TSG-13584: Firewall的安全日志依赖session record日志,修复TRAFFIC_SHAPING_PROFILE表是否生效字段编号定义错误,使用cppcheck进行代码检查

2023-02-09 07:14:55 +00:00
parent 6756fcdf7a
commit 1332eedb94
47 changed files with 1477 additions and 2078 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,6 +7,7 @@ variables:
  INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel sapp  sapp-devel framework_env  libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel  librdkafka-devel libmaatframe-devel quic-devel  mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel
 stages:
 - analysis
 - build
 - test
 - package
@@ -45,6 +46,54 @@ stages:
  tags:
    - share
 run_cppcheck_for_centos7:
  stage: analysis
  image: $BUILD_IMAGE_CENTOS7
  script:
    - mkdir build || true
    - cd build
    - cmake3 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ..
    - cppcheck --project=compile_commands.json 
       --enable=all
       --error-exitcode=1 
       --suppress=unusedFunction 
       --suppress=missingInclude
       --suppress=uselessAssignmentPtrArg
       --suppress=unreachableCode
       --suppress=internalAstError
       --suppress=unmatchedSuppression
       --suppress=memleakOnRealloc
       --suppress=internalAstError
       --suppress=unmatchedSuppression
       --suppress=redundantAssignment
       --suppress=constParameter
  tags:
    - share
 run_cppcheck_for_centos8:
  stage: analysis
  image: $BUILD_IMAGE_CENTOS8
  script:
    - mkdir build || true
    - cd build
    - cmake3 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ..
    - cppcheck --project=compile_commands.json 
       --enable=all
       --error-exitcode=1 
       --suppress=unusedFunction 
       --suppress=missingInclude
       --suppress=uselessAssignmentPtrArg
       --suppress=unreachableCode
       --suppress=internalAstError
       --suppress=unmatchedSuppression
       --suppress=memleakOnRealloc
       --suppress=internalAstError
       --suppress=unmatchedSuppression
       --suppress=redundantAssignment
       --suppress=constParameter
  tags:
    - share
 run_test_for_centos7:
  stage: test
  extends: .build_by_travis_for_centos7
@@ -53,9 +102,7 @@ run_test_for_centos7:
    - ./ci/travis.sh
    - cd build
    - make test
-    - cd testing
+    - ctest --verbose
    - ./gtest_rule
    - ./gtest_master
 run_test_for_centos8:
  stage: test
@@ -65,9 +112,7 @@ run_test_for_centos8:
    - ./ci/travis.sh
    - cd build
    - make test
-    - cd testing
+    - ctest --verbose
    - ./gtest_rule
    - ./gtest_master
 branch_build_debug_for_centos7:
  stage: build
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -14,6 +14,29 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g")
 include_directories(${PROJECT_SOURCE_DIR}/inc/)
 include_directories(/opt/MESA/include/)
 #for cppcheck
 find_program(CMAKE_CXX_CPPCHECK NAMES cppcheck)
 if (CMAKE_CXX_CPPCHECK)
    list(
        APPEND CMAKE_CXX_CPPCHECK 
            "--enable=all"
            "--error-exitcode=1"
            "--suppress=unreachableCode"
            "--suppress=unusedFunction"
            "--suppress=missingInclude"
            "--suppress=uselessAssignmentPtrArg"
            "--suppress=unmatchedSuppression"
            "--suppress=internalAstError"
            "--suppress=unmatchedSuppression"
 	    "--suppress=memleakOnRealloc"
 	    "--suppress=redundantAssignment"
 	    "--suppress=constParameter"
    )
    set(CMAKE_C_CPPCHECK ${CMAKE_CXX_CPPCHECK})
 else()
  message(FATAL_ERROR "Could not find the program cppcheck.")
 endif()
 #for ASAN
 set(ASAN_OPTION "OFF" CACHE STRING " set asan type chosen by the user, using OFF as default")
 set_property(CACHE ASAN_OPTION  PROPERTY STRINGS OFF ADDRESS THREAD)
--- a/bin/tsg_static_tableinfo.conf
+++ b/bin/tsg_static_tableinfo.conf
@@ -93,4 +93,4 @@
 79	TSG_SECURITY_TUNNEL	virtual	TSG_OBJ_TUNNEL_ID	--
 80 	TSG_OBJ_FLAG	flag	--
 81  	TSG_SECURITY_FLAG	virtual		TSG_OBJ_FLAG	--
-82	TRAFFIC_SHAPING_PROFILE	plugin	{"key":1,"valid":8}
+82	TRAFFIC_SHAPING_PROFILE	plugin	{"key":1,"valid":7}
--- a/ctest/CMakeLists.txt
+++ b/ctest/CMakeLists.txt
@@ -11,7 +11,9 @@ add_test(NAME COPY_GTEST_TABLEINFO COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/bin/
 add_test(NAME COPY_GTEST_MAAT_RULE COMMAND sh -c "cp -r ${CMAKE_SOURCE_DIR}/test/bin/gtest_maat.json ${CMAKE_BINARY_DIR}/testing/tsgconf/tsg_maat.json")
 add_test(NAME COPY_GTEST_RULE_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_rule ${CMAKE_BINARY_DIR}/testing/")
-add_test(NAME COPY_GTEST_MASTER COMMAND sh -c "cp -r ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/")
+add_test(NAME COPY_GTEST_MASTER_BIN COMMAND sh -c "cp ${CMAKE_BINARY_DIR}/test/src/gtest_master ${CMAKE_BINARY_DIR}/testing/")
-add_test(NAME FAKE_TEST COMMAND sh -c "pwd")
+set(GTEST_RUN_DIR ${CMAKE_BINARY_DIR}/testing)
 add_test(NAME GTEST_RULE COMMAND gtest_rule WORKING_DIRECTORY ${GTEST_RUN_DIR})
 add_test(NAME GTEST_MASTER COMMAND gtest_master WORKING_DIRECTORY ${GTEST_RUN_DIR})
--- a/inc/tsg_label.h
+++ b/inc/tsg_label.h
@@ -7,7 +7,6 @@
 #define	MAX_VLAN_ID_NUM		32
 #define	MAX_RESULT_NUM	8
 #define	MAX_DOMAIN_LEN	2048
 typedef enum _tsg_protocol
 {
--- a/inc/tsg_rule.h
+++ b/inc/tsg_rule.h
@@ -8,6 +8,10 @@
 #define TSG_DOMAIN_MAX 	256
 #define	MAX_APP_ID_PROPERTY_LEN	128
 #ifndef	MAX_DOMAIN_LEN
 #define	MAX_DOMAIN_LEN	2048
 #endif
 #define	TSG_ACTION_NONE			0x00
 #define	TSG_ACTION_MONITOR		0x01
 #define	TSG_ACTION_INTERCEPT	0x02
@@ -90,5 +94,6 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo
 int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq);
 int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
 int tsg_notify_hited_shaping_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
 int tsg_notify_hited_security_result(const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, int thread_seq);
 #endif
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 add_definitions(-fPIC)
-set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp)
+set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp)
 include_directories(${CMAKE_SOURCE_DIR}/inc)
 include_directories(/opt/MESA/include/MESA/)
--- a/src/tsg_action.cpp
+++ b/src/tsg_action.cpp
@@ -125,14 +125,13 @@ static int get_http_header(char *buff, int len, int code, char *user_define)
 static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void *out)
 {
 	int i=0,ret=0;
 	int tcp_opt_num=0;
 	struct tcp_option *tcp_opt=NULL;
-	ret=MESA_get_stream_opt(a_stream, MSO_TCP_SYN_OPT, (void *)&tcp_opt, &tcp_opt_num);
+	int ret=MESA_get_stream_opt(a_stream, MSO_TCP_SYN_OPT, (void *)&tcp_opt, &tcp_opt_num);
 	if(ret>0)
 	{
-		for(i=0; i<tcp_opt_num; i++)
+		for(int i=0; i<tcp_opt_num; i++)
 		{
 			if(tcp_opt[i].type!=type)
 			{
@@ -156,8 +155,6 @@ static int get_tcp_mss_option(const struct streaminfo *a_stream, int type, void
 static void template_generate(const struct streaminfo *a_stream, int status_code, int policy_id, const char* message, char **page_buff, size_t *page_size, int thread_seq)
 {
 	int used_len=0;
 	char *tmp_buff=NULL;
 	std::string page_output, msg_output;
 	ctemplate::Template *tpl=NULL;
 	ctemplate::TemplateDictionary dict("pg_page_dict");	//dict is automatically finalized after function returned.
