char *rd_url    = param->message;
@@ -1422,13 +1439,13 @@ static void http_block(const struct tfe_http_session * session, enum tfe_http_ev
 	char cont_len_str[16];
-	struct plolicy_param *param = ctx->param;
+	struct policy_action_param *param = ctx->param;
 	int resp_code = param->status_code;
-	int cfg_id    = param->profile_id;
+	int profile_id    = param->profile_id;
 	char *message = param->message;
-	if (resp_code <= 0 || cfg_id <= 0){
+	if (resp_code <= 0 || profile_id <= 0){
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid block rule %d", ctx->enforce_rules[0].config_id);
 		ctx->action = PG_ACTION_NONE;
 		return;
@@ -1441,10 +1458,10 @@ static void http_block(const struct tfe_http_session * session, enum tfe_http_ev
 		to_write_sess = tfe_http_session_allow_write(session);
 		response = tfe_http_session_response_create(to_write_sess, resp_code);
-		ret = html_generate(cfg_id, message, &page_buff, &page_size);
+		ret = html_generate(profile_id, message, &page_buff, &page_size);
 		if (ret != 0)
 		{
-			TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, table_id = %d", cfg_id);
+			TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, table_id = %d", profile_id);
 			ctx->action = PG_ACTION_NONE;
 		}
 		tfe_http_std_field_write(response, TFE_HTTP_CONT_TYPE, "text/html; charset=utf-8");
@@ -1468,91 +1485,65 @@ static void http_block(const struct tfe_http_session * session, enum tfe_http_ev
 static void http_hijack(const struct tfe_http_session * session, enum tfe_http_event events,
 					 	struct pangu_http_ctx * ctx)
 {
-	struct plolicy_param *param = ctx->param;
+	struct policy_action_param *param = ctx->param;
 	struct tfe_http_half * response = NULL;
-	int cfg_id = param->profile_id;
+	if (param->profile_id <= 0 || !(events & EV_HTTP_RESP_HDR || tfe_http_in_request(events)))
-
+	{
 	if (cfg_id <= 0){
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid hijack rule %d",
 		ctx->enforce_rules[0].config_id);
 		ctx->action = PG_ACTION_NONE;
 		return;
 	}
-	struct tfe_http_half * response = NULL;
+	struct manipulate_profile* hijack_profile=get_profile_by_id(POLICY_PROFILE_TABLE_HIJACK, param->profile_id);
-	char cont_len_str[16];
+	if (NULL == hijack_profile)
 	{
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "get table obj faild, table_id = %d", param->profile_id);
 		ctx->action = PG_ACTION_NONE;
 		return;
 	}
 	struct tfe_http_session * to_write_sess = NULL;
-	if(events & EV_HTTP_RESP_HDR || tfe_http_in_request(events))
+	char cont_len_str[16];
 	{
 		to_write_sess = tfe_http_session_allow_write(session);
 		response = tfe_http_session_response_create(to_write_sess, 200);
-		struct policy_object* ply_obj=get_obj_for_id(cfg_id);
+	to_write_sess = tfe_http_session_allow_write(session);
-		if (NULL == ply_obj){
+	response = tfe_http_session_response_create(to_write_sess, 200);
 			TFE_LOG_ERROR(g_pangu_rt->local_logger, "get table obj faild, table_id = %d", cfg_id);
 			ctx->action = PG_ACTION_NONE;
 			return;
 		}
 		int hijack_len = strlen(ply_obj->profile_name)+strlen("filename=\"\"")+1;
 		char *hijack_name = ALLOC(char, hijack_len);
 		snprintf(hijack_name, hijack_len, "filename=\"%s\"", ply_obj->profile_name);
 		tfe_http_nonstd_field_write(response, "Content-Disposition", hijack_name);
