tango-tsg-master/src/tsg_entry.cpp

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <sys/time.h>
#include <unistd.h>

#include <MESA/rdp.h>
#include <MESA/http.h>
#include <MESA/ftp.h>
#include <MESA/ssl.h>
#include <MESA/mail.h>
#include <MESA/quic.h>
#include <MESA/sip.h>
#include <MESA/stratum.h>
#include <MESA/dtls.h>
#include <MESA/maat.h>
#include <MESA/stream.h>
#include <MESA/MESA_prof_load.h>
#include <MESA/MESA_handle_logger.h>
#include <MESA/MESA_jump_layer.h>

#include "app_label.h"
#include "tsg_rule.h"
#include "tsg_entry.h"
#include "tsg_send_log.h"
#include "tsg_statistic.h"
#include "tsg_send_log_internal.h"
#include "tsg_ssl_utils.h"
#include "tsg_ssh_utils.h"
#include "tsg_rule_internal.h"
#include "tsg_protocol_common.h"
#include "tsg_sync_state.h"
#include "tsg_proxy.h"
#include "tsg_bridge.h"

#ifdef __cplusplus
extern "C"
{
#endif

#define GIT_VERSION_CATTER(v) __attribute__((__used__)) const char * GIT_VERSION_##v = NULL
#define GIT_VERSION_EXPEND(v) GIT_VERSION_CATTER(v)

/* VERSION TAG */
#ifdef GIT_VERSION
GIT_VERSION_EXPEND(GIT_VERSION);
#else
static __attribute__((__used__)) const char * GIT_VERSION_UNKNOWN = NULL;
#endif
#undef GIT_VERSION_CATTER
#undef GIT_VERSION_EXPEND

#ifdef __cplusplus
}
#endif

char TSG_MASTER_VERSION_20200805 = 0;
const char *tsg_conffile="tsgconf/main.conf";

struct id2field g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
										 {0, TSG_FS2_UDP_LINKS, "udp_links"}, 
										 {0, TSG_FS2_BYPASS, "bypass"},
										 {0, TSG_FS2_HIT_ADDR, "hit_addr"},
										 {0, TSG_FS2_HIT_SHARE, "hit_share"},
										 {0, TSG_FS2_INTERCEPT, "intercept"},
										 {0, TSG_FS2_SHAPING, "shaping"},
										 {0, TSG_FS2_S_CHAINING, "s_chaining"},
										 {0, TSG_FS2_CTRL_OPENING, "ctrl_open"},
										 {0, TSG_FS2_CTRL_CLOSING, "ctrl_close"},
										 {0, TSG_FS2_CTRL_ACTIVE, "ctrl_active"},
										 {0, TSG_FS2_CTRL_RESETALL, "ctrl_rstall"},
										 {0, TSG_FS2_INJECT_CTRL_SUCCESS, "inject_ctrl_succuess"},
										 {0, TSG_FS2_INJECT_CTRL_FAILED, "inject_ctrl_failed"},
										 {0, TSG_FS2_EXCLUSION, "exclusion"},
										 {0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
										 {0, TSG_FS2_APP_Q_RESULT, "Q_result"},
										 {0, TSG_FS2_APP_USER_RESULT, "U_result"},
										 {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"},
										 {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"},
										 {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"},
										 {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"},
										 {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"},
										 {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
										 {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"},
										 {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"},
										 {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"},
										 {0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"},
										 {0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"},
										 {0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"},
										 {0, TSG_FS2_ASN_ADD, "asn_add"},
										 {0, TSG_FS2_ASN_DEL, "asn_del"},
										 {0, TSG_FS2_GTPC_ADD, "gtpc_add"},
										 {0, TSG_FS2_GTPC_DEL, "gtpc_del"},
										 {0, TSG_FS2_LOCATION_ADD, "location_add"},
										 {0, TSG_FS2_LOCATION_DEL, "location_del"},
										 {0, TSG_FS2_FQDN_ADD, "fqdn_add"},
										 {0, TSG_FS2_FQDN_DEL, "fqdn_del"},
										 {0, TSG_FS2_SUBSCRIBER_ADD, "subscriber_add"},
										 {0, TSG_FS2_SUBSCRIBER_DEL, "subscriber_del"},
										 {0, TSG_FS2_SECURIRY_ADD, "security_add"},
										 {0, TSG_FS2_SECURIRY_DEL, "security_del"},
										 {0, TSG_FS2_MIRRORED_ADD, "mirrored_add"},
										 {0, TSG_FS2_MIRRORED_DEL, "mirrored_del"},
										 {0, TSG_FS2_HTTP_RES_ADD, "http_res_add"},
										 {0, TSG_FS2_HTTP_RES_DEL, "http_res_del"},
										 {0, TSG_FS2_DNS_RES_ADD, "dns_profile_add"},
										 {0, TSG_FS2_DNS_RES_DEL, "dns_profile_del"},
										 {0, TSG_FS2_APP_ID_ADD, "app_id_add"},
										 {0, TSG_FS2_APP_ID_DEL, "app_id_del"},
										 {0, TSG_FS2_TUNNEL_CATALOG_ADD, "t_catalog_add"},
										 {0, TSG_FS2_TUNNEL_CATALOG_DEL, "t_catalog_del"},
										 {0, TSG_FS2_TUNNEL_ENDPOINT_ADD, "t_endpoint_add"},
										 {0, TSG_FS2_TUNNEL_ENDPOINT_DEL, "t_endpoint_del"},
										 {0, TSG_FS2_TUNNEL_LABEL_ADD, "t_label_add"},
										 {0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"}
										};

static int init_page_template(const char *conffile)
{
	char page_path[256];
	memset(page_path, 0, sizeof(page_path));
	MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE403", page_path, sizeof(page_path), "./tsgconf/HTTP403.html");
	g_tsg_para.tpl_403 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);
	
	memset(page_path, 0, sizeof(page_path));
	MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE404", page_path, sizeof(page_path), "./tsgconf/HTTP404.html");
	g_tsg_para.tpl_404 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);

	memset(page_path, 0, sizeof(page_path));
	MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE200", page_path, sizeof(page_path), "./tsgconf/HTTP200.html");
	g_tsg_para.tpl_200 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);

	memset(page_path, 0, sizeof(page_path));
	MESA_load_profile_string_def(conffile, "HTTP_PLUG", "PAGE204", page_path, sizeof(page_path), "./tsgconf/HTTP204.html");
	g_tsg_para.tpl_204 = ctemplate::Template::GetTemplate(page_path, ctemplate::DO_NOT_STRIP);

	return 0;
}

static int init_fs2_handle(const char *conffile)
{
	int value=0,cycle=0;
	int output_prometheus=0;
	unsigned short fs_server_port=0;
	char app_name[128]={0};
	char fs_server_ip[MAX_IPV4_LEN]={0};
	char fs_output_path[128]={0};

	MESA_load_profile_int_def(conffile, "FIELD_STAT", "CYCLE", &cycle, 30);
	MESA_load_profile_short_nodef(conffile, "FIELD_STAT","TELEGRAF_PORT", (short *)&(fs_server_port));
	MESA_load_profile_string_nodef(conffile,"FIELD_STAT","TELEGRAF_IP",fs_server_ip, sizeof(fs_server_ip));
	MESA_load_profile_string_def(conffile,"FIELD_STAT","OUTPUT_PATH",fs_output_path, sizeof(fs_output_path), "tsg_stat.log");
	MESA_load_profile_string_def(conffile,"FIELD_STAT","APP_NAME", app_name, sizeof(app_name), "tsg_master");
	MESA_load_profile_int_def(conffile, "FIELD_STAT", "PROMETHEUS", &output_prometheus, 1);

	g_tsg_para.fs2_handle=FS_create_handle();

	value=1;//Rewrite
	FS_set_para(g_tsg_para.fs2_handle, PRINT_MODE, &value, sizeof(value));
	value=1;//Do not create stat thread
	FS_set_para(g_tsg_para.fs2_handle, CREATE_THREAD, &value, sizeof(value));
	
    FS_set_para(g_tsg_para.fs2_handle, STAT_CYCLE, &cycle, sizeof(cycle));
    FS_set_para(g_tsg_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1);
	FS_set_para(g_tsg_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);

	value=1;
	FS_set_para(g_tsg_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));

    if(fs_server_port > 0 && strlen(fs_server_ip) > 0)
    {
        FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_IP,fs_server_ip, strlen(fs_server_ip)+1);
        FS_set_para(g_tsg_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port));
    }

	value=FS_OUTPUT_INFLUX_LINE;
	FS_set_para(g_tsg_para.fs2_handle, STATS_FORMAT, &value, sizeof(value));

	for(int i=0; i<TSG_FS2_MAX; i++)
	{
		g_tsg_para.fs2_field_id[i]=FS_register(g_tsg_para.fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_tsg_fs2_field[i].name);
	}

	return 0;
}

static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
{
	int flags=0;
	
	FILE *fp=fopen(filename, "rb");
	if(fp)
	{
		char buff[4096]={0};
		int ret=fread(buff, sizeof(buff), 1, fp);
		if(ret<(int)sizeof(buff))
		{
			cJSON *object=cJSON_Parse(buff);
			if(object)
			{
				cJSON *item=cJSON_GetObjectItem(object, "sn");
				if(item && item->valuestring!=NULL && device_sn_len>(int)strlen(item->valuestring))
				{
					flags=1;
					memcpy(device_sn, item->valuestring, strlen(item->valuestring));
				}
				cJSON_Delete(object);
				object=NULL;
			}
		}

		fclose(fp);
		fp=NULL;
	}

	return flags;
}

static int set_app_timeout(const struct streaminfo *a_stream, struct app_id_dict *dict, unsigned short *timeout)
{
	if(a_stream==NULL || dict==NULL)
	{
		return 0;
	}
	
	switch(a_stream->type)
	{
		case	STREAM_TYPE_TCP:
			if((*timeout) >= dict->tcp_timeout)
			{
				return 0;
			}
			
			*timeout=dict->tcp_timeout;
			break;
		case	STREAM_TYPE_UDP:
			if((*timeout) >= dict->udp_timeout)
			{
				return 0;
			}
			