@@ -173,8 +170,8 @@ static void template_generate(const struct streaminfo *a_stream, int status_code
 			tpl_message->Expand(&msg_output, &dict_msg);
-			used_len=msg_output.length();
+			int used_len=msg_output.length();
-			tmp_buff=(char *)dictator_malloc(a_stream->threadnum, (used_len+1)*sizeof(char));
+			char *tmp_buff=(char *)dictator_malloc(a_stream->threadnum, (used_len+1)*sizeof(char));
 			memcpy(tmp_buff, msg_output.c_str(), used_len);
 			tmp_buff[used_len]='\0';
@@ -537,18 +534,16 @@ static int http_get_redirect_url(const struct streaminfo *a_stream, struct Maat_
 static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rule_t *p_result, tsg_protocol_t protocol)
 {
 	int ret=0,opt_value=0;
 	struct rst_tcp_para rst_paras={0};
 	if(a_stream->type==STREAM_TYPE_TCP)
 	{
 		struct rst_tcp_para rst_paras={0};
 		rst_paras.rst_pkt_num=g_tsg_para.reset.pkt_num;
 		rst_paras.signature_seed1=g_tsg_para.reset.seed1;
 		rst_paras.signature_seed2=g_tsg_para.reset.seed2;
 		rst_paras.th_flags=g_tsg_para.reset.th_flags;
 		rst_paras.__pad_no_use=0;
 		rst_paras.dir=g_tsg_para.reset.dir;
-		ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras));
+		int ret=MESA_rst_tcp((struct streaminfo *)a_stream, &rst_paras, sizeof(rst_paras));
 		if(ret<0)
 		{
 			MESA_handle_runtime_log(g_tsg_para.logger,
@@ -564,7 +559,7 @@ static unsigned char do_action_reset(const struct streaminfo *a_stream, Maat_rul
 		if(g_tsg_para.reset.remedy==1)
 		{
-			opt_value=1;
+			int opt_value=1;
 			MESA_set_stream_opt(a_stream, MSO_TCP_RST_REMEDY, (void *)&opt_value, sizeof(opt_value));
 		}
@@ -597,12 +592,12 @@ static unsigned char do_action_tamper(const struct streaminfo *a_stream, Maat_ru
 		return STATE_DROPME|STATE_DROPPKT;
 	}
-    struct tcpall_context * _context=(struct tcpall_context *)get_struct_project(a_stream, g_tsg_para.tcpall_project_id);
+    struct tcpall_context * _context=(struct tcpall_context *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id);
    if(_context==NULL)
    {
        _context=(struct tcpall_context *)dictator_malloc(a_stream->threadnum, sizeof(struct tcpall_context));
        memset(_context, 0, sizeof(struct tcpall_context));
-        set_struct_project(a_stream, g_tsg_para.tcpall_project_id, (void *)_context);
+        tsg_set_xxx_to_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].id, (void *)_context);
        _context->method_type=TSG_METHOD_TYPE_TAMPER;
        _context->tamper_count = 0;
    }
@@ -695,7 +690,6 @@ static unsigned char do_action_ratelimit(const struct streaminfo *a_stream, Maat
 static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maat_rule_t *p_result, struct compile_user_region *user_region)
 {
 	char *payload=NULL;
 	unsigned char raw_route_dir=0;
 	switch(user_region->deny->code)
 	{
@@ -711,7 +705,7 @@ static unsigned char do_action_block_mail(const struct streaminfo *a_stream, Maa
 	if(payload!=NULL)
 	{		
-		raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
+		unsigned char raw_route_dir=(a_stream->curdir==DIR_C2S) ? MESA_dir_reverse(a_stream->routedir) : a_stream->routedir;
 		tsg_send_inject_packet(a_stream, SIO_DEFAULT, payload, strlen(payload), raw_route_dir);
 	}
--- a/src/tsg_bridge.cpp
+++ b/src/tsg_bridge.cpp
@@ -0,0 +1,188 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <MESA/MESA_prof_load.h>
 #include <MESA/MESA_handle_logger.h>
 #include "tsg_bridge.h"
 #include "tsg_variable.h"
 extern int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data);
 extern int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data);
 void free_context_label(const struct streaminfo *a_stream, int bridge_id, void *data)
 {
 	struct master_context *context=(struct master_context *)data;
 	if(context!=NULL)
 	{
 		if(context->domain!=NULL)
 		{
 			dictator_free(a_stream->threadnum, (void *)context->domain);
 			context->domain=NULL;
 		}
 		if(context->quic_ua!=NULL)
 		{
 			dictator_free(a_stream->threadnum, (void *)context->quic_ua);
 			context->quic_ua=NULL;
 		}
 		if(context->mid!=NULL)
 		{
 			Maat_clean_status(&context->mid);
 			context->mid=NULL;
 		}
 		dictator_free(a_stream->threadnum, (void *)context);
 		context=NULL;
 	}
 	data=NULL;
 	return ;
 }
 void free_tcpall_label(const struct streaminfo *a_stream, int bridge_id, void *data)
 {
 	if(data!=NULL)
 	{
 		struct tcpall_context *context=(struct tcpall_context *)data;
 		if(context->para!=NULL)
 		{
 			switch(context->method_type)
 			{
 				case	TSG_METHOD_TYPE_RATE_LIMIT:
 					destroy_bucket(&(context->bucket), a_stream->threadnum);
 					break;
 				default:
 					break;
 			}
 		}
 		dictator_free(a_stream->threadnum, data);
 		data=NULL;
 	}
 	return ;
 }
 void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data)
 {
 	if(data!=NULL)
 	{
 		dictator_free(stream->threadnum, data);
 		data=NULL;
 	}
 }
 void free_policy_label(const struct streaminfo *a_stream, int bridge_id, void *data)
 {
 	if(data!=NULL)
 	{		
 		struct policy_priority_label *priority_label=(struct policy_priority_label *)data;
 		if(priority_label->para!=NULL)
 		{
 			dictator_free(a_stream->threadnum, priority_label->para);
 			priority_label->para=NULL;
 		}
 		dictator_free(a_stream->threadnum, data);
 		data=NULL;
 	}
 }
 void free_gather_app_result(const struct streaminfo *a_stream, int bridge_id, void *data)
 {
 	if(data!=NULL)
 	{
 		dictator_free(a_stream->threadnum, data);
 		data=NULL;
 	}
 }
 int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data)
 {
 	if(a_stream==NULL || bridge_id<0)
 	{
 		return 0;
 	}
 	int ret=stream_bridge_async_data_put(a_stream, bridge_id, data);
 	if(ret<0)
 	{
 		MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE", "Add project failed, bridge_id: %d addr: %s", bridge_id, PRINTADDR(a_stream, g_tsg_para.level));
 		return 0;
 	}
 	return 1;
 }
 void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id)
 {
 	if(a_stream!=NULL || bridge_id>=0)
 	{
 		return stream_bridge_async_data_get(a_stream, bridge_id);
 	}
 	return NULL;
 }
 int tsg_init_bridge(const char *conffile)
 {
 	MESA_load_profile_string_def(conffile, "SYSTEM", "APP_IDENTIFY_RESULT_BRIDGE", g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].name, MAX_BRIDGE_NAME_LEN, "APP_IDENTIFY_RESULT_BRIDGE");
 	g_tsg_para.bridge[BRIDGE_TYPE_APP_IDENTIFY_RESULT].sync_cb=app_identify_result_cb;
 	MESA_load_profile_string_def(conffile, "SYSTEM", "SKETCH_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_CONN_SKETCH_NOTIFY_DATA");
 	MESA_load_profile_string_def(conffile, "SYSTEM", "MASTER_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].name, MAX_BRIDGE_NAME_LEN, "TSG_MASTER_NOTIFY_DATA");
 	MESA_load_profile_string_def(conffile, "SESSION_FLAGS", "FLAGS_NOTIFY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].name, MAX_BRIDGE_NAME_LEN, "SESSION_FLAGS_SYNC_NOTIFY_DATA");
 	g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_FLAGS].sync_cb=session_flags_identify_result_cb;
 	MESA_load_profile_string_def(conffile, "SYSTEM", "SHAPING_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].name, MAX_BRIDGE_NAME_LEN, "NOTIFY_SHAPING_RESULT");
 	g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].free_cb=free_shaping_result;
 	MESA_load_profile_string_def(conffile, "SYSTEM", "DATA_CONTEXT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_DATA_CONTEXT");
 	g_tsg_para.bridge[BRIDGE_TYPE_DATA_CONTEXT].free_cb=free_context_label;
 	MESA_load_profile_string_def(conffile, "SYSTEM", "ALL_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].name, MAX_BRIDGE_NAME_LEN, "TSG_ALL_CONTEXT");
 	g_tsg_para.bridge[BRIDGE_TYPE_ALL_CONTEXT].free_cb=free_tcpall_label;
 	MESA_load_profile_string_def(conffile, "SYSTEM", "GATHER_APP_RESULT_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].name, MAX_BRIDGE_NAME_LEN, "GATHER_APP_IDENTIFY_RESULT");
 	g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].free_cb=free_gather_app_result;
 	MESA_load_profile_string_def(conffile, "SYSTEM", "POLICY_PRIORITY_BRIDGE_NAME", g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].name, MAX_BRIDGE_NAME_LEN, "TSG_POLICY_PRIORITY");
 	g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].free_cb=free_policy_label;