 		FREE(&hijack_name);
 		tfe_http_std_field_write(response, TFE_HTTP_CONT_TYPE, ply_obj->profile_type);
 		snprintf(cont_len_str, sizeof(cont_len_str), "%lu", ply_obj->msg_len);
 		tfe_http_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str);
-		char * page_buff = ply_obj->profile_msg;
+	int hijack_len = strlen(hijack_profile->profile_name)+strlen("filename=\"\"")+1;
-		size_t page_size = ply_obj->msg_len;
+	char *hijack_name = ALLOC(char, hijack_len);
 	snprintf(hijack_name, hijack_len, "filename=\"%s\"", hijack_profile->profile_name);
 	tfe_http_nonstd_field_write(response, "Content-Disposition", hijack_name);
 	FREE(&hijack_name);
 	tfe_http_std_field_write(response, TFE_HTTP_CONT_TYPE, hijack_profile->profile_type);
 	snprintf(cont_len_str, sizeof(cont_len_str), "%lu", hijack_profile->msg_len);
 	tfe_http_std_field_write(response, TFE_HTTP_CONT_LENGTH, cont_len_str);
-		size_t frag_size=8192; size_t sendlen=0;
+	tfe_http_half_append_body(response, hijack_profile->profile_msg, hijack_profile->msg_len, 0);
-		unsigned char body_frag[frag_size + 1];
+	tfe_http_half_append_body(response, NULL, 0, 0);
 	tfe_http_session_response_set(to_write_sess, response);
 	tfe_http_session_detach(session);
 	hijack_profile=NULL;
 		tfe_http_session_response_set(to_write_sess, response);
 		tfe_http_half_write_body_begin(response, 1);
 		for (sendlen= 0; sendlen < page_size; sendlen+=frag_size)
 		{
 			memcpy(body_frag, page_buff+sendlen, frag_size);
 			tfe_http_half_write_body_data(response, body_frag, frag_size);
 			memset(body_frag, 0, frag_size);
 		}
 		tfe_http_half_write_body_end(response);
 		tfe_http_session_detach(session);
 	}
 	else
 	{
 		to_write_sess = tfe_http_session_allow_write(session);
 		tfe_http_session_kill(to_write_sess);
 	}
 	return;
 }
-static int format_insert_rule(struct plolicy_param *param, int cfg_id, struct insert_rule *rule)
+static int format_insert_rule(int profile_id, const char* insert_position, struct insert_rule *rule)
 {
 #define KEY_LEN 16
 	int ret = 0;
 	struct policy_object* ply_obj=NULL;
-	int tables_id = g_pangu_rt->plolicy_table_id[POLICY_TABLE_INSERT];
+	struct manipulate_profile* insert_profile=get_profile_by_id(POLICY_PROFILE_TABLE_INSERT, profile_id);
-
+	if(insert_profile==NULL)
 	char cfg_id_str[KEY_LEN] = {0};
 	snprintf(cfg_id_str, KEY_LEN, "%d", cfg_id);
 	ply_obj = (struct policy_object*)Maat_plugin_get_EX_data(g_pangu_rt->maat, tables_id, (const char*)cfg_id_str);
 	if(ply_obj==NULL)
 	{
 		ret=-1;
 		return ret;
 	}
-	rule->stype = ply_obj->profile_msg;
+	rule->script = tfe_strdup(insert_profile->profile_msg);
-	rule->type = ply_obj->profile_type;
+	rule->type = tfe_strdup(insert_profile->profile_type);
-	if (param->position == NULL){
+	if (insert_position)
-		rule->position = NULL;
+		rule->position=tfe_strdup(insert_position);
-	}else{
+ 	insert_profile=NULL;
 		rule->position = param->position;
 	}
 	return ret;
 }
@@ -1563,7 +1554,7 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
 	char * rewrite_buff = NULL;
 	size_t rewrite_sz = 0;
-	struct plolicy_param *param = ctx->param;
+	struct policy_action_param *param = ctx->param;
 	to_write_sess = tfe_http_session_allow_write(session);
 	if (to_write_sess == NULL)	  //fail to wirte, abandon.