			*timeout=dict->udp_timeout;
			break;
		default:
			return 0;
	}
	
	int ret=MESA_set_stream_opt(a_stream, MSO_TIMEOUT, (void *)timeout, sizeof(unsigned short));
	if(ret<0)
	{
		FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_FAILED], 0, FS_OP_ADD, 1);
	}
	else
	{
		FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SET_TIMOUT_SUCCESS], 0, FS_OP_ADD, 1);
	}
	
	return 1;
}

static int get_device_id(char *command, int datacenter_id)
{
	FILE *fp=NULL; 
	char buffer[128]={0};

	fp=popen(command, "r"); 
	if(fp)
	{
		fgets(buffer,sizeof(buffer),fp); 
    	pclose(fp);
	}
	
	return (datacenter_id<<7)+(atoi(buffer)%128);
}

static int get_deploy_mode(void)
{
	char s_mode[128]={0};
	int len=sizeof(s_mode);
	int ret=sapp_get_platform_opt(SPO_DEPLOYMENT_MODE_STR, s_mode, &len);
	if(ret>=0)
	{
		if((memcmp(s_mode, "mirror", strlen(s_mode)))==0 || (memcmp(s_mode, "dumpfile", strlen(s_mode)))==0)
		{
			g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
		}
		else if((memcmp(s_mode, "inline", strlen(s_mode)))==0)
		{
			g_tsg_para.deploy_mode=DEPLOY_MODE_INLINE;
		}
		else if((memcmp(s_mode, "transparent", strlen(s_mode)))==0)
		{
			g_tsg_para.deploy_mode=DEPLOY_MODE_TRANSPARENT;
		}
		else
		{
			g_tsg_para.deploy_mode=DEPLOY_MODE_MIRROR;
		}
	}

	return 0;
}

static char get_direction(const struct streaminfo *a_stream)
{
	int i_or_e=0;
	char direction=0;

	i_or_e=MESA_dir_link_to_human(a_stream->routedir);
	switch(a_stream->curdir)
	{
		case	DIR_C2S:
			if(i_or_e=='E' || i_or_e=='e')
			{
				direction='E';	 //Internal to External
			}
			else
			{
				direction='I';	 //External to Internal
			}
			break;
		case	DIR_S2C:
			if(i_or_e=='E' || i_or_e=='e')
			{
				direction='I';
			}
			else
			{
				direction='E';
			}
			break;
		default:
			break;
	}

	return direction;
}

static int is_only_monitor(struct maat_rule *result, int hit_cnt)
{
	int i=0;

	for(i=0; i<hit_cnt; i++)
	{
		//if(result[i].action==TSG_ACTION_BYPASS || result[i].action==TSG_ACTION_INTERCEPT || result[i].action==TSG_ACTION_DENY)
		if(result[i].action>TSG_ACTION_MONITOR)
		{
			return 0;
		}
	}

	return 1;
}

static int is_dns_protocol(const struct streaminfo *a_stream)
{
	struct stream_tuple4_v4 *tpl4 = NULL;
	struct stream_tuple4_v6 *tpl6 = NULL;

	if(a_stream->pudpdetail==NULL || a_stream->pudpdetail->pdata==NULL || a_stream->pudpdetail->datalen<12)
	{
		return 0;
	}
	
	switch(a_stream->addr.addrtype)
	{
		case ADDR_TYPE_IPV4:
			tpl4=a_stream->addr.tuple4_v4;
			if((ntohs(tpl4->source)!=53) && (ntohs(tpl4->dest)!=53))
			{
				return 0;
			}
			break;
		case ADDR_TYPE_IPV6:
			tpl6=a_stream->addr.tuple4_v6;
			if((ntohs(tpl6->source)!=53) && (ntohs(tpl6->dest)!=53))
			{
				return 0;
			}
			break;
		default:
			return 0;
			break;
	}

	struct _dns_hdr *dns_hdr=(struct _dns_hdr *)(a_stream->pudpdetail->pdata);
	if(dns_hdr->qdcount==1 && dns_hdr->z==0)
	{
		return 1;
	}

	return 0;
}

static int is_deny_application(struct maat_rule *p_result)
{
	struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id);
	if(maat_compile==NULL || maat_compile->user_region==NULL)
	{
		return 0;
	}

	if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_APP_DROP)
	{
		plugin_ex_data_security_compile_free(maat_compile);
		return 1;
	}
	
	return 0;
}

static int is_deny_after_N_packets(struct maat_rule *p_result)
{
	struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, p_result->rule_id);
	if(maat_compile==NULL || maat_compile->user_region==NULL)
	{
		return 0;
	}

	if(maat_compile->user_region->method_type!=TSG_METHOD_TYPE_APP_DROP && maat_compile->user_region->method_type!=TSG_METHOD_TYPE_DROP)
	{
		return 0;
	}

	if(maat_compile->user_region->deny!=NULL && maat_compile->user_region->deny->after_n_packets>0)
	{
		plugin_ex_data_security_compile_free(maat_compile);
		return 1;
	}

	return 0;
}

static int get_raw_packet_len(const struct streaminfo *a_stream)
{
	int raw_packet_len=0;

	if(a_stream->type==STREAM_TYPE_TCP)
	{
		if(a_stream->ptcpdetail==NULL || a_stream->ptcpdetail->pdata==NULL || a_stream->ptcpdetail->datalen==0)
		{
			return 0;
		}
	}
	
	int ret=get_rawpkt_opt_from_streaminfo(a_stream, RAW_PKT_GET_TOT_LEN, &raw_packet_len);
	if(ret<0)
	{
		return 0;
	}

	return raw_packet_len;
}

static int get_default_para(const struct streaminfo *a_stream)
{
	int after_n_packets=0;
	long long compile_id=tsg_default_compile_id_get();
	struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, compile_id);
	if(maat_compile!=NULL && maat_compile->user_region!=NULL && maat_compile->user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
	{
		if(maat_compile->user_region->session_para!=NULL && maat_compile->user_region->session_para->result.action==TSG_ACTION_DENY)
		{
			switch(a_stream->type)
			{
				case	STREAM_TYPE_TCP:
					after_n_packets=maat_compile->user_region->session_para->tcp.after_n_packets;
					break;
				case	STREAM_TYPE_UDP:
					after_n_packets=maat_compile->user_region->session_para->udp.after_n_packets;
					break;
				default:
					break;
			}
		}
		
		plugin_ex_data_security_compile_free(maat_compile);
	}

	return after_n_packets;
}

static int get_default_policy(struct maat_rule *result)
{
	long long compile_id=tsg_default_compile_id_get();
	struct maat_compile *maat_compile=(struct maat_compile *)matched_rule_cites_security_compile(g_tsg_maat_feather, compile_id);
	if(maat_compile!=NULL && maat_compile->user_region!=NULL)
	{
		if(maat_compile->user_region->method_type==TSG_METHOD_TYPE_DEFAULT)
		{
			if(maat_compile->user_region->session_para!=NULL && maat_compile->user_region->session_para->result.action==TSG_ACTION_DENY)
			{
				memcpy(result, &(maat_compile->user_region->session_para->result), sizeof(struct maat_rule));
			}
			
			plugin_ex_data_security_compile_free(maat_compile);
			return 1;
		}
		
		plugin_ex_data_security_compile_free(maat_compile);
	}

	return 0;
}

static int get_packet_sequence(const struct streaminfo *a_stream)
{
	unsigned int packet_sequence=0;
	unsigned long long value=0;
	int value_len=sizeof(unsigned long long);

	value=0;
	MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&value, &value_len);
	packet_sequence+=(unsigned int)value;

	value=0;
	MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len);
	packet_sequence+=(unsigned int)value;

	return packet_sequence;
}

static int is_do_default_policy(const struct streaminfo *a_stream, int after_n_packets)
{
	if(after_n_packets<=0 || a_stream->pdetail==NULL)
	{
		return 0;
	}

	switch(a_stream->type)
	{
		case	STREAM_TYPE_TCP:
			if((int)(a_stream->ptcpdetail->clientpktnum+a_stream->ptcpdetail->serverpktnum) >= after_n_packets)
			{
				return 1;
			}
			break;
		case	STREAM_TYPE_UDP:
			if((int)(a_stream->pudpdetail->clientpktnum+a_stream->pudpdetail->serverpktnum) >= after_n_packets)
			{
				return 1;
			}
			break;
		default:
			break;
	}

	return 0;
}

static int protocol_name2flag(char *proto_list, int *flag)
{
	char *e=NULL;
	char *s=proto_list;
	while(s)
	{
		e=index(s, ';');
		if(!e)
		{
			break;
		}

		for(int i=0; i< PROTO_MAX; i++)
		{
			if((strncasecmp(s, g_tsg_proto_name2id[i].name, e-s))==0)
			{
				*flag|=(1<<g_tsg_proto_name2id[i].type);
				break;
			}
		}
		
		s=e+1;
	}

	return 0;
}

static char *malloc_copy_string(char *origin, int length, int thread_seq)
{
	if(length<=0 && origin==NULL)
	{
		return NULL;
	}
	
	char *dest=(char *)dictator_malloc(thread_seq, length+1);
	memcpy(dest, origin, length);
	dest[length]='\0';

	return dest;
}

int device_id_set_telegraf(char *device_sn)
{
	if(device_sn)
	{
		FILE *fp=fopen("/etc/default/telegraf", "wb");
		if(fp)
		{
			char buff[128]={0};
			snprintf(buff, sizeof(buff), "device_id=\"%s\"\n", device_sn);
			fwrite(buff, strlen(buff), 1, fp);
			fclose(fp);
			fp=NULL;
			return 0;
		}
	}

	return -1;
}

int app_gather_results_update(struct gather_app_result *gather_result, struct app_identify_result *identify_result, int packet_sequence)
{
	gather_result->app_num=0;
	for(int i=0; (i < identify_result->app_id_num) && i<MAX_APP_ID_NUM && (gather_result->app_num < MAX_APP_ID_NUM); i++)
	{		
		gather_result->origin=identify_result->origin;
		gather_result->attributes[i].app_id=identify_result->app_id[i];
		gather_result->attributes[i].surrogate_id=identify_result->surrogate_id[i];
		gather_result->attributes[i].packet_sequence=packet_sequence;
		gather_result->app_num++;
	}

	return 0;
}

static int l7_protocol_mapper_init(const char *conffile)
{
	int ret=0;
	FILE *fp=NULL;
	char line[1024]={0};
	char type_name[32]={0};
	char filename[128]={0};
	struct l7_protocol *protocol=NULL;
	
	MESA_load_profile_string_def(conffile, "SYSTEM", "L7_PROTOCOL_FILE", filename, sizeof(filename), "./tsgconf/tsg_l7_protocol.conf");

	fp=fopen(filename, "r");
	if(fp==NULL)
	{
		printf("Open %s failed ...", filename);
		return -1;
	}
	
	memset(line, 0, sizeof(line));

	while((fgets(line, sizeof(line), fp))!=NULL)
	{
		if(line[0]=='#' || line[0]=='\n' || line[0]=='\r' ||line[0]=='\0')
		{
			continue;
		}
		
	    protocol=(struct l7_protocol *)calloc(1, sizeof(struct l7_protocol));
		ret=sscanf(line, "%31s %31s %d", type_name, protocol->name, &protocol->id);
		assert(ret==3);

	    HASH_ADD(hh1, g_tsg_para.name_by_id, id, sizeof(int), protocol);
	    HASH_ADD(hh2, g_tsg_para.id_by_name, name, strlen(protocol->name), protocol);
		
		memset(line, 0, sizeof(line));
	}

	fclose(fp);
	fp=NULL;

	return 1;
}

static int srt_process_context_set_l7_protocol(struct session_runtime_process_context *srt_process_context, unsigned int app_id)
{
	const char *l7_protocol_name=tsg_l7_protocol_id2name(app_id);
	if(l7_protocol_name!=NULL)
	{
		for(int i=PROTO_HTTP; i<PROTO_MAX; i++)
		{
			if((strcasecmp(g_tsg_proto_name2id[i].name, l7_protocol_name))==0)
			{
				srt_process_context->proto=(enum TSG_PROTOCOL)g_tsg_proto_name2id[i].type;
				return 1;
			}
		}
	}
	
	srt_process_context->proto=PROTO_APP;

	return 0;
}

/*
	L7(openvpn), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
	L7(openvpn), appSketch(psiphon), Thrid(openvpn.qq_web.wechat) = openvpn.psiphon
	L7(openvpn), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.psiphon
	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.wechat) = openvpn.ssl.psiphon
	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn) = openvpn.ssl.psiphon
	L7(openvpn.ssl), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
	L7(null), appSketch(psiphon), Thrid(openvpn.ssl.wechat) = openvpn.ssl.psiphon
	L7(null), appSketch(psiphon), Thrid(wechat) = psiphon
	L7(null), appSketch(null), Thrid(openvpn.ssl.wechat) = openvpn.ssl.wechat
	L7(null), appSketch(null), Thrid(null) = unknown
*/

static int session_qm_result_l7_protocol_split(struct gather_app_result *qm_result, struct gather_app_result *qm_l7_result)
{
	int i=0;
	for(i=qm_result->app_num; i>0; i--)
	{
		if(tsg_l7_protocol_id2name(qm_result->attributes[i-1].app_id))
		{
			break;
		}
	}