 	for(int i=0; i<BRIDGE_TYPE_MAX; i++)
 	{
 		g_tsg_para.bridge[i].id=stream_bridge_build(g_tsg_para.bridge[i].name, "w");
 		if(g_tsg_para.bridge[i].id<0)
 		{
 			MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "INIT_BRIDGE", "stream_bridge_build is error, bridge_name: %s", g_tsg_para.bridge[i].name);
 			return -1;
 		}
 		if(g_tsg_para.bridge[i].sync_cb)
 		{	
 			int ret=stream_bridge_register_data_sync_cb(g_tsg_para.bridge[i].id, g_tsg_para.bridge[i].sync_cb);
 			if(ret<0)
 			{		
 				MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE_SYNC_CB", "Register callback failed, bridge_name: %d", g_tsg_para.bridge[i].name);
 				return -1;
 			}
 		}
 		if(g_tsg_para.bridge[i].free_cb)
 		{
 			int ret=stream_bridge_register_data_free_cb(g_tsg_para.bridge[i].id, g_tsg_para.bridge[i].free_cb);
 			if(ret<0)
 			{		
 				MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "BRIDGE_FREE_CB", "Register async free callback failed, bridge_name: %d", g_tsg_para.bridge[i].name);
 				return -1;
 			}
 		}
 	}
 	return 0;
 }
--- a/src/tsg_bridge.h
+++ b/src/tsg_bridge.h
@@ -0,0 +1,130 @@
 #pragma once
 #include <MESA/stream.h>
 #include <MESA/Maat_rule.h>
 #include "tsg_rule.h"
 #include "app_label.h"
 #include "tsg_leaky_bucket.h"
 #ifndef	MAX_BRIDGE_NAME_LEN
 #define	MAX_BRIDGE_NAME_LEN	64
 #endif
 enum BRIDGE_TYPE
 {
 	BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
 	BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
 	BRIDGE_TYPE_APP_IDENTIFY_RESULT,
 	BRIDGE_TYPE_NOTIFY_FLAGS,
 	BRIDGE_TYPE_NOTIFY_SHAPING_RESULT,	//sync and async
 	BRIDGE_TYPE_DATA_CONTEXT,		//async
 	BRIDGE_TYPE_ALL_CONTEXT,		//async
 	BRIDGE_TYPE_GATHER_APP_RESULT,	//async
 	BRIDGE_TYPE_POLICY_PRIORITY,	//async
 	BRIDGE_TYPE_MAX
 };
 struct app_attributes
 {
 	unsigned int app_id;
 	unsigned int surrogate_id;
 	unsigned int packet_sequence;
 };
 struct gather_app_result
 {
 	int app_num;
 	enum APP_IDENTIFY_ORIGIN origin;
 	struct app_attributes attributes[MAX_APP_ID_NUM];
 };
 struct policy_priority_label
 {
 	tsg_protocol_t proto;	//enum _tsg_protocol (tsg_types.h)
 	int domain_len;
 	int result_type;	//enum _PULL_RESULT_TYPE (tsg_rule.h)
 	int security_result_num;
 	union
 	{
 		char *http_url;
 		char *quic_ua;
 		void *para;
 	};
 	char domain[MAX_DOMAIN_LEN];
 	struct Maat_rule_t security_result[MAX_RESULT_NUM];
 };
 struct hited_app_para
 {
 	int hited_app_id;
 	int after_n_packets;
 };
 struct master_context
 {
 	unsigned char is_esni;
 	unsigned char is_hited_allow;
 	unsigned char deal_pkt_num;
 	unsigned char is_app_link;
 	unsigned char sync_cb_state;
 	unsigned short timeout;
 	tsg_protocol_t proto;
 	int hited_app_id;		// only app
 	unsigned int quic_version;
 	unsigned long session_flag;
 	char *domain;
 	union
 	{
 		char *http_url;
 		char *quic_ua;
 		void *para;
 	};
 	scan_status_t mid;	
 	struct hited_app_para hited_para;  // l7 protocol and app
 	long long last_scan_time;
 };
 struct tcpall_context
 {
 	char udp_data_dropme;
 	char set_latency_flag;
 	char direction;
 	char padding[5];
 	enum TSG_METHOD_TYPE method_type; 
 	tsg_protocol_t protocol;
 	union
 	{
 		struct leaky_bucket *bucket;
 		long tamper_count;		
 		int default_policy_after_n_packets;
 		struct hited_app_para hited_para;
 		void *para;
 	};
 };
 struct udp_context
 {
 	struct master_context *data_entry;
 	struct tcpall_context *all_entry;
 };
 struct bridge_info
 {
 	int id;
 	char name[MAX_BRIDGE_NAME_LEN];
 	stream_bridge_free_cb_t *free_cb;
 	stream_bridge_sync_cb_t *sync_cb;
 };
 int tsg_init_bridge(const char *conffile);
 void free_context_label(const struct streaminfo *stream, int bridge_id, void *data);
 void free_tcpall_label(const struct streaminfo *stream, int bridge_id, void *data);
 void free_policy_label(const struct streaminfo *stream, int bridge_id, void *data);
 void free_shaping_result(const struct streaminfo *stream, int bridge_id, void *data);
 void free_gather_app_result(const struct streaminfo *stream, int bridge_id, void *data);
 void *tsg_get_xxx_from_bridge(const struct streaminfo *a_stream, int bridge_id);
 int tsg_set_xxx_to_bridge(const struct streaminfo *a_stream, int bridge_id, void *data);
--- a/src/tsg_dns.cpp
+++ b/src/tsg_dns.cpp
@@ -34,9 +34,8 @@ static int record_hton_uint32(char *payload, unsigned int value)
 	return 4;
 }
-static int compress_domain_record(unsigned char *domain, int domain_len, u_char *result)
+static int compress_domain_record(const unsigned char *domain, int domain_len, u_char *result)
 {
 	int section_len = 0;
 	int result_pos = 1;
 	int domain_pos = 0;
@@ -45,9 +44,9 @@ static int compress_domain_record(unsigned char *domain, int domain_len, u_char
        return -1;
    }
-	while((domain[domain_pos] != '\n')||(domain[domain_pos] != '\0'))
+	while((domain[domain_pos] != '\n') && (domain[domain_pos] != '\0'))
 	{
-		section_len = 0;
+		int section_len = 0;
 		while((domain[domain_pos] != '.') &&(domain[domain_pos] != '\n')&&(domain[domain_pos] != '\0'))
 		{
 			result[result_pos] = domain[domain_pos];
@@ -122,17 +121,17 @@ int dns_set_response_question(char *payload, int payload_len, dns_query_question
 int dns_set_response_records(char *payload, int payload_len, struct dns_record_val *record_val, int record_val_num, int max_ttl, int min_ttl)
 {
-	int i=0,ttl=0,used_len=0;
+	int used_len=0;
 	unsigned short compress_len=0;
 	unsigned char compress_name[DNS_MAX_NAME+1]={0};
-	for(i=0; i<record_val_num; i++)
+	for(int i=0; i<record_val_num; i++)
 	{
 		used_len+=record_hton_uint16(payload+used_len, (unsigned short)0xc00c);
 		used_len+=record_hton_uint16(payload+used_len, (unsigned short)(record_val[i].answer_type));//type
 		used_len+=record_hton_uint16(payload+used_len, (unsigned short)1); //class
-		ttl=random_integer(max_ttl, min_ttl)+min_ttl;
+		int ttl=random_integer(max_ttl, min_ttl)+min_ttl;
 		used_len+=record_hton_uint32(payload+used_len, (unsigned int)ttl);//ttl
 		switch(record_val[i].answer_type)
@@ -192,21 +191,20 @@ static int dns_set_answer_records(char *payload, int payload_len, struct dns_ans
 		return 0;
 	}
-	char profile_id[128]={0};
+	int used_len=0;
 	int idx=0, used_len=0, record_num=0;
 	struct dns_profile_records *profile_records=NULL;
 	if(answer_records->record_val.selected_flag==1)
 	{	
 		char profile_id[128]={0};
 		snprintf(profile_id, sizeof(profile_id), "%d", answer_records->record_val.selected.profile_id);
-		profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id);
+		struct dns_profile_records *profile_records=(struct dns_profile_records *)Maat_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_DNS_PROFILE_RECORD], profile_id);
 		if(profile_records==NULL)
 		{
 			return 0;
 		}
-		record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num);
+		int record_num=MIN(answer_records->record_val.selected.selected_num, profile_records->record_num);
-		idx=random_integer(profile_records->record_num, record_num);
+		int idx=random_integer(profile_records->record_num, record_num);
 		used_len+=dns_set_response_records(payload+used_len, payload_len-used_len, profile_records->record_val+idx, record_num, answer_records->max_ttl, answer_records->min_ttl);
 		(*answer_record_num)+=record_num;
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
--- a/src/tsg_entry.h
+++ b/src/tsg_entry.h
@@ -9,12 +9,13 @@
 #include <MESA/Maat_rule.h>
 #include <MESA/field_stat2.h>
 #include <ctemplate/template.h>
 #include "uthash.h"
 #include "tsg_rule.h"
 #include "app_label.h"
 #include "tsg_label.h"
 #include "tsg_bridge.h"
 #include "tsg_variable.h"
 #include "tsg_statistic.h"
 #include "tsg_leaky_bucket.h"
 #include "tsg_protocol_common.h"
@@ -33,14 +34,6 @@ typedef int atomic_t;
 #include <alsa/iatomic.h>
 #endif 
 #ifndef MIN
 #define MIN(a, b)  	(((a) < (b)) ? (a) : (b))
 #endif
 #ifndef	PRINTADDR
 #define	PRINTADDR(a, b)	((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
 #endif
 #ifndef	FLAG_FALSE
 #define	FLAG_FALSE	0
 #endif
@@ -52,112 +45,6 @@ typedef int atomic_t;
 #define	APP_SCAN_FLAG_STOP	0
 #define	APP_SCAN_FLAG_CONTINUE	1
 enum DEPLOY_MODE
 {
 	DEPLOY_MODE_MIRROR,
 	DEPLOY_MODE_INLINE,
 	DEPLOY_MODE_TRANSPARENT,
 	DEPLOY_MODE_MAX
 };
 enum MASTER_STATIC_TABLE{