@@ -1576,15 +1567,16 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
 	struct insert_ctx *ins_ctx = ctx->ins_ctx;
 	if (ctx->ins_ctx == NULL)
 	{
 		/* we must determinate the replace action on HTTP header, otherwise,
 		 * the header has been forwarded, only replace the body but not modify header will raise exception */
 		if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR))
 		{
 			int cfg_id = param->profile_id;
 			ctx->ins_ctx = ins_ctx = ALLOC(struct insert_ctx, 1);
 			ins_ctx->rule = ALLOC(struct insert_rule, 1);
-			int ret=format_insert_rule(param, cfg_id, ins_ctx->rule);
+			int ret=format_insert_rule(param->profile_id, param->position, ins_ctx->rule);
 			if (ret<0)
 			{
-				TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, table_id = %d", cfg_id);
+				TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get policy table, table_id = %d", param->profile_id);
 				ctx->action = PG_ACTION_NONE;
 				return;
 			}
@@ -1643,21 +1635,22 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
 	if ((events & EV_HTTP_REQ_BODY_END) || (events & EV_HTTP_RESP_BODY_END))
 	{
-		char * __http_body = (char *) evbuffer_pullup(ins_ctx->http_body, -1);
+		char * http_body = (char *) evbuffer_pullup(ins_ctx->http_body, -1);
-		size_t __http_body_len = evbuffer_get_length(ins_ctx->http_body);
+		size_t http_body_len = evbuffer_get_length(ins_ctx->http_body);
 		const char* cont_type_val=tfe_http_std_field_read(ins_ctx->replacing, TFE_HTTP_CONT_TYPE);
 		rewrite_buff = NULL;
 		rewrite_sz = 0;
-		rewrite_sz = execute_insert_rule(__http_body, __http_body_len, ins_ctx->rule, &rewrite_buff);
+		rewrite_sz = execute_insert_rule(http_body, http_body_len, ins_ctx->rule, &rewrite_buff);
-		if (rewrite_sz >0 )
+		if (rewrite_sz >0 && strstr(cont_type_val, "text/html"))
 		{
 			tfe_http_half_append_body(ins_ctx->replacing, rewrite_buff, rewrite_sz, 0);
 			ins_ctx->actually_replaced=1;
 		}
 		else
 		{
-			tfe_http_half_append_body(ins_ctx->replacing, __http_body, __http_body_len, 0);
+			tfe_http_half_append_body(ins_ctx->replacing, http_body, http_body_len, 0);
 		}
 		if (rewrite_buff != NULL)
@@ -1684,7 +1677,7 @@ static void http_insert(const struct tfe_stream * stream, const struct tfe_http_
 static void http_manipulate(const struct tfe_stream * stream, const struct tfe_http_session * session,
 	enum tfe_http_event events, const unsigned char * body_frag, size_t frag_size, struct pangu_http_ctx * ctx)
 {
-	struct plolicy_param *param = ctx->param;
+	struct policy_action_param *param = ctx->param;
 	if (param == NULL)
 	{
 		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Failed to get the json format parsed. config_id = %d",
@@ -2138,8 +2131,8 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
 	tmp=tfe_stream_addr_str_split(addr_string, &sip, NULL, &dip, NULL);
 	assert(tmp==0);
-	source_subscribe_id=(char*)Maat_plugin_get_EX_data(g_pangu_rt->dyn_maat, g_pangu_rt->subscribe_id_table_id, sip);
+	source_subscribe_id=(char*)Maat_plugin_get_EX_data(g_pangu_rt->dyn_maat, g_pangu_rt->subscriber_id_table_id, sip);
-	dest_subscribe_id=(char*)Maat_plugin_get_EX_data(g_pangu_rt->dyn_maat, g_pangu_rt->subscribe_id_table_id, dip);
+	dest_subscribe_id=(char*)Maat_plugin_get_EX_data(g_pangu_rt->dyn_maat, g_pangu_rt->subscriber_id_table_id, dip);
 	if(source_subscribe_id!=NULL)
 	{
--- a/plugin/business/pangu-http/src/pangu_logger.cpp
+++ b/plugin/business/pangu-http/src/pangu_logger.cpp
@@ -173,8 +173,9 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 	common_obj=cJSON_CreateObject();
 	cur_time = time(NULL);
-	
+
-	cJSON_AddNumberToObject(common_obj, "found_time", cur_time);
+	cJSON_AddNumberToObject(common_obj, "start_time", cur_time);
 	cJSON_AddNumberToObject(common_obj, "end_time", cur_time);
 	cJSON_AddNumberToObject(common_obj, "recv_time", cur_time);
 	switch(addr->addrtype)
@@ -183,20 +184,20 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 			cJSON_AddNumberToObject(common_obj, "addr_type", 4);