	qm_l7_result->app_num=i;
	qm_l7_result->origin=ORIGIN_QM_ENGINE_L7;
	memcpy(qm_l7_result->attributes, qm_result->attributes, sizeof(struct app_attributes)*i);

	return 0;
}

static unsigned int get_max_app_id(struct gather_app_result *result)
{
	int i=0;
	unsigned int max_app_id=0; 

	for(i=0; i< result->app_num; i++)
	{
		if(max_app_id < result->attributes[i].app_id)
		{
			max_app_id=result->attributes[i].app_id;
		}
	}

	return max_app_id;
}

static unsigned int get_lastest_app_id(struct gather_app_result *result)
{
	if(result->app_num>0)
	{
		return result->attributes[result->app_num-1].app_id;
	}

	return 0;
}

/*
** Engine1 1.2 Engine2 1   -> 1.2
** Engine1 1.2 Engine2 1.3 -> 1.2
** Engine1 1   Engine2 1.2 -> 1.2
** Engine1 2   Engine2 1.2 -> 1.2
** Engine1 1   Engine2 2.3 -> 1
** Engine1 1   Engine2 2   -> 1
*/

static int copy_app_id(struct app_attributes *result, int result_num, unsigned int *combined_array, int combined_array_num)
{
	int i=0;
	for(i=0; i<result_num && i<combined_array_num; i++)
	{
		combined_array[i]=result[i].app_id;
	}

	return i;
}

#define	COMBINED_APP_ID_NUM	MAX_APP_ID_NUM*2
int session_application_full_path_combine(struct gather_app_result *result, char *out_full_path, int out_full_path_len)
{
	int offset=0,combined_num=0;
	unsigned int combined_array[COMBINED_APP_ID_NUM]={0};

	if(result[ORIGIN_BASIC_PROTOCOL].app_num>0)
	{
		combined_num+=copy_app_id(result[ORIGIN_BASIC_PROTOCOL].attributes, result[ORIGIN_BASIC_PROTOCOL].app_num, combined_array, COMBINED_APP_ID_NUM);
	}
	else
	{
		combined_num+=copy_app_id(result[ORIGIN_QM_ENGINE_L7].attributes, result[ORIGIN_QM_ENGINE_L7].app_num, combined_array, COMBINED_APP_ID_NUM);
	}

	if(result[ORIGIN_HITED_APP].app_num > 0)
	{
		combined_array[combined_num]=get_lastest_app_id(&(result[ORIGIN_HITED_APP]));
		combined_num+=1;
	}
	else if(result[ORIGIN_USER_DEFINE].app_num>0)
	{
		if(combined_num<COMBINED_APP_ID_NUM)
		{
			combined_array[combined_num]=get_max_app_id(&(result[ORIGIN_USER_DEFINE]));
			combined_num+=1;
		}
	}
	else if(result[ORIGIN_BUILT_IN].app_num>0)	
	{
		combined_num+=copy_app_id(result[ORIGIN_BUILT_IN].attributes, result[ORIGIN_BUILT_IN].app_num, combined_array+combined_num, COMBINED_APP_ID_NUM-combined_num);	
	}
	else if(result[ORIGIN_QM_ENGINE].app_num-result[ORIGIN_QM_ENGINE_L7].app_num > 0)
	{
		combined_num+=copy_app_id(  result[ORIGIN_QM_ENGINE].attributes + result[ORIGIN_QM_ENGINE_L7].app_num,
									result[ORIGIN_QM_ENGINE].app_num - result[ORIGIN_QM_ENGINE_L7].app_num, 
									combined_array+combined_num,
									COMBINED_APP_ID_NUM-combined_num
								);
	}

	if(combined_num==0)
	{
		offset=tsg_get_app_name_by_id(g_tsg_maat_feather, result[ORIGIN_UNKNOWN].attributes[0].app_id, out_full_path, out_full_path_len, 0);
		if(offset>0)
		{
			return offset;
		}

		return 0;
	}

	for(int i=0; i<combined_num; i++)
	{
		offset+=tsg_get_app_name_by_id(g_tsg_maat_feather, combined_array[i], out_full_path+offset, out_full_path_len-offset, 0);
		if(offset>0)
		{
			out_full_path[offset++]='.';
		}
	}

	if(offset>0)
	{
		out_full_path[offset-1]='\0';
	}

	return offset;
}

int session_application_full_path_update(const struct streaminfo *a_stream, char *app_full_path, int app_full_path_len)
{
	struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
	if(gather_result!=NULL)
	{
		session_qm_result_l7_protocol_split(&(gather_result[ORIGIN_QM_ENGINE]), &(gather_result[ORIGIN_QM_ENGINE_L7]));
		session_application_full_path_combine(gather_result, app_full_path, app_full_path_len);
	}
	else
	{
		tsg_get_app_name_by_id(g_tsg_maat_feather, tsg_unknown_app_id_get(g_tsg_log_instance), app_full_path, app_full_path_len, 0);
	}

	return 1;
}

static const char *session_addr_type_string_convert(UCHAR addrtype)
{
	switch (addrtype)
	{
		case ADDR_TYPE_IPV4:
		case __ADDR_TYPE_IP_PAIR_V4:
			return ".IPv4";
		case ADDR_TYPE_IPV6:
		case __ADDR_TYPE_IP_PAIR_V6:
			return ".IPv6";
		case ADDR_TYPE_VLAN:
			return ".VLAN";
		case ADDR_TYPE_MAC:
			return ".ETHERNET";
		case ADDR_TYPE_ARP:
			return ".ARP";
		case ADDR_TYPE_GRE:
			return ".GRE";
		case ADDR_TYPE_MPLS:
			return ".MPLS";
		case ADDR_TYPE_PPPOE_SES:
			return ".PPPOE";
		case ADDR_TYPE_TCP:
			return ".TCP";
		case ADDR_TYPE_UDP:
			return ".UDP";
		case ADDR_TYPE_L2TP:
			return ".L2TP";
		case ADDR_TYPE_PPP:
			return ".PPP";
		case ADDR_TYPE_PPTP:
			return ".PPTP";
		case ADDR_TYPE_MAC_IN_MAC:
			return ".MAC_IN_MAC";
		case ADDR_TYPE_GPRS_TUNNEL:
			return ".GTP";
		case ADDR_TYPE_VXLAN:
			return ".VXLAN";
		default:
			return NULL;
	}
}

#define MAX_L4_PROTOCOL_STR_LEN 512
char *session_l4_protocol_label_update(const struct streaminfo *a_stream, char **l4_protocol)
{
	if(*l4_protocol!=NULL || a_stream == NULL)
	{
		return *l4_protocol;
	}

	const char *l4_protocol_str = NULL;
	int combined_l4_protocol_offset=MAX_L4_PROTOCOL_STR_LEN;
	char combined_l4_protocol_str[MAX_L4_PROTOCOL_STR_LEN]={0};
	struct streaminfo *cur_stream = (struct streaminfo *)a_stream;

	while (cur_stream != NULL)
	{
		switch (cur_stream->type)
		{
			case STREAM_TYPE_TCP:
				if (cur_stream->addr.addrtype == ADDR_TYPE_IPV4)
				{
					l4_protocol_str = ".IPv4.TCP";
				}
				else if (cur_stream->addr.addrtype == ADDR_TYPE_IPV6)
				{
					l4_protocol_str = ".IPv6.TCP";
				}
				break;
			case STREAM_TYPE_UDP:
				if (cur_stream->addr.addrtype == ADDR_TYPE_IPV4)
				{
					l4_protocol_str = ".IPv4.UDP";
				}
				else if (cur_stream->addr.addrtype == ADDR_TYPE_IPV6)
				{
					l4_protocol_str = ".IPv6.UDP";
				}
				break;
			case STREAM_TYPE_VLAN:
				l4_protocol_str = ".VLAN"; break;
			case STREAM_TYPE_PPPOE:
				l4_protocol_str = ".PPPOE"; break;
			case STREAM_TYPE_L2TP:
				l4_protocol_str = ".L2TP"; break;
			case STREAM_TYPE_OPENVPN:
				l4_protocol_str = ".OpenVPN"; break;
			case STREAM_TYPE_PPTP:
				l4_protocol_str = ".PPTP"; break;
			case STREAM_TYPE_NON:
			case STREAM_TYPE_ISAKMP:
				l4_protocol_str = session_addr_type_string_convert(cur_stream->addr.addrtype);
				break;
			// SOCKS4 SOCKS5 HTTP
			default:
				continue;
		}

		int n_l4_protocol_str = strlen(l4_protocol_str);
		if (n_l4_protocol_str!=0)
		{
			if (combined_l4_protocol_offset - n_l4_protocol_str < 0)
			{
				break;
			}
			memcpy(combined_l4_protocol_str+combined_l4_protocol_offset-n_l4_protocol_str, l4_protocol_str, n_l4_protocol_str);
			combined_l4_protocol_offset-=n_l4_protocol_str;
			l4_protocol_str=NULL;
		}

		cur_stream = cur_stream->pfather;
	}

	if(combined_l4_protocol_offset>0 && combined_l4_protocol_offset<MAX_L4_PROTOCOL_STR_LEN)
	{
		int l4_protocol_len=MAX_L4_PROTOCOL_STR_LEN-combined_l4_protocol_offset-1;
		*l4_protocol=(char *)malloc(l4_protocol_len+1);
		memcpy(*l4_protocol, combined_l4_protocol_str+combined_l4_protocol_offset+1, l4_protocol_len); // +1 for del "."
		(*l4_protocol)[l4_protocol_len]='\0';
	}
	
	return *l4_protocol;
}


int session_calculate_udp_packets_increment(const struct streaminfo *a_stream, struct traffic_packet_info *last_value, struct traffic_packet_info *increment)
{
	struct udp_flow_stat *uflow_stat = (struct udp_flow_stat *)project_req_get_struct(a_stream, g_tsg_log_instance->udp_flow_project_id);
	if (uflow_stat == NULL)
	{
		return -1;
	}

	increment->c2s_pkts = uflow_stat->C2S_pkt - last_value->c2s_pkts;
	last_value->c2s_pkts = uflow_stat->C2S_pkt;

	increment->s2c_pkts = uflow_stat->S2C_pkt - last_value->s2c_pkts;
	last_value->s2c_pkts = uflow_stat->S2C_pkt;

	increment->c2s_bytes = uflow_stat->C2S_all_byte_raw - last_value->c2s_bytes;
	last_value->c2s_bytes = uflow_stat->C2S_all_byte_raw;

	increment->s2c_bytes = uflow_stat->S2C_all_byte_raw - last_value->s2c_bytes;
	last_value->s2c_bytes = uflow_stat->S2C_all_byte_raw;

	increment->c2s_fragments = uflow_stat->C2S_ip_fragment_pkt - last_value->c2s_fragments;
	last_value->c2s_fragments = uflow_stat->C2S_ip_fragment_pkt;

	increment->s2c_fragments = uflow_stat->S2C_ip_fragment_pkt - last_value->s2c_fragments;
	last_value->s2c_fragments = uflow_stat->S2C_ip_fragment_pkt;

	return 0;
}

int session_calculate_tcp_packets_increment(const struct streaminfo *a_stream, struct traffic_packet_info *last_value, struct traffic_packet_info *increment)
{
	struct tcp_flow_stat *tflow_stat = (struct tcp_flow_stat *)project_req_get_struct(a_stream, g_tsg_log_instance->tcp_flow_project_id);
	if (tflow_stat == NULL)
	{
		return -1;
	}

	increment->c2s_pkts = tflow_stat->C2S_all_pkt - last_value->c2s_pkts;
	last_value->c2s_pkts = tflow_stat->C2S_all_pkt;