 	TABLE_SECURITY_COMPILE=0,
 	TABLE_IP_ADDR,
 	TABLE_SUBSCRIBER_ID,
 	TABLE_APP_ID,
 	TABLE_HTTP_HOST,
 	TABLE_SSL_SNI,
 	TABLE_EXCLUSION_SSL_SNI,
 	TABLE_SRC_ASN,
 	TABLE_DST_ASN,
 	TABLE_SRC_LOCATION,
 	TABLE_DST_LOCATION,
 	TABLE_ASN_USER_DEFINED,
 	TABLE_ASN_BUILT_IN,
 	TABLE_LOCATION_USER_DEFINED,
 	TABLE_LOCATION_BUILT_IN,
 	TABLE_QUIC_SNI,
 	TABLE_FQDN_CAT_ID,
 	TABLE_FQDN_CAT_USER_DEFINED,
 	TABLE_FQDN_CAT_BUILT_IN,
 	TABLE_APP_ID_DICT,
 	TABLE_SELECTOR_ID,
 	TABLE_SELECTOR_PROPERTIES,
 	TABLE_GTP_APN,
 	TABLE_GTP_IMSI,
 	TABLE_GTP_PHONE_NUMBER,
 	TABLE_RESPONSE_PAGES,
 	TABLE_DNS_PROFILE_RECORD,
 	TABLE_PROFILE_MIRROR,
 	TABLE_HTTP_URL,
 	TABLE_DTLS_SNI,
 	TABLE_TUNNEL_ID,
 	TABLE_TUNNEL_CATALOG,
 	TABLE_TUNNEL_ENDPOINT,
 	TABLE_TUNNEL_LABEL,
 	TABLE_SESSION_FLAGS,
 	TABLE_MAX
 };
 enum MASTER_DYNAMIC_TABLE{
 	DYN_TABLE_SUBSCRIBER_IP=0,		
 	DYN_TABLE_GTP_SIGNALING,
 	DYN_TABLE_MAX
 };
 enum TSG_FS2_TYPE{
 	TSG_FS2_TCP_LINKS=0,
 	TSG_FS2_UDP_LINKS,
 	TSG_FS2_BYPASS,
 	TSG_FS2_HIT_ADDR,
 	TSG_FS2_HIT_SHARE,
 	TSG_FS2_INTERCEPT,
 	TSG_FS2_SHAPING,
 	TSG_FS2_EXCLUSION,
 	TSG_FS2_APP_DPKT_RESULT,
 	TSG_FS2_APP_Q_RESULT,
 	TSG_FS2_APP_USER_RESULT,
 	TSG_FS2_APP_BUILT_IN_RESULT,
 	TSG_FS2_INJECT_PKT_SUCCESS,
 	TSG_FS2_INJECT_PKT_FAILED,
 	TSG_FS2_MIRRORED_PKT_SUCCESS,	
 	TSG_FS2_MIRRORED_BYTE_SUCCESS,
 	TSG_FS2_MIRRORED_PKT_FAILED,
 	TSG_FS2_MIRRORED_BYTE_FAILED,
 	TSG_FS2_SET_TIMOUT_SUCCESS,
 	TSG_FS2_SET_TIMOUT_FAILED,
    TSG_FS2_SUCESS_TAMPER,
    TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
    TSG_FS2_TAMPER_FAILED_NOSWAP,
 	TSG_FS2_ASN_ADD,
 	TSG_FS2_ASN_DEL,
 	TSG_FS2_GTPC_ADD,
 	TSG_FS2_GTPC_DEL,
 	TSG_FS2_LOCATION_ADD,
 	TSG_FS2_LOCATION_DEL,
 	TSG_FS2_FQDN_ADD,
 	TSG_FS2_FQDN_DEL,
 	TSG_FS2_SUBSCRIBER_ADD,
 	TSG_FS2_SUBSCRIBER_DEL,
 	TSG_FS2_SECURIRY_ADD,
 	TSG_FS2_SECURIRY_DEL,
 	TSG_FS2_MIRRORED_ADD,
 	TSG_FS2_MIRRORED_DEL,
 	TSG_FS2_HTTP_RES_ADD,
 	TSG_FS2_HTTP_RES_DEL,
 	TSG_FS2_DNS_RES_ADD,
 	TSG_FS2_DNS_RES_DEL,
 	TSG_FS2_APP_ID_ADD,
 	TSG_FS2_APP_ID_DEL,
 	TSG_FS2_TUNNEL_CATALOG_ADD,
 	TSG_FS2_TUNNEL_CATALOG_DEL,
 	TSG_FS2_TUNNEL_ENDPOINT_ADD,
 	TSG_FS2_TUNNEL_ENDPOINT_DEL,
 	TSG_FS2_TUNNEL_LABEL_ADD,
 	TSG_FS2_TUNNEL_LABEL_DEL,
 	TSG_FS2_MAX
 };
 enum TSG_ATTRIBUTE_TYPE
 {
 	TSG_ATTRIBUTE_TYPE_ESTABLISH_LATECY=0,
@@ -179,37 +66,6 @@ enum HTTP_RESPONSE_FORMAT
 	HTTP_RESPONSE_FORMAT_HTML
 };
 enum BRIDGE_TYPE
 {
 	BRIDGE_TYPE_SEND_CONN_SKETCH_DATA=0,
 	BRIDGE_TYPE_RECV_CONN_SKETCH_DATA,
 	BRIDGE_TYPE_APP_IDENTIFY_RESULT,
 	BRIDGE_TYPE_NOTIFY_FLAGS,
 	BRIDGE_TYPE_NOTIFY_SHAPING_RESULT,
 	BRIDGE_TYPE_MAX
 };
 struct _str2index
 {
 	int index;
 	int len;
 	char *type;
 };
 struct app_attributes
 {
 	unsigned int app_id;
 	unsigned int surrogate_id;
 	unsigned int packet_sequence;
 };
 struct gather_app_result
 {
 	int app_num;
 	enum APP_IDENTIFY_ORIGIN origin;
 	struct app_attributes attributes[MAX_APP_ID_NUM];
 };
 struct l7_protocol 
 {
    int id;                    /* first key */
@@ -218,22 +74,6 @@ struct l7_protocol
    UT_hash_handle hh2;        /* handle for second hash table */
 };
 struct policy_priority_label
 {
 	tsg_protocol_t proto;	//enum _tsg_protocol (tsg_types.h)
 	int domain_len;
 	int result_type;	//enum _PULL_RESULT_TYPE (tsg_rule.h)
 	int security_result_num;
 	union
 	{
 		char *http_url;
 		char *quic_ua;
 		void *para;
 	};
 	char domain[MAX_DOMAIN_LEN];
 	Maat_rule_t security_result[MAX_RESULT_NUM];
 };
 struct fqdn_category
 {
 	int ref_cnt;
@@ -269,130 +109,6 @@ struct app_id_dict
 	struct deny_user_region deny_app_para;
 };
 struct hited_app_para
 {
 	int hited_app_id;
 	int after_n_packets;
 };
 struct master_context
 {
 	unsigned char is_esni;
 	unsigned char is_log;
 	unsigned char deal_pkt_num;
 	unsigned char is_app_link;
 	unsigned char sync_cb_state;
 	unsigned short timeout;
 	tsg_protocol_t proto;
 	int hit_cnt;
 	int hited_app_id;		// only app
 	unsigned int quic_version;
 	unsigned long session_flag;
 	char *domain;
 	union
 	{
 		char *http_url;
 		char *quic_ua;
 		void *para;
 	};
 	scan_status_t mid;	
 	struct Maat_rule_t *result;
 	struct hited_app_para hited_para;  // l7 protocol and app
 	long long last_scan_time;
 };
 struct tcpall_context
 {
 	char udp_data_dropme;
 	char set_latency_flag;
 	char direction;
 	char padding[5];
 	enum TSG_METHOD_TYPE method_type; 
 	tsg_protocol_t protocol;
 	union
 	{
 		struct leaky_bucket *bucket;
 		long tamper_count;		
 		int default_policy_after_n_packets;		
 		struct hited_app_para hited_para;
 		void *para;
 	};
 };
 struct udp_context
 {
 	struct master_context *data_entry;
 	struct tcpall_context *all_entry;
 };
 struct reset_argv
 {
 	int pkt_num;
 	int seed1;
 	int seed2;
 	int th_flags;
 	int dir;
 	int remedy;
 };
 #define	_MAX_TABLE_NAME_LEN	64
 typedef	struct tsg_para
 {
 	int level;
 	short mirror_switch;
 	unsigned short timeout;
 	int dynamic_maat_switch;
 	int location_field_num;
 	int app_dict_field_num;
 	int device_seq_in_dc;
 	int datacenter_id;
 	int scan_signaling_switch;
 	int hash_timeout;
 	int hash_slot_size;
 	int hash_thread_safe;
 	int feature_tamper;
 	enum DEPLOY_MODE deploy_mode;
 	int scan_time_interval;
 	int identify_app_max_pkt_num;
 	int unknown_app_id;
 	int hit_path_switch;
 	int default_compile_id;
 	int table_id[TABLE_MAX];	
 	int dyn_table_id[DYN_TABLE_MAX];
 	int priority_project_id;
 	int shaping_project_id;
 	int session_attribute_project_id;
 	int context_project_id;
 	int tcpall_project_id;
 	int gather_app_project_id;	
 	int bridge_id[BRIDGE_TYPE_MAX];
 	int proto_flag; //tsg_protocol_t
 	int fs2_field_id[TSG_FS2_MAX];
 	char device_sn[MAX_DOMAIN_LEN/8];
 	char log_path[MAX_DOMAIN_LEN/8];
 	char device_id_command[MAX_DOMAIN_LEN/8];
 	char data_center[_MAX_TABLE_NAME_LEN];
 	char device_tag[MAX_DOMAIN_LEN/2];
 	char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];	
 	char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN];
 	char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
 	void *logger;
 	void *maat_logger;
 	struct reset_argv reset;
 	struct mirrored_vlan default_vlan;
 	screen_stat_handle_t fs2_handle;
 	struct l7_protocol *name_by_id;
 	struct l7_protocol *id_by_name;
 	struct traffic_mirror *mirror_handle;
 	ctemplate::Template *tpl_403,*tpl_404;
 	ctemplate::Template *tpl_200,*tpl_204;
 	ctemplate::Template *tpl_303;
 }g_tsg_para_t;
 extern g_tsg_para_t g_tsg_para;
 extern Maat_feather_t g_tsg_dynamic_maat_feather;
 extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
 typedef enum tsg_statis_field_id
 {
 	STATIS_UNKNOWN=0,
@@ -483,9 +199,6 @@ void tsg_statistic_destroy(void);
 int tsg_gtp_signaling_hash_init(const char* conffile, void *logger);
 int set_struct_project(const struct streaminfo *a_stream, int project_id, void *data);
 const void *get_struct_project(const struct streaminfo *a_stream, int project_id);
 long long get_current_time_ms(void);
 //parent_app_name.app_name
@@ -521,7 +234,6 @@ int tsg_scan_subscribe_id_policy(Maat_feather_t maat_feather, const struct strea
 int tsg_get_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info **user_info);
 struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid);
 void free_policy_label(int thread_seq, void *project_req_value);
 int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE result_type, struct Maat_rule_t *p_result, tsg_protocol_t proto, int thread_seq);
 int tsg_scan_gtp_apn_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *apn, int thread_seq);
 int tsg_scan_gtp_imsi_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *imsi, int thread_seq);
@@ -532,4 +244,8 @@ int tsg_get_subscribe_id(const struct streaminfo *a_stream, struct subscribe_id_
 int tsg_send_raw_packet(const struct streaminfo *a_stream, struct mirrored_vlan *vlan, int vlan_num, int thread_seq);
 int tsg_scan_session_flags(Maat_feather_t maat_feather, const struct streaminfo *a_stream, Maat_rule_t *result, int result_num,  scan_status_t *mid, int table_id, unsigned long flag, int thread_seq);
 int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
 int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num);
 #endif
--- a/src/tsg_gtp_signaling.cpp
+++ b/src/tsg_gtp_signaling.cpp