 			inet_ntop(AF_INET, &addr->tuple4_v4->saddr, src_ip_str, sizeof(src_ip_str));
 			inet_ntop(AF_INET, &addr->tuple4_v4->daddr, dst_ip_str, sizeof(dst_ip_str));
-			cJSON_AddStringToObject(common_obj, "s_ip", src_ip_str);					
+			cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str);
-			cJSON_AddStringToObject(common_obj, "d_ip", dst_ip_str);
+			cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str);
-			cJSON_AddNumberToObject(common_obj, "s_port", ntohs(addr->tuple4_v4->source));
+			cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v4->source));
-			cJSON_AddNumberToObject(common_obj, "d_port", ntohs(addr->tuple4_v4->dest));
+			cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v4->dest));
 			cJSON_AddStringToObject(common_obj, "trans_proto", "IPv4_TCP");
 			break;
 		case TFE_ADDR_STREAM_TUPLE4_V6:
 			cJSON_AddNumberToObject(common_obj, "addr_type", 6);
 			inet_ntop(AF_INET6, &addr->tuple4_v6->saddr, src_ip_str, sizeof(src_ip_str));
 			inet_ntop(AF_INET6, &addr->tuple4_v6->daddr, dst_ip_str, sizeof(dst_ip_str));
-			cJSON_AddStringToObject(common_obj, "s_ip", src_ip_str);					
+			cJSON_AddStringToObject(common_obj, "client_ip", src_ip_str);
-			cJSON_AddStringToObject(common_obj, "d_ip", dst_ip_str);
+			cJSON_AddStringToObject(common_obj, "server_ip", dst_ip_str);
-			cJSON_AddNumberToObject(common_obj, "s_port", ntohs(addr->tuple4_v6->source));
+			cJSON_AddNumberToObject(common_obj, "client_port", ntohs(addr->tuple4_v6->source));
-			cJSON_AddNumberToObject(common_obj, "d_port", ntohs(addr->tuple4_v6->dest));
+			cJSON_AddNumberToObject(common_obj, "server_port", ntohs(addr->tuple4_v6->dest));
 			cJSON_AddStringToObject(common_obj, "trans_proto", "IPv6_TCP");
 			break;
 		default:
@@ -207,7 +208,6 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 	cJSON_AddStringToObject(common_obj, "cap_ip", handle->local_ip_str);
 	cJSON_AddNumberToObject(common_obj, "entrance_id", handle->entry_id);
 	cJSON_AddNumberToObject(common_obj, "device_id", 0);
 	cJSON_AddStringToObject(common_obj, "user_region", "null");
 	cJSON_AddStringToObject(common_obj, "url", http->req->req_spec.url);
 	for(size_t i=0;i<sizeof(req_fields)/sizeof(struct json_spec);i++)
 	{
@@ -296,8 +296,9 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 		}
 		per_hit_obj=cJSON_Duplicate(common_obj, 1);
-		cJSON_AddNumberToObject(per_hit_obj, "cfg_id", log_msg->result[i].config_id);
+		cJSON_AddNumberToObject(per_hit_obj, "policy_id", log_msg->result[i].config_id);
 		cJSON_AddNumberToObject(per_hit_obj, "service", log_msg->result[i].service_id);
 		cJSON_AddNumberToObject(per_hit_obj, "action", log_msg->result[i].action);
 		log_payload = cJSON_Print(per_hit_obj);
 		TFE_LOG_DEBUG(handle->local_logger, "%s", log_payload);
--- a/plugin/business/pangu-http/src/pattern_replace.cpp
+++ b/plugin/business/pangu-http/src/pattern_replace.cpp
@@ -279,72 +279,71 @@ size_t execute_replace_rule(const char * in, size_t in_sz,
 	}
 }
-size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char *stype, const char *type, char** out)
+size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char *script, const char *type, char** out)
 {
 	char *target=NULL;
-	size_t outlen=0, target_size=0;
+	size_t target_size=0;
 	char position[]="</head>";
-	/* "<script type=\"text/javascript\" class=\"RQ_SCRIPT\"></script>"*/
+	const char* js_style="<script type=\"text/javascript\" class=\"RQ_SCRIPT\">%s</script>";
-	int js_type_len = 58;
+	const char* css_style= "<style type=\"text/css\" class=\"RQ_SCRIPT\">%s</style>";
-	/*"<style type=\"text/css\" class=\"RQ_SCRIPT\"></style>"*/
+	const char* this_style=NULL;
-	int css_type_len = 49;
+	size_t concat_len=0, concat_size=0;
-
+	char* concat_style=NULL;
-	char* head_string=NULL;
+	char* insert_from=NULL;
-
+	size_t offset=0;
 	if (0==strcasecmp(type, "css"))
 	{