	increment->s2c_pkts = tflow_stat->S2C_all_pkt - last_value->s2c_pkts;
	last_value->s2c_pkts = tflow_stat->S2C_all_pkt;

	increment->c2s_bytes = tflow_stat->C2S_all_byte_raw - last_value->c2s_bytes;
	last_value->c2s_bytes = tflow_stat->C2S_all_byte_raw;

	increment->s2c_bytes = tflow_stat->S2C_all_byte_raw - last_value->s2c_bytes;
	last_value->s2c_bytes = tflow_stat->S2C_all_byte_raw;

	increment->c2s_fragments = tflow_stat->C2S_ip_fragment_pkt - last_value->c2s_fragments;
	last_value->c2s_fragments = tflow_stat->C2S_ip_fragment_pkt;

	increment->s2c_fragments = tflow_stat->S2C_ip_fragment_pkt - last_value->s2c_fragments;
	last_value->s2c_fragments = tflow_stat->S2C_ip_fragment_pkt;

	increment->c2s_tcp_lost_bytes = tflow_stat->C2S_seq_gap_loss_cnt - last_value->c2s_tcp_lost_bytes;
	last_value->c2s_tcp_lost_bytes = tflow_stat->C2S_seq_gap_loss_cnt;

	increment->s2c_tcp_lost_bytes = tflow_stat->S2C_seq_gap_loss_cnt - last_value->s2c_tcp_lost_bytes;
	last_value->s2c_tcp_lost_bytes = tflow_stat->S2C_seq_gap_loss_cnt;

	increment->c2s_tcp_ooorder_pkts = tflow_stat->C2S_ooorder_pkt - last_value->c2s_tcp_ooorder_pkts;
	last_value->c2s_tcp_ooorder_pkts = tflow_stat->C2S_ooorder_pkt;

	increment->s2c_tcp_ooorder_pkts = tflow_stat->S2C_ooorder_pkt - last_value->s2c_tcp_ooorder_pkts;
	last_value->s2c_tcp_ooorder_pkts = tflow_stat->S2C_ooorder_pkt;

	increment->c2s_tcp_retransmitted_pkts = tflow_stat->C2S_retransmission_pkt - last_value->c2s_tcp_retransmitted_pkts;
	last_value->c2s_tcp_retransmitted_pkts = tflow_stat->C2S_retransmission_pkt;

	increment->s2c_tcp_retransmitted_pkts = tflow_stat->S2C_retransmission_pkt - last_value->s2c_tcp_retransmitted_pkts;
	last_value->s2c_tcp_retransmitted_pkts = tflow_stat->S2C_retransmission_pkt;

	increment->c2s_tcp_retransmitted_bytes = tflow_stat->C2S_retransmission_byte - last_value->c2s_tcp_retransmitted_bytes;
	last_value->c2s_tcp_retransmitted_bytes = tflow_stat->C2S_retransmission_byte;

	increment->s2c_tcp_retransmitted_bytes = tflow_stat->S2C_retransmission_byte - last_value->s2c_tcp_retransmitted_bytes;
	last_value->s2c_tcp_retransmitted_bytes = tflow_stat->S2C_retransmission_byte;

	return 0;
}

int session_calculate_packets_increment(const struct streaminfo *a_stream, struct traffic_packet_info *last_value, struct traffic_packet_info *increment, int thread_seq)
{
	if (a_stream == NULL || last_value == NULL || increment == NULL)
	{
		return -1;
	}

	unsigned long long value = 0;
	int value_len = sizeof(unsigned long long);

	increment->sessions = 1-last_value->sessions;
	last_value->sessions = 1;

	value = 0;
	MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_BYTE_RAW, (void *)&value, &value_len);
	increment->in_bytes = (uint64_t)value - last_value->in_bytes;
	last_value->in_bytes = (uint64_t)value;

	value = 0;
	MESA_get_stream_opt(a_stream, MSO_TOTAL_INBOUND_PKT, (void *)&value, &value_len);
	increment->in_pkts = (uint64_t)value - last_value->in_pkts;
	last_value->in_pkts = (uint64_t)value;

	value = 0;
	MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_BYTE_RAW, (void *)&value, &value_len);
	increment->out_bytes = (uint64_t)value - last_value->out_bytes;
	last_value->out_bytes = (uint64_t)value;

	value = 0;
	MESA_get_stream_opt(a_stream, MSO_TOTAL_OUTBOUND_PKT, (void *)&value, &value_len);
	increment->out_pkts = (uint64_t)value - last_value->out_pkts;
	last_value->out_pkts = (uint64_t)value;

	switch (a_stream->type)
	{
		case STREAM_TYPE_TCP:
		session_calculate_tcp_packets_increment(a_stream, last_value, increment);
		break;

		case STREAM_TYPE_UDP:
		session_calculate_udp_packets_increment(a_stream, last_value, increment);
		break;

		default:
			break;
	}

	return 0;
}

int session_application_metrics_update(const struct streaminfo *a_stream, struct session_runtime_action_context *srt_action_context, int thread_seq)
{
	if(tsg_get_current_time_ms() - srt_action_context->last_update_metric_time < g_tsg_para.app_metric_update_interval_ms)
	{
		return 0;
	}

	char app_full_path[256]={0};
	struct traffic_packet_info increment_app_statis = {0};
	session_application_full_path_update(a_stream, app_full_path, sizeof(app_full_path));
	char *l4_protocol_string=session_l4_protocol_label_update(a_stream, &srt_action_context->l4_protocol);
	session_calculate_packets_increment(a_stream, &srt_action_context->last_app_statis, &increment_app_statis, thread_seq);
	tsg_set_application_metrics(a_stream, l4_protocol_string, app_full_path, &increment_app_statis, thread_seq);
	srt_action_context->last_update_metric_time = tsg_get_current_time_ms();

	return 1;
}

static int session_app_gather_results_set_l7_protocol(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol)
{
	struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
	if(gather_result==NULL)
	{
		gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
		memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
		session_gather_app_results_async(a_stream, (void *)gather_result);
	}

	if(gather_result[ORIGIN_BASIC_PROTOCOL].app_num>0)
	{
		return 0;
	}
	
	int app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[protocol].name);
	if(app_id>0)
	{
		gather_result[ORIGIN_BASIC_PROTOCOL].app_num=1;
		gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
		gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=app_id;
		gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].surrogate_id=0;
		gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].packet_sequence=get_packet_sequence(a_stream);
	}

	return 0;
}

int session_app_gather_results_update_matched_app_id(const struct streaminfo *a_stream, unsigned int hited_app_id)
{
	struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
	if(gather_result==NULL)
	{
		return 0;
	}
	
	gather_result[ORIGIN_HITED_APP].app_num=1;
	gather_result[ORIGIN_HITED_APP].origin=ORIGIN_HITED_APP;
	gather_result[ORIGIN_HITED_APP].attributes[0].app_id=hited_app_id;
	gather_result[ORIGIN_HITED_APP].attributes[0].surrogate_id=0;

	return 1;
}

int session_state_control_packet(const struct streaminfo *a_stream, void *payload, unsigned int payload_len)
{
	if(payload==NULL || payload_len==0)
	{
		return 0;
	}
	
	int is_ctrl_pkt=0;
	const void *raw_pkt = get_rawpkt_from_streaminfo(a_stream);
	int ret=get_opt_from_rawpkt(raw_pkt, RAW_PKT_GET_IS_CTRL_PKT, (void *)&is_ctrl_pkt);
	if(ret<0 || is_ctrl_pkt==0)
	{
		return 0;
	}

	ret=tsg_parse_log_update_payload(a_stream, (const void *)payload, payload_len);
	if(ret>=0)
	{
		return 1;
	}
	
	return 0;
}

int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream, unsigned char state)
{
	struct segment_id_list sid_list={0};

	if(g_tsg_para.intercept_sid>0)
	{
		sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.intercept_sid;
	}

	if(g_tsg_para.service_chaining_sid>0)
	{
		sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.service_chaining_sid;
	}

	if(g_tsg_para.shaping_sid>0)
	{
		sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.shaping_sid;
	}

	if(sid_list.sz_sidlist==0)
	{
		return 0;
	}

	unsigned long long trace_id=tsg_get_stream_trace_id((struct streaminfo *)a_stream);
	MESA_set_stream_opt(a_stream, MSO_STREAM_SET_DATAMETA_TRACE_ID, (void *)&trace_id, sizeof(unsigned long long));

	MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));

	if(g_tsg_para.send_resetall==0)
	{
		if(atomic_inc(&g_tsg_para.send_resetall)==1)
		{
			tsg_sync_resetall_state(a_stream);
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_RESETALL], 0, FS_OP_ADD, 1);
		}
	}

	switch(state)
	{
		case	OP_STATE_PENDING:
			tsg_sync_opening_state(a_stream, state);
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_OPENING], 0, FS_OP_ADD, 1);
			break;
		case	OP_STATE_CLOSE:
			tsg_sync_closing_state(a_stream, state);
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_CLOSING], 0, FS_OP_ADD, 1);
			break;
		default:
			break;
	}

	sid_list.sz_sidlist=0;
	MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));

	return 1;
}

int session_state_update_policy(struct update_policy *u_policy, struct maat_rule *matched_rules, size_t n_matched_rules, enum policy_type p_type)
{
	u_policy->n_ids=n_matched_rules;
	u_policy->type=p_type;
	
	for(size_t i=0; i<n_matched_rules; i++)
	{
		u_policy->ids[i]=matched_rules[i].rule_id;
	}

	return 0;
}

enum policy_type session_state_get_policy_type(TSG_SERVICE service)
{
	enum policy_type p_type=POLICY_UPDATE_MAX;
	switch(service)
	{
		case	TSG_SERVICE_CHAINING:
			if(g_tsg_para.service_chaining_sid==0)
			{
				break;
			}
			return POLICY_UPDATE_SERVICE_CHAINING;
		case	TSG_SERVICE_SHAPING:
			if(g_tsg_para.shaping_sid==0)
			{
				break;
			}
			return POLICY_UPDATE_SHAPING;
		case	TSG_SERVICE_INTERCEPT:
			if(g_tsg_para.intercept_sid==0)
			{
				break;
			}
			return POLICY_UPDATE_INTERCEPT;
		default:
			break;
	}

	return p_type;
}

unsigned short session_state_update_segment_sids(struct segment_id_list *segment_ids, enum policy_type p_type)
{
	unsigned short segment_id=0;
	unsigned short tmp_sids[POLICY_UPDATE_MAX]={0};

	switch(p_type)
	{
		case	POLICY_UPDATE_SHAPING:
			segment_id=g_tsg_para.shaping_sid;
			break;
		case	POLICY_UPDATE_INTERCEPT:
			segment_id=g_tsg_para.intercept_sid;
			break;
		case	POLICY_UPDATE_SERVICE_CHAINING:
			segment_id=g_tsg_para.service_chaining_sid;
			break;
		default:
			return 0;
	}
	
	for(size_t i=0; i<segment_ids->sz_sidlist; i++)
	{
		if(segment_ids->sid_list[i]==segment_id || segment_id==0)
		{
			return segment_id;
		}

		if(segment_ids->sid_list[i]==g_tsg_para.intercept_sid)
		{
			tmp_sids[POLICY_UPDATE_INTERCEPT]=segment_ids->sid_list[i];
			continue;
		}

		if(segment_ids->sid_list[i]==g_tsg_para.service_chaining_sid)
		{
			tmp_sids[POLICY_UPDATE_SERVICE_CHAINING]=segment_ids->sid_list[i];
			continue;
		}

		if(segment_ids->sid_list[i]==g_tsg_para.shaping_sid)
		{
			tmp_sids[POLICY_UPDATE_SHAPING]=segment_ids->sid_list[i];
			continue;
		}
	}