@@ -35,7 +35,7 @@ static int is_gtp_tunnel(const struct streaminfo *a_stream)
 static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink, unsigned int *downlink)
 {
-	const struct streaminfo *p=a_stream, *q=a_stream->pfather;
+	const struct streaminfo *p=a_stream;
 	while(p)
 	{
@@ -47,8 +47,7 @@ static int get_gtp_teid(const struct streaminfo *a_stream, unsigned int *uplink,
 			return 1;
 		}
-		p=q;
+		p=p->pfather;
 		q=q->pfather;
 	}
 	return 0;
--- a/src/tsg_rule.cpp
+++ b/src/tsg_rule.cpp
@@ -30,10 +30,17 @@ enum kni_scan_table{
 	SCAN_TABLE_MAX
 };
 struct str2index
 {
 	int index;
 	int len;
 	char *type;
 };
 const char *g_kni_scan_table_name[SCAN_TABLE_MAX];
 int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0};
-extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
+extern struct id2field g_tsg_proto_name2id[PROTO_MAX];
-const struct _str2index method2index[TSG_METHOD_TYPE_MAX]={	{TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"},
+const struct str2index method2index[TSG_METHOD_TYPE_MAX]={	{TSG_METHOD_TYPE_UNKNOWN, 7, (char *)"unknown"},
 													{TSG_METHOD_TYPE_DROP, 4, (char *)"drop"},
 													{TSG_METHOD_TYPE_REDIRECTION, 8, (char *)"redirect"},
 													{TSG_METHOD_TYPE_BLOCK, 5, (char *)"block"},
@@ -63,8 +70,7 @@ static char* tsg_strdup(const char* s)
 unsigned short get_redis_port(char *redis_port_range)
 {
-	int	i=0,ret=0;
+	int port_num=0;
 	int idx=0,port_num=0;
 	int range_len=0,used_len=0;
 	char buf[256]={0};
 	unsigned short s_port=0,e_port=0;
@@ -109,11 +115,11 @@ unsigned short get_redis_port(char *redis_port_range)
 		}
 		else
 		{
-			ret=sscanf(buf, "%hu-%hu", &s_port, &e_port);
+			int ret=sscanf(buf, "%hu-%hu", &s_port, &e_port);
 			assert(ret==2);
 		}
-		for(i=s_port; i<=e_port && port_num<32; i++)
+		for(int i=s_port; i<=e_port && port_num<32; i++)
 		{
 			redis_port[port_num++]=i;
 		}
@@ -125,7 +131,7 @@ unsigned short get_redis_port(char *redis_port_range)
 	}
 	srand((unsigned int)time(NULL));
-	idx=rand()%port_num;
+	int idx=rand()%port_num;
 	return redis_port[idx];
 }
@@ -253,14 +259,13 @@ static int sort_category_id(const void * a, const void * b)
 static int get_data_center(char *accept_tag, char *effective_tag_key, char *data_center, int data_center_len)
 {
 	int i=0,len;
 	cJSON *object=cJSON_Parse(accept_tag);
 	if(object!=NULL)
 	{
 		cJSON *array=cJSON_GetObjectItem(object, "tags");
 		if(array!=NULL)
 		{
-			for(i=0; i<cJSON_GetArraySize(array); i++)
+			for(int i=0; i<cJSON_GetArraySize(array); i++)
 			{
 				cJSON *item=cJSON_GetArrayItem(array, i);
 				if(item!=NULL)
@@ -271,7 +276,7 @@ static int get_data_center(char *accept_tag, char *effective_tag_key, char *data
 						cJSON *v_item=cJSON_GetObjectItem(item, "value");
 						if(v_item!=NULL && v_item->valuestring!=NULL)
 						{
-							len=strlen(v_item->valuestring);
+							int len=strlen(v_item->valuestring);
 							memcpy(data_center, v_item->valuestring, (len>data_center_len-1 ? data_center_len-1 : len));
 						}
@@ -301,7 +306,7 @@ static void _free_field(char *field)
 static char *_malloc_field(const char *field_start, size_t field_len)
 {
-	if(field_start==NULL || field_len<=0)
+	if(field_start==NULL || field_len==0)
 	{
 		return NULL;
 	}
@@ -324,11 +329,10 @@ static int get_string_from_json(cJSON *object, const char *key, char **value)
 	{
 		return 0;
 	}
 	int len=0;
 	cJSON *item=cJSON_GetObjectItem(object, key);
 	if(item!=NULL)
 	{
-		len=strlen(item->valuestring);
+		int len=strlen(item->valuestring);
 		(*value)=(char *)malloc(len+1);
 		memcpy((*value), item->valuestring, len);
 		(*value)[len]='\0';
@@ -485,19 +489,18 @@ void location_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DAT
 void location_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
 {
 	int country_full=13,province_full=15,city_full=16,subdivision_addr=17;
 	struct location_info *location=(struct location_info *)calloc(1, sizeof(struct location_info));
-	location->country_full=tsg_get_column_string_value(table_line, country_full);	
+	location->country_full=tsg_get_column_string_value(table_line, 13);	// country_full
-	location->province_full=tsg_get_column_string_value(table_line, province_full);
+	location->province_full=tsg_get_column_string_value(table_line, 15);	// province_full
-	location->city_full=tsg_get_column_string_value(table_line, city_full);
+	location->city_full=tsg_get_column_string_value(table_line, 16);	// city_full
 	str_unescape(location->country_full);
 	str_unescape(location->province_full);
 	str_unescape(location->city_full);
 	if(g_tsg_para.location_field_num==19)
 	{
-		location->subdivision_addr=tsg_get_column_string_value(table_line, subdivision_addr);
+		location->subdivision_addr=tsg_get_column_string_value(table_line, 17);	// subdivision_addr
 		str_unescape(location->subdivision_addr);
 	}
@@ -1423,8 +1426,6 @@ void http_response_pages_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl,
 void dns_profile_records_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
 {
 	int i=0;
 	cJSON *one_record=NULL,*pSub=NULL;
 	struct dns_profile_records *profile_records=(struct dns_profile_records *)calloc(1, sizeof(struct dns_profile_records));
 	profile_records->record_id=tsg_get_column_integer_value(table_line, 1);
 	char *answer_type=tsg_get_column_string_value(table_line, 3);
@@ -1437,15 +1438,15 @@ void dns_profile_records_new(int table_id, const char* key, const char* table_li
 		profile_records->record_val=(struct dns_record_val *)calloc(1, profile_records->record_num*sizeof(struct dns_record_val));		
 		profile_records->answer_type=get_dns_qtype(answer_type, strlen(answer_type));
-		for(i=0; i<profile_records->record_num; i++)
+		for(int i=0; i<profile_records->record_num; i++)
 		{
-			one_record=cJSON_GetArrayItem(records_array, i);
+			cJSON *one_record=cJSON_GetArrayItem(records_array, i);
 			if(one_record==NULL)
 			{
 				continue;
 			}
-			pSub=cJSON_GetObjectItem(one_record, "value");
+			cJSON *pSub=cJSON_GetObjectItem(one_record, "value");
 			if(NULL==pSub )
 			{
 				continue; 
@@ -1534,8 +1535,6 @@ void dns_profile_records_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl,
 void mirrored_profile_new(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
 {
 	int i=0,vlan_id_num=0;
 	cJSON *one_vlan=NULL;
 	struct traffic_mirror_profile *mirror_profile=(struct traffic_mirror_profile *)calloc(1, sizeof(struct traffic_mirror_profile));
 	mirror_profile->profile_id=tsg_get_column_integer_value(table_line, 1);
@@ -1544,10 +1543,10 @@ void mirrored_profile_new(int table_id, const char* key, const char* table_line,
 	cJSON *vlan_ids_object=cJSON_Parse(vlan_ids_str);	
 	if(vlan_ids_object!=NULL)
 	{
-		vlan_id_num=cJSON_GetArraySize(vlan_ids_object);
+		int vlan_id_num=cJSON_GetArraySize(vlan_ids_object);
-		for(i=0; i<vlan_id_num; i++)
+		for(int i=0; i<vlan_id_num; i++)
 		{
-			one_vlan=cJSON_GetArrayItem(vlan_ids_object, i);
+			cJSON *one_vlan=cJSON_GetArrayItem(vlan_ids_object, i);
 			if(one_vlan==NULL)
 			{
 				continue;
@@ -1693,12 +1692,8 @@ void tunnel_label_new(int table_id, const char* key, const char* table_line, MAA
 }
 void tunnel_label_dup(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
 {
 	if((*from)!=NULL)
 {
 	(*to)=(*from);
 	}
 	return ;
 }
@@ -1709,18 +1704,15 @@ void tunnel_label_free(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *a
 static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *maat_logger)
 {
-	int redis_index=0,deferred_load=0;
+	int deferred_load=0;
-	unsigned short redis_port=0;
+	int scan_detail=0,effect_interval=60;
 	int ret=0,scan_detail=0,effect_interval=60;
 	Maat_feather_t _maat_feather=NULL;
 	char redis_port_range[256]={0};
 	char effective_tag_key[128]={0};
 	char effective_range_filename[1024]={0};
-	char redis_ip[16]={0}, effective_flag[1024]={0};
+	char effective_flag[1024]={0};
 	int output_prometheus=0;
 	int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0;
-	char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0};
+	char maat_stat_file[MAX_PATH_LEN]={0};
-	char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
+	char table_info[MAX_PATH_LEN]={0};