 		target_size = in_sz+strlen(stype)+1+css_type_len;
 		target = ALLOC(char, target_size + 1);
 	}
 	if (0==strcasecmp(type, "js"))
 	{
 		target_size = in_sz+strlen(stype)+1+js_type_len;
 		target = ALLOC(char, target_size + 1);
 	}
 	if (insert_on != NULL && 0==strcasecmp(insert_on, "after-page-load"))
 	{
-		memcpy(position, "</body>", sizeof(position));
+		insert_from=strstr(in, "</body>");
 	}
-	head_string=strstr(in, position);
+	else
 	if (head_string != NULL)
 	{
-		strncat(target, in, MIN((unsigned int)(head_string-in), target_size));
+		insert_from=strstr(in, "</head>");
-		size_t style_len = 0; char *style_msg = NULL;
+	}
-		if (0==strcasecmp(type, "js"))
+	if(!insert_from)
-		{
+	{
-			style_len = strlen(stype)+1+js_type_len;
+		return 0;
-			style_msg = ALLOC(char, style_len);
+	}
 			snprintf(style_msg, style_len, "<script type=\"text/javascript\" class=\"RQ_SCRIPT\">%s</script>", stype);
 		}
 		if (0==strcasecmp(type, "css"))
 		{
 			style_len = strlen(stype)+1+css_type_len;
 			style_msg = ALLOC(char, style_len);
 			snprintf(style_msg, style_len, "<style type=\"text/css\" class=\"RQ_SCRIPT\">%s</style>", stype);
 		}
-		strncat(target, style_msg, MIN(style_len, target_size));
+	if (0==strcasecmp(type, "css"))
 		free(style_msg);
 		style_msg = NULL;
 		strncat(target, head_string, (target_size - (head_string-in) - style_len));
 		target[target_size-1] = '\0';
 		outlen = target_size;
 		*out = target;
 	}else
 	{
-		free(target);
+		this_style=css_style;
 		target = NULL;
 		outlen = 0;
 	}
-	return outlen;
+	else if (0==strcasecmp(type, "js"))
 	{
 		this_style=js_style;
 	}
 	else
 	{
 		assert(0);
 	}
 	concat_size = strlen(script)+1+strlen(this_style);
 	concat_style = ALLOC(char, concat_size);
 	concat_len=snprintf(concat_style, concat_size,
 						this_style,
 						script);
 	target_size = in_sz+concat_len;
 	target = ALLOC(char, target_size);
 	assert((unsigned int)(insert_from-in) <= target_size);
 	offset=0;
 	memcpy(target+offset, in, insert_from-in);
 	offset+=insert_from-in;
 	memcpy(target+offset, concat_style, concat_len);
 	offset+=concat_len;
 	memcpy(target+offset, insert_from, in_sz-(insert_from-in));
 	offset+=in_sz-(insert_from-in);
 	assert(target_size==offset+1);
 	free(concat_style);
 	concat_style = NULL;
 	*out=target;
 	return target_size;
 }
 size_t execute_insert_rule(char * in, size_t in_sz, const struct insert_rule * rules, char** out)
 {
-	return insert_string(in, in_sz, rules->position, rules->stype, rules->type, out);
+	return insert_string(in, in_sz, rules->position, rules->script, rules->type, out);
 }
 void simple_replace(const char* find, const char* replacement, const char* input, size_t in_sz, char** output, size_t *output_sz)
--- a/plugin/business/pangu-http/src/pattern_replace.h
+++ b/plugin/business/pangu-http/src/pattern_replace.h
@@ -23,7 +23,7 @@ struct replace_rule
 struct insert_rule
 {
-    char * stype;
+    char * script;
    char * type;
    char * position;
 };
--- a/plugin/protocol/http2/src/http2_stream.cpp
+++ b/plugin/protocol/http2/src/http2_stream.cpp
@@ -629,6 +629,7 @@ tfe_half_private_init(enum tfe_http_direction direction, int32_t stream_id,
 	memset(half_private, 0, sizeof(struct http2_half_private));
 	half_private->half_public.direction = direction;
 	half_private->half_public.major_version = 2;
 	half_private->half_public.ops = &h2_half_ops;
 	headers_init(&half_private->headers);
--- a/resource/pangu/table_info.conf
+++ b/resource/pangu/table_info.conf
@@ -28,7 +28,7 @@
 10	PXY_CACHE_GROUP	group	--
 11	PXY_CACHE_HTTP_URL	expr	UTF8	UTF8	yes	0	quickoff
 12	PXY_CACHE_HTTP_COOKIE	expr	UTF8	UTF8	yes	0	quickoff
-13	PXY_OBJ_TRUSTED_CA_CERT	plugin	{"valid":4,"foreign":"3"}
+13	PXY_PROFILE_TRUSTED_CA_CERT	plugin	{"valid":4,"foreign":"3"}
 14	PXY_OBJ_TRUSTED_CA_CRL	plugin	{"valid":4,"foreign":"3"}
 15	PXY_PROFILE_RESPONSE_PAGES plugin	{"key":1,"valid":5}
 16	PXY_PROFILE_HIJACK_FILES   plugin	{"key":1,"valid":5}