	tmp_sids[p_type]=segment_id;
	segment_ids->sz_sidlist=0;
	for(int i=0; i<POLICY_UPDATE_MAX; i++)
	{
		if(tmp_sids[i]!=0)
		{
			segment_ids->sid_list[segment_ids->sz_sidlist++]=tmp_sids[i];
		}
	}
	
	return segment_id;
}

size_t matched_rules_increase_in_activing(const struct matched_policy_rules *matched_rules, struct maat_rule *new_rules, size_t n_new_rules, struct maat_rule *inc_rules, size_t n_inc_rules)
{
	size_t n_inc_rules_offset=0;
	size_t num=MIN(MAX_RESULT_NUM-matched_rules->n_rules, n_new_rules);
	for(size_t i=0; i<num; i++)
	{
		int repeat_rule=0;
		for(size_t j=0; j<matched_rules->n_rules+n_inc_rules_offset; j++)
		{
			if((new_rules[i].rule_id==matched_rules->rules[j].rule_id) || (new_rules[i].rule_id==inc_rules[j].rule_id))
			{
				repeat_rule=1;
				break;
			}
		}

		if(repeat_rule==0 && n_inc_rules>n_inc_rules_offset)
		{
			memcpy(&(inc_rules[n_inc_rules_offset++]), &(new_rules[i]), sizeof(struct maat_rule));
		}
	}

	return n_inc_rules_offset;
}

int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *inc_rules, size_t n_inc_rules)
{
	enum policy_type p_type=session_state_get_policy_type(service);
	if(p_type>=POLICY_UPDATE_MAX)
	{
		return 0;
	}

	struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(a_stream);
	if(segment_ids==NULL)
	{
		segment_ids=(struct segment_id_list *)dictator_malloc(a_stream->threadnum, sizeof(struct segment_id_list));
		memset(segment_ids, 0, sizeof(struct segment_id_list));
	}

	unsigned short segment_id=session_state_update_segment_sids(segment_ids, p_type);
	if(segment_id==0)
	{
		dictator_free(a_stream->threadnum, (void *)segment_ids);
		return 0;
	}

	MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "set_segment_id", "set in active status , service:%d, sid:%u,session addr:%s", service, segment_id, PRINTADDR(a_stream, g_tsg_para.level));

	struct segment_id_list sid_list;
	sid_list.sz_sidlist=1;
	sid_list.sid_list[0]=segment_id;
	MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)&sid_list, sizeof(struct segment_id_list));

	int policy_array_offset=1;
	struct update_policy policy_array[2];
	session_state_update_policy(&(policy_array[0]), inc_rules, n_inc_rules, p_type);
	if(service==TSG_SERVICE_INTERCEPT)
	{
		memset(&policy_array[0].cmsg, 0, sizeof(struct proxy_cmsg));
		tsg_proxy_update_policy_fill(a_stream, &(policy_array[0]), segment_ids);

		struct matched_policy_rules *s_chaining = (struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_CHAINING);
		if(s_chaining!=NULL)
		{
			policy_array_offset++;
			session_state_update_policy(&(policy_array[1]), s_chaining->rules, s_chaining->n_rules, POLICY_UPDATE_SERVICE_CHAINING);
		}
	}

	tsg_sync_policy_update(a_stream, policy_array, policy_array_offset);

	MESA_set_stream_opt(a_stream, MSO_STREAM_PREPLEND_SEGMENT_ID_LIST, (void *)segment_ids, sizeof(struct segment_id_list));

	session_control_segment_ids_async(a_stream, segment_ids);
	return 1;
}

int session_state_sync_in_activing(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *rules, size_t n_rules, int thread_seq)
{
	if(rules==NULL || n_rules==0)
	{
		return 0;
	}

	struct matched_policy_rules *matched_rules=(struct matched_policy_rules *)session_matched_rules_get(a_stream, service);
	if(matched_rules==NULL)
	{
		matched_rules=(struct matched_policy_rules *)dictator_malloc(thread_seq, sizeof(struct matched_policy_rules));
		memset((void *)matched_rules, 0, sizeof(struct matched_policy_rules));
	}

	struct maat_rule inc_rules[MAX_RESULT_NUM]={0};
	size_t n_inc_results=matched_rules_increase_in_activing(matched_rules, rules, n_rules, inc_rules, MAX_RESULT_NUM-matched_rules->n_rules);
	if(n_inc_results==0)
	{
		return 0;
	}

	//FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_CTRL_ACTIVE], 0, FS_OP_ADD, 1);

	memcpy(matched_rules->rules+matched_rules->n_rules, inc_rules, n_inc_results*sizeof(struct maat_rule));
	matched_rules->n_rules+=n_inc_results;
	int ret=session_matched_rules_async(a_stream, service, (void *)matched_rules);
	if(ret<0)
	{
		session_matched_rules_free(a_stream, service, (void *)matched_rules);
		return 0;
	}
	
	ret=session_set_segment_id_in_activing(a_stream, service, inc_rules, n_inc_results);
	if(ret==0)
	{
		return 0;
	}

	return 1;
}

static char session_tcp_establish_latency_ms_set(const struct streaminfo *a_tcp, int thread_seq,const void *ip_hdr)
{
	struct tcphdr *tcp=NULL;

	if(ip_hdr==NULL || a_tcp==NULL)
	{
		return 0;
	}
	
	switch(a_tcp->addr.addrtype)
	{
		case	ADDR_TYPE_IPV4:
			tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V4, ADDR_TYPE_TCP);
			break;
		case	ADDR_TYPE_IPV6:
			tcp=(struct tcphdr *)MESA_net_jump_to_layer(ip_hdr, __ADDR_TYPE_IP_PAIR_V6, ADDR_TYPE_TCP);
			break;
		default:
			return 0;
			break;
	}
	
	if((tcp!=NULL) && !(tcp->syn))
	{
		srt_attribute_set_establish_latecy(a_tcp);
		return 1;
	}

	return 0;
}

struct maat_rule *matched_rules_decision_criteria(struct maat_rule *rules, size_t n_rules)
{
	struct maat_rule *p_result=NULL;

	for(size_t i=0; i<n_rules; i++)
	{
		if(p_result==NULL)
		{
			p_result=&rules[i];
			continue;
		}
		
		if((unsigned char)rules[i].action>(unsigned char)p_result->action)
		{
			p_result=&rules[i];
			continue;
		}
		
		if(rules[i].action==p_result->action)
		{
			if(rules[i].rule_id>p_result->rule_id)
			{
				p_result=&rules[i];
			}
		}	
	}

	return p_result;
}

int session_l7_protocol_identify(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, void *a_packet)
{
	int ret=0;

	switch(a_stream->type)
	{
		case	STREAM_TYPE_TCP:
			if(g_tsg_para.proto_flag&(1<<PROTO_HTTP))  //http
			{
				char *host=NULL, *url=NULL;
				void *parser_result=http_field_parser((char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->curdir);
				if(parser_result!=NULL)
				{
					srt_process_context->proto=PROTO_HTTP;
					
					int length=http_get_filed_result(parser_result, HTTP_HOST, &host);
					srt_process_context->http_host=malloc_copy_string(host, length, a_stream->threadnum);
					length=http_get_filed_result(parser_result, HTTP_MESSAGE_URL, &url);
					srt_process_context->http_url=malloc_copy_string(url, length, a_stream->threadnum);

					http_free_filed_result(parser_result);
					return 1;
				}
			}

			if(g_tsg_para.proto_flag&(1<<PROTO_SSL))  //ssl
			{
				enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
				struct ssl_chello *chello = NULL;

				chello=ssl_chello_parse((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, &chello_status);
				if(chello_status==CHELLO_PARSE_SUCCESS)
				{
					srt_process_context->proto=PROTO_SSL;
					if(chello->sni!=NULL)
					{
						srt_process_context->ssl_sni=malloc_copy_string(chello->sni, strlen(chello->sni), a_stream->threadnum);
					}

					srt_process_context->is_esni=(int)chello->is_encrypt_sni;
					
					ssl_chello_free(chello);
					return 1;
				}
				
				ssl_chello_free(chello);
			}
	
			if(g_tsg_para.proto_flag&(1<<PROTO_FTP))  //ftp
			{
				ret=ftp_control_identify((struct streaminfo *)a_stream);
				if(ret>0)
				{
					srt_process_context->proto=PROTO_FTP;
					return 1;
				}

				ret=ftp_data_identify((struct streaminfo *)a_stream);
				if(ret>0)
				{
					srt_process_context->proto=PROTO_FTP;
					return 1;
				}
			}
			
			if(g_tsg_para.proto_flag&(1<<PROTO_MAIL))  //mail
			{
				ret=mail_protocol_identify_by_first_payload((struct streaminfo *)a_stream,(char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, a_stream->threadnum);
				if(ret>0)
				{
					switch(ret)
					{
						case	SMTP_PROTOCOL:
							srt_process_context->proto=PROTO_SMTP;
							return 1;
							break;
						case	POP3_PROTOCOL:
							srt_process_context->proto=PROTO_POP3;
							return 1;
							break;
						case	IMAP_PROTOCOL:
							srt_process_context->proto=PROTO_IMAP;
							return 1;
							break;
						default:
							break;
					}
				}
			}

			if(g_tsg_para.proto_flag&(1<<PROTO_SSH))  //ssh
			{
				ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger);
				if(ret > 0)
				{
					srt_process_context->proto=PROTO_SSH;
					return 1;
				}
			}

			if(g_tsg_para.proto_flag&(1<<PROTO_STRATUM))  //Stratum
			{
				ret=stratum_identify((struct streaminfo *)a_stream, NULL, a_stream->threadnum, a_packet);
				if(ret==IS_STRATUM)
				{
					srt_process_context->proto=PROTO_STRATUM;
					return 1;
				}
			}

			if(g_tsg_para.proto_flag&(1<<PROTO_RDP))  //RDP
			{
				ret=rdp_protocol_identify((const char *)a_stream->ptcpdetail->pdata, a_stream->ptcpdetail->datalen, (unsigned int)a_stream->threadnum);
				if(ret==1)
				{
					srt_process_context->proto=PROTO_RDP;
					return 1;
				}
			}

			break;
		case	STREAM_TYPE_UDP:
			if(g_tsg_para.proto_flag&(1<<PROTO_DNS))  //dns
			{
				if(is_dns_protocol(a_stream))
				{
					srt_process_context->proto=PROTO_DNS;
					return 1;
				}
			}
			
			if(g_tsg_para.proto_flag&(1<<PROTO_QUIC))  //quic
			{
				char ua_buff[512]={0};
				char sni_buff[512]={0};
				int sni_len=sizeof(sni_buff),ua_len=sizeof(ua_buff);
				srt_process_context->quic_version=quic_protocol_identify((struct streaminfo *)a_stream, a_packet, sni_buff, &sni_len, ua_buff, &ua_len);
				if(srt_process_context->quic_version > 0)
				{
					srt_process_context->proto=PROTO_QUIC;
					srt_process_context->quic_sni=malloc_copy_string(sni_buff, sni_len, a_stream->threadnum);
					srt_process_context->quic_ua=malloc_copy_string(ua_buff, ua_len, a_stream->threadnum);
					return 1;
				}
			}

			if(g_tsg_para.proto_flag&(1<<PROTO_SIP))
			{
				unsigned char sip_ret=0;
				char *from=NULL, *to=NULL;
				unsigned int from_len=0, to_len=0;
				sip_ret=sip_identify_from_to((char *)a_stream->pudpdetail->pdata, (unsigned int)a_stream->pudpdetail->datalen, &from, &from_len, &to, &to_len);
				if(sip_ret==SIP_TRUE)
				{
					srt_process_context->proto=PROTO_SIP;
					return 1;
				}				
			}