 	memset(effective_flag, 0, sizeof(effective_flag));	
 	MESA_load_profile_string_def(conffile, module, "EFFECTIVE_RANGE_FILE", effective_range_filename, sizeof(effective_range_filename),"./tsgconf/maat.conf");
@@ -1737,11 +1729,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
 	if(strlen(g_tsg_para.device_tag)==0 && strlen(effective_flag)>0)
 	{
 		memcpy(g_tsg_para.device_tag, effective_flag, MIN(strlen(effective_flag), sizeof(g_tsg_para.device_tag)-1));
 	}
 	if(strlen(g_tsg_para.data_center)==0 && strlen(effective_flag)>0)
 	{
 		char effective_tag_key[128]={0};
 		MESA_load_profile_string_def(conffile, module, "EFFECTIVE_TAG_KEY", effective_tag_key, sizeof(effective_tag_key),"data_center");
 		get_data_center(effective_flag, effective_tag_key, g_tsg_para.data_center, sizeof(g_tsg_para.data_center));
 	}
@@ -1762,10 +1756,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
 	if(maat_mode==2)
 	{
 		int redis_index=0;
 		char redis_ip[16]={0};
 		char redis_port_range[256]={0};
 		MESA_load_profile_string_def(conffile,module,"REDIS_IP", redis_ip, sizeof(redis_ip),"");
 		MESA_load_profile_int_def(conffile, module,"REDIS_INDEX", &redis_index, 0);
 		MESA_load_profile_string_def(conffile,module,"REDIS_PORT", redis_port_range, sizeof(redis_port_range), "6379;");
-		redis_port=get_redis_port(redis_port_range);
+		unsigned short redis_port=get_redis_port(redis_port_range);
 		if(strlen(effective_flag)!=0)
 		{
@@ -1791,7 +1788,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
 	{
 		if(strlen(effective_flag)!=0)
 		{
-			ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
+			int ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
 			assert(ret>=0);
 		}
 		else
@@ -1802,11 +1799,13 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
 		Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
 		if(maat_mode==1)
 		{
 			char json_cfg_file[MAX_PATH_LEN]={0};
 			MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
 			Maat_set_feather_opt(_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1);
 		}
 		else
 		{
 			char inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
 			MESA_load_profile_string_def(conffile,module,"INC_CFG_DIR",inc_cfg_dir, sizeof(inc_cfg_dir),"");
 			MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),"");	
 			assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0);
@@ -1833,7 +1832,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
 		}
 	}
-	ret=Maat_initiate_feather(_maat_feather);
+	int ret=Maat_initiate_feather(_maat_feather);
 	if(ret<0)
 	{
 		return NULL;
@@ -1853,52 +1852,52 @@ int tsg_rule_init(const char* conffile, void *logger)
 	MESA_load_profile_int_def(conffile, "MAAT","LOCATION_TABLE_TYPE", &g_tsg_para.location_field_num, 18);
 	MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat.conf");		
-	MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE");
+	MESA_load_profile_string_def(conffile, "MAAT", "SECURITY_COMPILE", g_tsg_para.table_name[TABLE_SECURITY_COMPILE], MAX_TABLE_NAME_LEN, "TSG_SECURITY_COMPILE");
-	MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR");
+	MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", g_tsg_para.table_name[TABLE_IP_ADDR], MAX_TABLE_NAME_LEN, "TSG_SECURITY_ADDR");
-	MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID");
+	MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", g_tsg_para.table_name[TABLE_SUBSCRIBER_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_SUBSCRIBER_ID");
-	MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
+	MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
-	MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST");	
+	MESA_load_profile_string_def(conffile, "MAAT", "HTTP_HOST_TABLE", g_tsg_para.table_name[TABLE_HTTP_HOST], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_HOST");	
-	MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_para.table_name[TABLE_HTTP_URL], _MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL");
+	MESA_load_profile_string_def(conffile, "MAAT", "HTTP_URL_TABLE", g_tsg_para.table_name[TABLE_HTTP_URL], MAX_TABLE_NAME_LEN, "TSG_FIELD_HTTP_URL");
-	MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI");
+	MESA_load_profile_string_def(conffile, "MAAT", "SSL_SNI_TABLE", g_tsg_para.table_name[TABLE_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_SSL_SNI");
-	MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], _MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI");
+	MESA_load_profile_string_def(conffile, "MAAT", "DECYPTION_EXCLUSION_SSL_SNI", g_tsg_para.table_name[TABLE_EXCLUSION_SSL_SNI], MAX_TABLE_NAME_LEN, "TSG_DECYPTION_EXCLUSION_SSL_SNI");
-	MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_para.table_name[TABLE_SRC_ASN], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN");
+	MESA_load_profile_string_def(conffile, "MAAT", "SRC_ASN_TABLE", g_tsg_para.table_name[TABLE_SRC_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_ASN");
-	MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_para.table_name[TABLE_DST_ASN], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN");
+	MESA_load_profile_string_def(conffile, "MAAT", "DST_ASN_TABLE", g_tsg_para.table_name[TABLE_DST_ASN], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_ASN");
-	MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_para.table_name[TABLE_SRC_LOCATION], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION");
+	MESA_load_profile_string_def(conffile, "MAAT", "SRC_LOCATION_TABLE", g_tsg_para.table_name[TABLE_SRC_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_SOURCE_LOCATION");
-	MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_para.table_name[TABLE_DST_LOCATION], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION");
+	MESA_load_profile_string_def(conffile, "MAAT", "DST_LOCATION_TABLE", g_tsg_para.table_name[TABLE_DST_LOCATION], MAX_TABLE_NAME_LEN, "TSG_SECURITY_DESTINATION_LOCATION");
-	MESA_load_profile_string_def(conffile, "MAAT", "ASN_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_ASN_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_IP_ASN_BUILT_IN");
+	MESA_load_profile_string_def(conffile, "MAAT", "ASN_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_ASN_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_BUILT_IN");
-	MESA_load_profile_string_def(conffile, "MAAT", "ASN_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_ASN_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_IP_ASN_USER_DEFINED");
+	MESA_load_profile_string_def(conffile, "MAAT", "ASN_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_ASN_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_ASN_USER_DEFINED");
-	MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_LOCATION_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_BUILT_IN");
+	MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_LOCATION_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_BUILT_IN");
-	MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_LOCATION_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_USER_DEFINED");
+	MESA_load_profile_string_def(conffile, "MAAT", "LOCATION_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_LOCATION_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_IP_LOCATION_USER_DEFINED");
-	MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI");
+	MESA_load_profile_string_def(conffile, "MAAT", "QUIC_SNI_TABLE", g_tsg_para.table_name[TABLE_QUIC_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_QUIC_SNI");
-	MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT");
+	MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_ID_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_FQDN_CAT");
-	MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN");
+	MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_BUILT_IN_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_BUILT_IN], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_BUILT_IN");
-	MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], _MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED");
+	MESA_load_profile_string_def(conffile, "MAAT", "FQDN_CAT_USER_DEFINED_TABLE", g_tsg_para.table_name[TABLE_FQDN_CAT_USER_DEFINED], MAX_TABLE_NAME_LEN, "TSG_FQDN_CATEGORY_USER_DEFINED");