			if(g_tsg_para.proto_flag&(1<<PROTO_RDP))  //RDP
			{
				ret=rdpudp_protocol_identify((const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, (unsigned int)a_stream->threadnum);
				if(ret==1)
				{
					srt_process_context->proto=PROTO_RDP;
					return 1;
				}
			}

			if (g_tsg_para.proto_flag&(1<<PROTO_DTLS)) //DTLS
			{
				bool is_dtls = dtls_identifyStream((struct streaminfo *)a_stream);
				if (is_dtls)
				{
					char sni_buff[512]={0};
					int sni_len=sizeof(sni_buff);
					srt_process_context->proto = PROTO_DTLS;
					ret = dtls_parse_sni((const char *)a_stream->pudpdetail->pdata, a_stream->pudpdetail->datalen, sni_buff, sni_len);
					if (ret == 0 && strlen(sni_buff) > 0)
					{
						srt_process_context->dtls_sni = malloc_copy_string(sni_buff, sni_len, a_stream->threadnum);
						return 1;
					}
				}
			}
			break;
		default:
			break;
	}

	if(srt_process_context->proto<PROTO_HTTP || srt_process_context->proto>PROTO_MAX)
	{
		srt_process_context->proto = PROTO_UNKONWN;
	}
	
	return ret;
}


static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *results, size_t n_result)
{
	struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
	if(srt_attribute!=NULL && domain!=NULL && table_idx>=0)
	{
		srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM);
		return tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_attribute->fqdn_category_ids, srt_attribute->n_fqdn_category_ids, table_idx, s_mid, results, n_result);
	}

	return 0;
}

size_t session_app_id_and_properties_scan(const struct streaminfo *a_stream, struct maat_rule *results, size_t n_results, struct session_runtime_process_context *srt_process_context, struct gather_app_result *identify_result, int thread_seq)
{
	size_t hit_num=0;
	int hited_app_id=0;
	int after_n_packets=0;
	struct maat_rule *p_result, *d_result=NULL;

	for(int i=0; i< identify_result->app_num; i++)
	{
		struct app_id_dict *dict=(struct app_id_dict *)matched_rule_cites_app_id_dict(g_tsg_maat_feather, (long long)identify_result->attributes[i].app_id);
		if(dict!=NULL)
		{
			hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->risk, (char *)"risk", (srt_process_context->mid), results+hit_num, n_results-hit_num);
			hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->category, (char *)"category", (srt_process_context->mid), results+hit_num, n_results-hit_num);
			hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->technology, (char *)"technology", (srt_process_context->mid), results+hit_num, n_results-hit_num);
			hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->subcategory, (char *)"subcategory", (srt_process_context->mid), results+hit_num, n_results-hit_num);
			hit_num+=tsg_scan_app_properties_policy(a_stream, g_tsg_maat_feather, dict->characteristics, (char *)"characteristics", (srt_process_context->mid), results+hit_num, n_results-hit_num);
		
			hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, identify_result->attributes[i].app_id, (srt_process_context->mid), results+hit_num, n_results-hit_num);
			after_n_packets=dict->deny_app_para.after_n_packets;
			
			set_app_timeout(a_stream, dict, &(srt_process_context->timeout));

			plugin_ex_data_app_id_dict_free(dict);
		}
		else
		{
			hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, identify_result->attributes[i].app_id, (srt_process_context->mid), results+hit_num, n_results-hit_num);
		}

		p_result=tsg_select_deny_rule(results, hit_num);
		if(d_result==NULL)
		{
			d_result=p_result;
			hited_app_id=identify_result->attributes[i].app_id;
			continue;
		}
		
		if(d_result->rule_id!=p_result->rule_id)
		{
			d_result=p_result;
			hited_app_id=identify_result->attributes[i].app_id;
		}
	}	

	if(hit_num>0)
	{
		if(identify_result->origin!=ORIGIN_BASIC_PROTOCOL)
		{
			srt_process_context->hited_app_id=hited_app_id;
		}
		
		srt_process_context->hited_para.hited_app_id=hited_app_id;
		srt_process_context->hited_para.after_n_packets=after_n_packets;
	}
	else
	{
		if(identify_result->origin==ORIGIN_BASIC_PROTOCOL && after_n_packets>0) //for enum TSG_PROTOCOL
		{
			srt_process_context->hited_para.after_n_packets=after_n_packets;
		}
	}

	if(srt_process_context!=NULL && srt_process_context->hited_app_id>0)
	{		
		session_app_gather_results_update_matched_app_id(a_stream, srt_process_context->hited_app_id);
	}

	return hit_num;
}

static unsigned char matched_security_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *security_rules, size_t n_security_rules, const void *a_packet, int thread_seq)
{
	unsigned char state=APP_STATE_GIVEME;
	struct maat_rule *p_rule=matched_rules_decision_criteria(security_rules, n_security_rules);
	if(p_rule->action==TSG_ACTION_SHUNT)
	{
		tsg_set_policy_flow(a_stream, p_rule, a_stream->threadnum);
		srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_SHUNT, a_stream->threadnum);
		return APP_STATE_DROPME|APP_STATE_KILL_OTHER;
	}

	switch(p_rule->action)
	{
		case	TSG_ACTION_DENY:
			if(srt_process_context->proto==PROTO_DNS)	/* deal action of deny in firewall */
			{
				break;
			}
			
			if(is_deny_application(p_rule))
			{
				if(srt_process_context->hited_para.hited_app_id==0)
				{
					srt_process_context->hited_para.hited_app_id=tsg_l7_protocol_name2id(g_tsg_proto_name2id[srt_process_context->proto].name);
				}

				srt_action_context_set_hitted_app_id(a_stream, srt_process_context->hited_para.hited_app_id, a_stream->threadnum);
				state=tsg_enforing_deny_application(a_stream, p_rule, srt_process_context->proto, srt_process_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_APP, a_packet);
			}
			else
			{
				state=tsg_enforing_deny(a_stream, p_rule, srt_process_context->proto, ACTION_RETURN_TYPE_APP, a_packet);
			}

			if(is_deny_after_N_packets(p_rule))
			{
				session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, p_rule, 1, a_stream->threadnum);
				if(a_stream->type==STREAM_TYPE_TCP)
				{
					break;
				}
			}

			if(srt_process_context->proto==PROTO_HTTP || srt_process_context->proto==PROTO_SSL)
			{
				state|=APP_STATE_KILL_OTHER;
			}

			session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, p_rule, 1, a_stream->threadnum);
			break;
		case	TSG_ACTION_BYPASS:
			srt_process_context->is_hitted_allow=1;
			session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, p_rule, 1, a_stream->threadnum);

			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_BYPASS], 0, FS_OP_ADD, 1);
			srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_ALLOW, a_stream->threadnum);
			break;
		default:
			break;
	}

	struct maat_rule monitor_rules[MAX_RESULT_NUM]={0};
	size_t n_monitor_rules=tsg_select_rules_by_action(security_rules, n_security_rules, monitor_rules, MAX_RESULT_NUM, TSG_ACTION_MONITOR);
	if(n_monitor_rules>0)
	{
		session_packet_capture_by_rules_notify(a_stream, monitor_rules, n_monitor_rules, a_stream->threadnum);
		session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, monitor_rules, n_monitor_rules, a_stream->threadnum);
	}
	
	return state;
}

int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq)
{
	session_state_sync_in_activing(a_stream, TSG_SERVICE_SHAPING, shaping_rules, n_shaping_rules, thread_seq);

	FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_SHAPING], 0, FS_OP_ADD, 1);
	srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);

	return 0;
}

int matched_intercept_rules_deal(const struct streaminfo *a_stream, struct maat_rule *intercept_rules, size_t n_intercept_rules, int thread_seq)
{
	struct maat_rule *p_rule=matched_rules_decision_criteria(intercept_rules, n_intercept_rules);
	session_state_sync_in_activing(a_stream, TSG_SERVICE_INTERCEPT, p_rule, 1, thread_seq);

	FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_INTERCEPT], 0, FS_OP_ADD, 1);
	srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);

	return 0;
}

int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *s_chaining_rules, size_t n_s_chaining_rules, int thread_seq)
{
	session_state_sync_in_activing(a_stream, TSG_SERVICE_CHAINING, s_chaining_rules, n_s_chaining_rules, thread_seq);
	srt_action_context_set_rule_method(a_stream, TSG_METHOD_TYPE_UNKNOWN, thread_seq);

	return 0;
}

unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *rules, size_t n_rules, const void *a_packet)
{
	unsigned char state=APP_STATE_GIVEME;

	struct maat_rule security_rules[MAX_RESULT_NUM]={0};
	size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
	if(n_security_rules>0)
	{
		state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, a_stream->threadnum);
		if(state&APP_STATE_KILL_OTHER)
		{
			return state;
		}
	}
	
	struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0};
	size_t n_s_chaining_rules=tsg_select_rules_by_service_id(rules, n_rules, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING);
	if(n_s_chaining_rules>0)
	{
		matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum);
	}
	
	struct maat_rule shaping_rules[MAX_RESULT_NUM]={0};
	size_t n_shaping_rules=tsg_select_rules_by_service_id(rules, n_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
	if(n_shaping_rules>0)
	{
		matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum);
	}

	struct maat_rule intercept_rules[MAX_RESULT_NUM]={0};
	size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT);
	if(n_intercept_rules>0)
	{
		matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum);
	}

	return state;
}

int session_app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data)
{
	if(data==NULL || a_stream->opstate==OP_STATE_CLOSE)
	{
		return 0;
	}

	struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_get(a_stream);
	if(srt_process_context==NULL)
	{
		srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_new(a_stream);
	}

	struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
	if(gather_result==NULL)
	{
		gather_result=(struct gather_app_result *)dictator_malloc(a_stream->threadnum, sizeof(struct gather_app_result)*ORIGIN_MAX);
		memset(gather_result, 0, sizeof(struct gather_app_result)*ORIGIN_MAX);
		session_gather_app_results_async(a_stream, (void *)gather_result);
	}

	struct app_identify_result *identify_result=(struct app_identify_result *)data;
	switch(identify_result->origin)
	{
			break;
		case	ORIGIN_QM_ENGINE:
			srt_process_context->is_app_link=FLAG_TRUE;
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_Q_RESULT], 0, FS_OP_ADD, 1);
			break;
		case	ORIGIN_USER_DEFINE:
			srt_process_context->is_app_link=FLAG_TRUE;
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_USER_RESULT], 0, FS_OP_ADD, 1);
			break;
		case	ORIGIN_BUILT_IN:
			srt_process_context->is_app_link=FLAG_TRUE;
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_APP_BUILT_IN_RESULT], 0, FS_OP_ADD, 1);
			break;
		case	ORIGIN_BASIC_PROTOCOL:
			srt_process_context->is_app_link=FLAG_TRUE;
			if(srt_process_context->proto==PROTO_UNKONWN || srt_process_context->proto==PROTO_APP)
			{
				srt_process_context_set_l7_protocol(srt_process_context, identify_result->app_id[identify_result->app_id_num-1]);
			}
			break;
		case	ORIGIN_UNKNOWN:
			srt_process_context->is_app_link=FLAG_TRUE;
			break;
		default:
			MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "APP_BRIDGE_CB", "Unknown type: %d addr: %s", identify_result->origin, PRINTADDR(a_stream, g_tsg_para.level));
			return 0;
	}

	app_gather_results_update(&(gather_result[identify_result->origin]), identify_result, get_packet_sequence(a_stream));

	if(srt_process_context->mid==NULL)
	{
		return 0;
	}

	struct maat_rule scan_results[MAX_TSG_ALL_RESULT_NUM]={0};
	srt_process_context->last_scan_time=tsg_get_current_time_ms();
	size_t hit_num=session_app_id_and_properties_scan((struct streaminfo *)a_stream, scan_results, MAX_TSG_ALL_RESULT_NUM, srt_process_context, &(gather_result[identify_result->origin]), a_stream->threadnum);

	srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, scan_results, hit_num, NULL);
	return 0;
}

int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data)
{
	if(data==NULL || a_stream->opstate==OP_STATE_CLOSE)
	{
		return 0;
	}

	struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_get(a_stream);
	if(srt_process_context==NULL)
	{
		srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_new(a_stream);
	}

	srt_process_context->session_flag=*(unsigned long *)(data);
	srt_attribute_set_flags(a_stream, srt_process_context->session_flag);

	if(srt_process_context->mid==NULL)
	{
		return 0;
	}
	
	struct maat_rule scan_results[MAX_TSG_ALL_RESULT_NUM]={0};
	size_t hit_num=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), scan_results, MAX_TSG_ALL_RESULT_NUM);
	srt_process_context->sync_cb_state=session_matched_rules_deal(a_stream, srt_process_context, scan_results, hit_num, NULL);

	return 0;
}

size_t session_pending_state_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *results, int n_results, void *a_packet)
{
	size_t hit_num=0;
	int ret=session_l7_protocol_identify(a_stream, srt_process_context, a_packet);
	if(ret==1)
	{
		session_app_gather_results_set_l7_protocol(a_stream, srt_process_context->proto);
		srt_process_context->is_app_link=FLAG_TRUE;
		srt_attribute_set_protocol(a_stream, srt_process_context->proto);

		if(srt_process_context->proto==PROTO_SSL)
		{
			struct _ssl_ja3_info_t *ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
			if(ja3_info!=NULL)
			{
				if(ja3_info->fp!=NULL && ja3_info->fp_len>0)
				{
					char *ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
					memset(ja3_fingerprint, 0, ja3_info->fp_len+1);
					memcpy(ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
					srt_attribute_set_ja3_fingprint(a_stream, ja3_fingerprint);
				}
			}
		}
		
		int table_idx=tsg_domain_table_idx_get(srt_process_context->proto);
		hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
		
		table_idx=tsg_fqdn_category_table_idx_get(srt_process_context->proto);
		hit_num+=tsg_scan_fqdn_category_id(a_stream, g_tsg_maat_feather, srt_process_context->domain, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
		if(srt_process_context->is_esni)
		{
			unsigned int protocol_id=tsg_l7_protocol_name2id("ESNI");
			hit_num+=tsg_scan_app_id_policy(a_stream, g_tsg_maat_feather, protocol_id, (srt_process_context->mid), results+hit_num, n_results-hit_num);
		}

		if(srt_process_context->proto==PROTO_HTTP && srt_process_context->http_url!=NULL)
		{
			table_idx=tsg_http_url_table_idx_get();
			hit_num+=tsg_scan_shared_policy(a_stream, g_tsg_maat_feather, srt_process_context->http_url, table_idx, (srt_process_context->mid), results+hit_num, n_results-hit_num);
		}
	}

	ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), results+hit_num, n_results-hit_num);
	if(ret>0)
	{
		hit_num+=ret;
		FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_ADDR], 0, FS_OP_ADD, 1);
	}

	struct gather_app_result *gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
	for(int i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
	{
		if(i==ORIGIN_HITED_APP || i==ORIGIN_QM_ENGINE_L7)
		{
			continue;
		}
		hit_num+=session_app_id_and_properties_scan(a_stream, results+hit_num, n_results-hit_num, srt_process_context, &(gather_result[i]), a_stream->threadnum);
	}
	
	hit_num+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), results+hit_num, n_results-hit_num);
	
	if((is_only_monitor(results, hit_num)) && srt_process_context->proto==PROTO_DNS)	// business deal action of monitor 
	{
		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "pending_state_deal", "is_only_monitor, clean hit_num to 0, :%s", PRINTADDR(a_stream, g_tsg_para.level));
		hit_num=0;
	}

	return hit_num;
}

static unsigned char tsg_master_data_entry(const struct streaminfo *a_stream, void **pme, int thread_seq,void *a_packet)
{
	int i=0,ret=0;
	size_t hit_num=0;
	unsigned char state=APP_STATE_GIVEME;
	struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM];
	struct gather_app_result *gather_result=NULL;
	struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)*pme;
	struct app_identify_result unknown_result;

	if(*pme==NULL)
	{
		srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_get(a_stream);
		if(srt_process_context==NULL)
		{
			srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_new(a_stream);
			*pme=(void *)srt_process_context;
		}
		else
		{
			*pme=(void *)srt_process_context;
		}
		srt_process_context->last_scan_time=tsg_get_current_time_ms();

		if(srt_process_context->mid==NULL)
		{
			srt_process_context->mid=maat_state_new(g_tsg_maat_feather, thread_seq);
		}
	}

	if(srt_process_context->first_origin_pkt==0)
	{
		srt_process_context->first_origin_pkt=1;

		if(a_stream->type==STREAM_TYPE_TCP)
		{
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_TCP_LINKS], 0, FS_OP_ADD, 1);
		}
		else
		{
			FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_UDP_LINKS], 0, FS_OP_ADD, 1);
		}
		
		hit_num+=session_pending_state_deal(a_stream, srt_process_context, matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, a_packet);
		if (a_stream->type == STREAM_TYPE_TCP && a_packet != NULL)
		{
			tsg_proxy_tcp_options_parse(a_stream, a_packet);
		}
		state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet);
		srt_process_context->deal_pkt_num++;

		srt_attribute_free_proxy_tcp_option(a_stream);
	}
	
	switch(a_stream->opstate)
	{
		case	OP_STATE_DATA:
			if(srt_process_context->is_app_link==FLAG_FALSE && (srt_process_context->deal_pkt_num++) == (g_tsg_para.identify_app_max_pkt_num+1))
			{
				unknown_result.app_id_num=1;
				unknown_result.surrogate_id[0]=0;
				unknown_result.origin=ORIGIN_UNKNOWN;
				unknown_result.app_id[0]=g_tsg_para.unknown_app_id;
		
				session_app_identify_result_cb(a_stream, 0, (void *)&unknown_result);
			}
		
			if(srt_process_context->is_hitted_allow)
			{
				state=APP_STATE_GIVEME;
				break;
			}

			if(srt_process_context->sync_cb_state&APP_STATE_KILL_OTHER || srt_process_context->sync_cb_state&APP_STATE_DROPPKT)
			{
				//tcpall, udp -> allow, Deny(after drop N packets)
				state=srt_process_context->sync_cb_state|APP_STATE_DROPME;
				break;
			}
			
			if(tsg_get_current_time_ms()-srt_process_context->last_scan_time < (g_tsg_para.scan_time_interval*1000))
			{
				break;
			}

			if(srt_process_context->mid!=NULL)
			{
				maat_state_reset(srt_process_context->mid);
			}
			
			srt_process_context->last_scan_time=tsg_get_current_time_ms();
			ret=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, srt_process_context->proto, (srt_process_context->mid), matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num);
			if(ret>0)
			{
				hit_num+=ret;
			}
			
			gather_result=(struct gather_app_result *)session_gather_app_results_get(a_stream);
			for(i=0; i<ORIGIN_MAX && gather_result!=NULL; i++)
			{
				if(i==ORIGIN_HITED_APP || i==ORIGIN_QM_ENGINE_L7)
				{
					continue;
				}
				hit_num+=session_app_id_and_properties_scan(a_stream, matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num, srt_process_context, &(gather_result[i]), thread_seq);
			}

			if(srt_process_context->session_flag>0)
			{
				hit_num+=tsg_scan_session_flags(a_stream, g_tsg_maat_feather, srt_process_context->session_flag, (srt_process_context->mid), matched_rules+hit_num, MAX_TSG_ALL_RESULT_NUM-hit_num);
			}
			
			state=session_matched_rules_deal(a_stream, srt_process_context, matched_rules, hit_num, a_packet);
			break;
		default:
			break;
	}
		
	if((a_stream->opstate==OP_STATE_CLOSE) || (state&APP_STATE_DROPME)==APP_STATE_DROPME)
	{
		session_runtime_process_context_free(a_stream);

		maat_state_free(srt_process_context->mid);
		srt_process_context->mid=NULL;

		*pme=NULL;
	}

	return state;
}

static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, unsigned char stream_state, void **pme, int thread_seq, const void *a_packet)
{
	int ret=0;
	int eth_rawpkt_len=0;
	unsigned char state=APP_STATE_GIVEME;
	struct maat_rule matched_rules[MAX_TSG_ALL_RESULT_NUM]={0};
	struct maat_rule security_rules[MAX_RESULT_NUM]={0};	
	struct maat_rule shaping_rules[MAX_RESULT_NUM]={0};
	struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)(*pme);

	if(stream_state==OP_STATE_PENDING && srt_action_context->method_type!=TSG_METHOD_TYPE_SHUNT && !(srt_action_context->udp_data_dropme))
	{
		if(srt_action_context->method_type==TSG_METHOD_TYPE_UNKNOWN)
		{
			srt_action_context->method_type=TSG_METHOD_TYPE_DEFAULT;
			srt_action_context->default_policy_after_n_packets=get_default_para(a_stream);
		}

		struct maat_state *scan_mid=maat_state_new(g_tsg_maat_feather, thread_seq);
		int hit_num=tsg_scan_nesting_addr(a_stream, g_tsg_maat_feather, PROTO_UNKONWN, scan_mid, matched_rules, MAX_TSG_ALL_RESULT_NUM);
		if(hit_num>0)
		{
			int n_security_rules=tsg_select_rules_by_service_id(matched_rules, hit_num, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
			if(n_security_rules>0)
			{
				struct session_runtime_process_context *srt_process_context=(struct session_runtime_process_context *)session_runtime_process_context_new(a_stream);
				state=matched_security_rules_deal(a_stream, srt_process_context, security_rules, n_security_rules, a_packet, thread_seq);
			}
			
			struct maat_rule s_chaining_rules[MAX_RESULT_NUM]={0};
			size_t n_s_chaining_rules=tsg_select_rules_by_service_id(matched_rules, hit_num, s_chaining_rules, MAX_RESULT_NUM, TSG_SERVICE_CHAINING);
			if(state==APP_STATE_GIVEME && n_s_chaining_rules>0)
			{
				matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, thread_seq);
			}

			size_t n_shaping_rules=tsg_select_rules_by_service_id(matched_rules, hit_num, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
			if(state==APP_STATE_GIVEME && n_shaping_rules>0)
			{
				matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, thread_seq);
			}
		}
		
		maat_state_free(scan_mid);
		scan_mid=NULL;
	}

	switch(srt_action_context->method_type)
	{
		case	TSG_METHOD_TYPE_RATE_LIMIT:
			eth_rawpkt_len=get_raw_packet_len(a_stream);
			if(eth_rawpkt_len<=0)
			{
				break;
			}
	
			ret=is_permit_pass(eth_rawpkt_len*8, srt_action_context->bucket, thread_seq);
			if(ret==0)
			{
				state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
			}
			break;
		case    TSG_METHOD_TYPE_TAMPER:
			if(0 == send_tamper_xxx(a_stream, &srt_action_context->tamper_count, a_packet))
			{
				state|=APP_STATE_GIVEME|APP_STATE_DROPPKT;
			}
			break;
		case	TSG_METHOD_TYPE_DEFAULT:
			if(!is_do_default_policy(a_stream, srt_action_context->default_policy_after_n_packets) || stream_state==OP_STATE_CLOSE)
			{
				break;
			}
			