-	MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], _MAX_TABLE_NAME_LEN, "APP_ID_DICT");
+	MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_DICT_TABLE", g_tsg_para.table_name[TABLE_APP_ID_DICT], MAX_TABLE_NAME_LEN, "APP_ID_DICT");
-	MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], _MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
+	MESA_load_profile_string_def(conffile, "MAAT", "APP_ID_TABLE", g_tsg_para.table_name[TABLE_APP_ID], MAX_TABLE_NAME_LEN, "TSG_OBJ_APP_ID");
-	MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID");
+	MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_ID_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_ID], MAX_TABLE_NAME_LEN, "APP_SELECTOR_ID");
-	MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], _MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES");
+	MESA_load_profile_string_def(conffile, "MAAT", "SELECTOR_PROPERTIES_TABLE", g_tsg_para.table_name[TABLE_SELECTOR_PROPERTIES], MAX_TABLE_NAME_LEN, "APP_SELECTOR_PROPERTIES");
-	MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN");
+	MESA_load_profile_string_def(conffile, "MAAT", "GTP_APN", g_tsg_para.table_name[TABLE_GTP_APN], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_APN");
-	MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI");
+	MESA_load_profile_string_def(conffile, "MAAT", "GTP_IMSI", g_tsg_para.table_name[TABLE_GTP_IMSI], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_IMSI");
-	MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], _MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER");
+	MESA_load_profile_string_def(conffile, "MAAT", "GTP_PHONE_NUMBER", g_tsg_para.table_name[TABLE_GTP_PHONE_NUMBER], MAX_TABLE_NAME_LEN, "TSG_FILED_GTP_PHONE_NUMBER");
-	MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], _MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES");
+	MESA_load_profile_string_def(conffile, "MAAT", "RESPONSE_PAGES_TABLE", g_tsg_para.table_name[TABLE_RESPONSE_PAGES], MAX_TABLE_NAME_LEN, "TSG_PROFILE_RESPONSE_PAGES");
-	MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS");
+	MESA_load_profile_string_def(conffile, "MAAT", "DNS_PROFILE_RECORDS", g_tsg_para.table_name[TABLE_DNS_PROFILE_RECORD], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_DNS_RECORDS");
-	MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], _MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR");
+	MESA_load_profile_string_def(conffile, "MAAT", "TRAFFIC_MIRROR_PROFILE", g_tsg_para.table_name[TABLE_PROFILE_MIRROR], MAX_TABLE_NAME_LEN, (char *)"TSG_PROFILE_TRAFFIC_MIRROR");
-	MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], _MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI");
+	MESA_load_profile_string_def(conffile, "MAAT", "DTLS_SNI_TABLE", g_tsg_para.table_name[TABLE_DTLS_SNI], MAX_TABLE_NAME_LEN, "TSG_FIELD_DTLS_SNI");
-	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ID_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ID], MAX_TABLE_NAME_LEN, "TSG_SECURITY_TUNNEL");
-	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG");
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_CATALOG_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_CATALOG], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_CATALOG");
-	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT");	
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_ENDPOINT_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_ENDPOINT], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_ENDPOINT");	
-	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], _MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL");
+	MESA_load_profile_string_def(conffile, "MAAT", "TUNNEL_LABEL_TABLE", g_tsg_para.table_name[TABLE_TUNNEL_LABEL], MAX_TABLE_NAME_LEN, "TSG_TUNNEL_LABEL");
-	MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_para.table_name[TABLE_SESSION_FLAGS], _MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
+	MESA_load_profile_string_def(conffile, "MAAT", "SESSION_FLAG_TABLE", g_tsg_para.table_name[TABLE_SESSION_FLAGS], MAX_TABLE_NAME_LEN, "TSG_SECURITY_FLAG");
 	MESA_load_profile_int_def(conffile, "MAAT","LOG_LEVEL", &log_level, 30);
 	MESA_load_profile_string_def(conffile, "MAAT", "LOG_PATH", log_path, sizeof(log_path), "./tsglog/maat/tsg_maat.log");
@@ -2203,32 +2202,31 @@ int tsg_rule_init(const char* conffile, void *logger)
 static int get_fqdn_category_id(Maat_feather_t maat_feather, int table_id, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq)
 {
 	int i=0,j=0,ret=0;	
 	struct fqdn_category *ex_data_array[8]={0};
-
+	int ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8);
 	ret=Maat_fqdn_plugin_get_EX_data(maat_feather, table_id, fqdn, (MAAT_PLUGIN_EX_DATA *)ex_data_array, 8);
 	if(ret>0)
 	{	
 		int cnt=0;
 		qsort(ex_data_array, ret, sizeof(struct fqdn_category *), sort_category_id);
-		for(i=0; i<ret; i++)
+		for(int i=0; i<ret; i++)
 		{
-			if(j==0)
+			if(cnt==0)
 			{
-				category_id[j++]=ex_data_array[i]->category_id;
+				category_id[cnt++]=ex_data_array[i]->category_id;
 			}
 			else
 			{
-				if(j<category_id_num && ex_data_array[i]->category_id!=category_id[j-1])
+				if(cnt<category_id_num && ex_data_array[i]->category_id!=category_id[cnt-1])
 				{
-					category_id[j++]=ex_data_array[i]->category_id;
+					category_id[cnt++]=ex_data_array[i]->category_id;
 				}
 			}
 			fqdn_category_free(table_id, (MAAT_PLUGIN_EX_DATA *)&(ex_data_array[i]), 0, logger);
 		}
-		return j;
+		return cnt;
 	}
 	return 0;
@@ -2238,7 +2236,7 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
 {
 	struct policy_priority_label *priority_label=NULL;	
-	priority_label=(struct policy_priority_label *)project_req_get_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id);
+	priority_label=(struct policy_priority_label *)stream_bridge_async_data_get((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	if(priority_label==NULL)
 	{
 		priority_label=(struct policy_priority_label *)dictator_malloc(thread_seq, sizeof(struct policy_priority_label));		
@@ -2251,10 +2249,10 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
 	priority_label->result_type=result_type;
 	memcpy(priority_label->security_result, p_result, sizeof(struct Maat_rule_t));
-	int ret=project_req_add_struct((struct streaminfo *)a_stream, g_tsg_para.priority_project_id, (void *)priority_label);
+	int ret=stream_bridge_async_data_put((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
 	if(ret<0)
 	{
-		free_policy_label(thread_seq, (void *)priority_label);
+		free_policy_label(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
 		MESA_handle_runtime_log(g_tsg_para.logger,
 										RLOG_LV_FATAL,
 										"PROJECT_ADD",
@@ -2280,7 +2278,7 @@ int tsg_set_policy_result(const struct streaminfo *a_stream, PULL_RESULT_TYPE re
 int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int result_num)
 {
-	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	if(shaping_label!=NULL && result!=NULL && result_num>0)
 	{
 		int num=MIN(shaping_label->shaping_result_num, result_num);
@@ -2293,15 +2291,12 @@ int tsg_pull_shaping_result(struct streaminfo *a_stream, Maat_rule_t*result, int
 int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_result_type, Maat_rule_t*result, int result_num, struct identify_info *identify_info)
 {
-	int num=0;
+	struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	struct policy_priority_label *label=NULL;
 	label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
 	if(label!=NULL && result!=NULL && result_num>0 && identify_info!=NULL)
 	{
 		if((label->result_type==pull_result_type) || (pull_result_type==PULL_ALL_RESULT))
 		{
-			num=MIN(label->security_result_num, result_num);
+			int num=MIN(label->security_result_num, result_num);
 			memcpy(result, label->security_result, num*sizeof(Maat_rule_t));
 			if(label->domain_len>0)
@@ -2321,7 +2316,7 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
 char *tsg_pull_quic_ua(struct streaminfo *a_stream)
 {
-	struct policy_priority_label *label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
+	struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	if(label!=NULL)