			if(get_default_policy(&security_rules[0]))
			{
				state=tsg_enforing_deny(a_stream, &security_rules[0], PROTO_UNKONWN, ACTION_RETURN_TYPE_TCPALL, a_packet);
				session_matched_rules_notify(a_stream, TSG_SERVICE_SECURITY, &security_rules[0], 1, thread_seq);
			}
			break;
		case	TSG_METHOD_TYPE_DROP:
		case	TSG_METHOD_TYPE_APP_DROP:
			// contain hited current packet, platform calls tcp first and tcpall secondary.
			if(((srt_action_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_TCP) ||
				((srt_action_context->hited_para.after_n_packets > 0) && a_stream->type==STREAM_TYPE_UDP)
				|| stream_state==OP_STATE_CLOSE)
			{			
				srt_action_context->hited_para.after_n_packets--;
				break;
			}
			ret=session_matched_rules_copy(a_stream, TSG_SERVICE_SECURITY, &(security_rules[0]), 1);
			//ret=tsg_pull_policy_result((struct streaminfo *)a_stream,PULL_FW_RESULT, &security_result[0], 1, &tmp_identify_info);
			if(ret<=0 || security_rules[0].action!=TSG_ACTION_DENY)
			{
				break;
			}

			if(srt_action_context->hited_para.hited_app_id<=0)
			{
				state=tsg_enforing_deny(a_stream, &(security_rules[0]), srt_action_context->protocol, ACTION_RETURN_TYPE_TCPALL, a_packet);
			}
			else
			{
				state=tsg_enforing_deny_application(a_stream, &(security_rules[0]), srt_action_context->protocol, srt_action_context->hited_para.hited_app_id, ACTION_RETURN_TYPE_TCPALL, a_packet);
			}
			break;
		case	TSG_METHOD_TYPE_SHUNT:
			return APP_STATE_DROPME|APP_STATE_KILL_OTHER;
			break;
		default:
			break;
	}

	return state;
}

extern "C" unsigned char TSG_MASTER_TCP_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq,void *a_packet)
{
	int is_ctrl_pkt=session_state_control_packet(a_tcp, a_tcp->pudpdetail->pdata, a_tcp->pudpdetail->datalen);
	if(is_ctrl_pkt==1)
	{
		return APP_STATE_DROPPKT;
	}

	return tsg_master_data_entry(a_tcp, pme, thread_seq, a_packet);
}

extern "C" unsigned char TSG_MASTER_UDP_ENTRY(const struct streaminfo *a_udp, void **pme, int thread_seq,void *a_packet)
{
	unsigned char state1=APP_STATE_GIVEME;
	unsigned char state2=APP_STATE_GIVEME;
	struct udp_session_runtime_context *udp_srt_context=(struct udp_session_runtime_context *)(*pme);

	int is_ctrl_pkt=session_state_control_packet(a_udp, a_udp->pudpdetail->pdata, a_udp->pudpdetail->datalen);
	if(is_ctrl_pkt==1)
	{
		return APP_STATE_DROPPKT;
	}

	if(*pme==NULL)
	{
		unsigned short tunnel_type=0;
		int tunnel_type_len=sizeof(tunnel_type);
		int ret=MESA_get_stream_opt(a_udp, MSO_STREAM_UP_LAYER_TUNNEL_TYPE, (void *)&tunnel_type, &tunnel_type_len);
		if(ret==0 && tunnel_type&STREAM_TUNNEL_GPRS_TUNNEL)
		{
			return APP_STATE_DROPME;
		}

		session_state_sync_in_opening_and_closing(a_udp, a_udp->opstate);
		
		*pme=dictator_malloc(thread_seq, sizeof(struct udp_session_runtime_context));
		memset(*pme, 0, sizeof(struct udp_session_runtime_context));
		udp_srt_context=(struct udp_session_runtime_context *)(*pme);

		udp_srt_context->srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_udp);
		if(udp_srt_context->srt_action_context==NULL)
		{
			udp_srt_context->srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_udp);
		}
		
		udp_srt_context->srt_action_context->last_update_metric_time = tsg_get_current_time_ms();
		udp_srt_context->srt_action_context->direction=get_direction(a_udp);
	}

	session_application_metrics_update(a_udp, udp_srt_context->srt_action_context, thread_seq);

	if(udp_srt_context->srt_action_context->udp_data_dropme==0)
	{
		state2=tsg_master_data_entry(a_udp, (void **)&(udp_srt_context->srt_process_context), thread_seq, a_packet);
	}
	
	if(!(state2&APP_STATE_DROPME) || udp_srt_context->srt_action_context->hited_para.after_n_packets>0)
	{
		if(state2&APP_STATE_DROPME)
		{
			udp_srt_context->srt_action_context->udp_data_dropme=1;
			state2=state2&(~(APP_STATE_DROPME));
		}
		
		state1=tsg_master_all_entry(a_udp, a_udp->opstate, (void **)&(udp_srt_context->srt_action_context), thread_seq, a_packet);
	}

	if(state1&APP_STATE_DROPME || state2&APP_STATE_DROPME || a_udp->opstate==OP_STATE_CLOSE)
	{
		session_application_metrics_update(a_udp, udp_srt_context->srt_action_context, thread_seq);
		dictator_free(thread_seq, *pme);
		*pme=NULL;

		session_state_sync_in_opening_and_closing(a_udp, a_udp->opstate);
	}

	return (state1|state2);
}

extern "C" unsigned char TSG_MASTER_TCPALL_ENTRY(const struct streaminfo *a_tcp, void **pme, int thread_seq, const void *a_packet)
{
	struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)(*pme);

	int is_ctrl_pkt=session_state_control_packet(a_tcp, a_tcp->ptcpdetail->pdata, a_tcp->ptcpdetail->datalen);
	if(is_ctrl_pkt==1)
	{
		return APP_STATE_DROPPKT;
	}
	
	if(*pme==NULL)
	{
		session_state_sync_in_opening_and_closing(a_tcp, a_tcp->pktstate);
		*pme=(void *)session_runtime_action_context_get(a_tcp);
		if(*pme==NULL)
		{
			srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_tcp);
			*pme=(void *)srt_action_context;
		}
		
		srt_action_context->direction=get_direction(a_tcp);
		srt_action_context->last_update_metric_time = tsg_get_current_time_ms();
	}

	session_application_metrics_update(a_tcp, srt_action_context, thread_seq);

	if(srt_action_context->set_latency_flag==0)
	{
		srt_action_context->set_latency_flag=session_tcp_establish_latency_ms_set(a_tcp, thread_seq, a_packet);
	}

	if (a_packet != NULL)
	{
		tsg_proxy_tcp_options_parse(a_tcp, a_packet);
	}
	
	unsigned char state=tsg_master_all_entry(a_tcp, a_tcp->pktstate, pme, thread_seq, a_packet);

	if(state&APP_STATE_DROPME || a_tcp->pktstate==OP_STATE_CLOSE)
	{
		session_application_metrics_update(a_tcp, srt_action_context, thread_seq);
		session_state_sync_in_opening_and_closing(a_tcp, a_tcp->pktstate);
	}

	return state;
}

extern "C" int TSG_MASTER_INIT()
{
	int ret=0;
	char device_sn_filename[128]={0};
	char identify_proto_name[256]={0};
	
	memset(&g_tsg_para, 0, sizeof(g_tsg_para));
	
	MESA_load_profile_int_def(tsg_conffile, "SYSTEM","LOG_LEVEL", &g_tsg_para.level, RLOG_LV_FATAL);
	MESA_load_profile_string_def(tsg_conffile, "SYSTEM","LOG_PATH", g_tsg_para.log_path, sizeof(g_tsg_para.log_path), "log/master");

	g_tsg_para.logger=MESA_create_runtime_log_handle(g_tsg_para.log_path, g_tsg_para.level);
	if(g_tsg_para.logger==NULL)
	{
		printf("MESA_create_runtime_log_handle failed ...\n");
		return -1;
	}

	srand(time(0));
	get_deploy_mode();

	MESA_load_profile_int_def(tsg_conffile, "RESET", "NUM", &g_tsg_para.reset.pkt_num, 1);
	MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED1", &g_tsg_para.reset.seed1, 65535);
	MESA_load_profile_int_def(tsg_conffile, "RESET", "SEED2", &g_tsg_para.reset.seed2, 13);
	MESA_load_profile_int_def(tsg_conffile, "RESET", "FLAGS", &g_tsg_para.reset.th_flags, 0x14);
	MESA_load_profile_int_def(tsg_conffile, "RESET", "DIR", &g_tsg_para.reset.dir, DIR_DOUBLE);
	MESA_load_profile_int_def(tsg_conffile, "RESET", "REMEDY", &g_tsg_para.reset.remedy, 1);

	MESA_load_profile_int_def(tsg_conffile, "SYSTEM","UNKNOWN_APP_ID", &g_tsg_para.unknown_app_id, 4);

	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;MAIL;STREAMING_MEDIA;QUIC;SIP;SSH;Stratum;RDP;DTLS;");
	protocol_name2flag(identify_proto_name, &g_tsg_para.proto_flag);

	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0);
	MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "IENTIFY_APP_MAX_PKT_NUM", &g_tsg_para.identify_app_max_pkt_num, 20);

	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "APP_METRICS_INTERVAL", &g_tsg_para.app_metric_update_interval_ms, 30000);
	
	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "FEATURE_TAMPER", &g_tsg_para.feature_tamper, 0);
	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SERVICE_CHAINING_SID", &g_tsg_para.service_chaining_sid, 0);
	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SHAPING_SID", &g_tsg_para.shaping_sid, 0);
	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "PROXY_SID", &g_tsg_para.intercept_sid, 0);

	ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
	if(ret<0)
	{
		MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL);
		g_tsg_para.device_seq_in_dc=get_device_id(g_tsg_para.device_id_command, g_tsg_para.datacenter_id);
	}
	else
	{
		g_tsg_para.device_seq_in_dc=(g_tsg_para.datacenter_id<<7)+((g_tsg_para.device_seq_in_dc)%128);
	}
	
	MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json");
	ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn));
	if(ret==0)
	{
		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "GET_DEVICE_SN", "Get device SN failed; please check :%s", device_sn_filename);
	}

	ret=device_id_set_telegraf(g_tsg_para.device_sn);
	if(ret<0)
	{
		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "SET_DEVICE_SN_TO_TELEGRAF", "Set device SN(%s) failed; please check :%s", g_tsg_para.device_sn, "/etc/default/telegraf");
	}

	ret=tsg_bridge_init(tsg_conffile);
	if(ret<0)
	{
		return -1;
	}

	init_page_template(tsg_conffile);
	init_fs2_handle(tsg_conffile);

	ret=tsg_maat_rule_init(tsg_conffile);
	if(ret<0)
	{
		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_MAAT", "tsg_maat_rule_init failed ...");
		return -1;
	}
	
	g_tsg_log_instance=tsg_sendlog_init(tsg_conffile, g_tsg_para.fs2_handle);
	if(g_tsg_log_instance==NULL)
	{
		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_SENDLOG", "tsg_sendlog_init failed ...");
		return -1;
	}
	
	FS_start(g_tsg_para.fs2_handle);

	ret = tsg_metric_init(tsg_conffile, g_tsg_para.logger);
	if(ret<0)
	{
		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_STATISTIC", "tsg_metric_init failed ...");
		return -1;
	}

	l7_protocol_mapper_init(tsg_conffile);

	ret=tsg_gtp_signaling_hash_init(tsg_conffile, g_tsg_para.logger);
	if(ret<0)
	{
		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_GTP_HASH", "tsg_gtp_signaling_hash_init failed ...");
		return -1;
	}

	g_tsg_para.send_resetall=0;

	return 0;
}

extern "C" int TSG_MASTER_UNLOAD()
{
	return 0;
}