 	{
 		return label->quic_ua;
@@ -2332,7 +2327,7 @@ char *tsg_pull_quic_ua(struct streaminfo *a_stream)
 char *tsg_pull_http_url(struct streaminfo *a_stream)
 {
-	struct policy_priority_label *label=(struct policy_priority_label *)project_req_get_struct(a_stream, g_tsg_para.priority_project_id);
+	struct policy_priority_label *label=(struct policy_priority_label *)tsg_get_xxx_from_bridge((struct streaminfo *)a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	if(label!=NULL)
 	{
 		return label->http_url;
@@ -2687,13 +2682,12 @@ int tsg_get_vlan_label_id(struct single_layer_vlan_addr *vlan_array, int vlan_ar
 int tsg_scan_tunnel_id(Maat_feather_t maat_feather, struct Maat_rule_t *result, int result_num, scan_status_t *mid, unsigned long long *bool_id_array, int bool_id_array_idx, int thread_seq)
 {
-	int i=0,ret=0;
+	int hit_num=0;
 	int maat_ret=0, hit_num=0;
 	struct tunnel_catalog *t_catalog[TUNNEL_CATALOG_MAX];
-	ret=Maat_bool_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], bool_id_array, bool_id_array_idx, (void**)(&t_catalog), TUNNEL_CATALOG_MAX);
+	int ret=Maat_bool_plugin_get_EX_data(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_CATALOG], bool_id_array, bool_id_array_idx, (void**)(&t_catalog), TUNNEL_CATALOG_MAX);
-	for(i=0; i<ret; i++)
+	for(int i=0; i<ret; i++)
 	{
-		maat_ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_ID], t_catalog[i]->id, result+hit_num, result_num-hit_num, mid, thread_seq);
+		int maat_ret=Maat_scan_intval(maat_feather, g_tsg_para.table_id[TABLE_TUNNEL_ID], t_catalog[i]->id, result+hit_num, result_num-hit_num, mid, thread_seq);
 		if(maat_ret>0)
 		{
 			hit_num+=maat_ret;
@@ -2880,15 +2874,13 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
 //return value: -1: failed, 0: not hit, >0: hit count 
 int tsg_scan_shared_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, char *domain, Maat_rule_t *result, int result_num,  scan_status_t *mid, int table_id, int thread_seq)
 {
 	int ret=0,fqdn_len=0;
 	if(table_id<0 || domain==NULL)
 	{
 		return 0;
 	}
-	fqdn_len=get_fqdn_len(domain);
+	int fqdn_len=get_fqdn_len(domain);
-	ret=Maat_full_scan_string(g_tsg_maat_feather, table_id, CHARSET_UTF8, domain, fqdn_len, result, NULL, result_num, mid, thread_seq);
+	int ret=Maat_full_scan_string(g_tsg_maat_feather, table_id, CHARSET_UTF8, domain, fqdn_len, result, NULL, result_num, mid, thread_seq);
 	if(ret>0)
 	{
 		FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_HIT_SHARE], 0, FS_OP_ADD, 1);
@@ -2968,9 +2960,7 @@ struct Maat_rule_t *tsg_fetch_deny_rule(Maat_rule_t *result, int result_num)
 int tsg_get_method_id(char *method)
 {
-	int i=0;
+	for(int i=0; i<TSG_METHOD_TYPE_MAX; i++)
 	for(i=0; i<TSG_METHOD_TYPE_MAX; i++)
 	{
 		if(method2index[i].len==(int)strlen(method) && (strncasecmp(method2index[i].type, method, method2index[i].len))==0)
 		{
@@ -2983,11 +2973,9 @@ int tsg_get_method_id(char *method)
 int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned int *category_id, int category_id_num, void *logger, int thread_seq)
 {
 	int ret=0;
 	if(category_id!=NULL && category_id_num>0)
 	{
-		ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, category_id, category_id_num, logger, thread_seq);
+		int ret=get_fqdn_category_id(maat_feather, g_tsg_para.table_id[TABLE_FQDN_CAT_USER_DEFINED], fqdn, category_id, category_id_num, logger, thread_seq);
 		if(ret>0)
 		{
 			return ret;
@@ -3005,16 +2993,16 @@ int tsg_get_fqdn_category_id(Maat_feather_t maat_feather, char *fqdn, unsigned i
 int tsg_scan_fqdn_category_id(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, int table_id, unsigned int *category_id, int category_id_num, int thread_seq)
 {
 	int i=0,ret=0,hit_num=0;
 	if(table_id<0 || result_num<=0 || category_id==NULL || category_id_num <=0)
 	{
 		return 0;
 	}
-	for(i=0; i<category_id_num; i++)
+	int hit_num=0;
 	for(int i=0; i<category_id_num; i++)
 	{
-		ret=Maat_scan_intval(g_tsg_maat_feather, table_id, (unsigned int)category_id[i], result+hit_num, result_num-hit_num, mid, thread_seq);
+		int ret=Maat_scan_intval(g_tsg_maat_feather, table_id, (unsigned int)category_id[i], result+hit_num, result_num-hit_num, mid, thread_seq);
 		if(ret>0)
 		{
 			MESA_handle_runtime_log(g_tsg_para.logger,
@@ -3069,14 +3057,13 @@ int tsg_scan_app_id_policy(Maat_feather_t maat_feather, const struct streaminfo
 int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct streaminfo *a_stream, struct Maat_rule_t *result, int result_num, scan_status_t *mid, char *property, char *district, int thread_seq)
 {
-	int i=0,ret=0;
+	int hit_num=0;
 	int ret2=0, hit_num=0;
 	struct Maat_rule_t property_result[MAX_RESULT_NUM]={0};
 	if(property!=NULL && district!=NULL)
 	{
 		Maat_set_scan_status(g_tsg_maat_feather, mid, MAAT_SET_SCAN_DISTRICT, (void *)district, strlen(district));
-		ret=Maat_full_scan_string(g_tsg_maat_feather, 
+		int ret=Maat_full_scan_string(g_tsg_maat_feather, 
 									g_tsg_para.table_id[TABLE_SELECTOR_PROPERTIES],
 									CHARSET_UTF8,
 									property,
@@ -3087,9 +3074,9 @@ int tsg_scan_app_properties_policy(Maat_feather_t maat_feather, const struct str
 									mid,
 									thread_seq
 								);
-		for(i=0; i<ret; i++)
+		for(int i=0; i<ret; i++)
 		{
-			ret2=Maat_scan_intval(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_ID], property_result[i].config_id, result+hit_num, result_num-hit_num, mid, thread_seq);
+			int ret2=Maat_scan_intval(g_tsg_maat_feather, g_tsg_para.table_id[TABLE_SELECTOR_ID], property_result[i].config_id, result+hit_num, result_num-hit_num, mid, thread_seq);
 			if(ret2>0)
 			{
 				MESA_handle_runtime_log(g_tsg_para.logger, 
@@ -3327,7 +3314,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
 				notify_data.type=NOTIFY_TYPE_MIRRORED;
 				notify_data.vlan=&(mirror_profile->vlan);
-				stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
+				stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data));
 				mirrored_profile_free(0, (MAAT_PLUGIN_EX_DATA *)&mirror_profile, 0, NULL);
 			}
 			else
@@ -3335,7 +3322,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
 				notify_data.compile_id=result[i].config_id;
 				notify_data.type=NOTIFY_TYPE_MIRRORED;
 				notify_data.vlan=&(g_tsg_para.default_vlan);
-				stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
+				stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data));
 			}
 		}
@@ -3344,7 +3331,7 @@ int tsg_notify_hited_monitor_result(const struct streaminfo *a_stream, struct Ma
 			notify_data.compile_id=result[i].config_id;
 			notify_data.type=NOTIFY_TYPE_CAPTURE;
 			notify_data.capture_depth=user_region->capture.depth;
-			stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA], (void *)&(notify_data));
+			stream_bridge_sync_data_put(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_SEND_CONN_SKETCH_DATA].id, (void *)&(notify_data));
 		}
 		tsg_free_compile_user_region(&(result[i]), user_region);
@@ -3402,7 +3389,60 @@ int tsg_get_location_type(void)
 struct umts_user_info *tsg_get_umts_user_info_form_redis(unsigned int teid)
 {
 	char teid_str[32]={0};
-	snprintf(teid_str, sizeof(teid_str), "%d", teid);
+	snprintf(teid_str, sizeof(teid_str), "%u", teid);
 	return (struct umts_user_info *)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_table_id[DYN_TABLE_GTP_SIGNALING], (const char *)teid_str);
 }
 int tsg_fetch_hited_shaping_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *shaping_result, int shaping_result_num)
 {
 	if(hited_result==NULL || hited_result_num<=0 || shaping_result==NULL || shaping_result_num<=0)
 	{
 		return 0;
 	}
 	int result_cnt=0;
 	for(int i=0; i<hited_result_num; i++)
 	{
 		if(hited_result[i].action!=TSG_ACTION_SHAPING)
 		{
 			continue;
 		}
 		if(result_cnt>=shaping_result_num)
 		{
 			break;
 		}
 		memcpy(&(shaping_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t));
 	}
 	return result_cnt;
 }
 int tsg_fetch_hited_security_result(struct Maat_rule_t *hited_result, int hited_result_num, struct Maat_rule_t *security_result, int security_result_num)
 {
 	if(hited_result==NULL || hited_result_num<=0 || security_result==NULL || security_result_num<=0)
 	{
 		return 0;
 	}
 	int result_cnt=0;
 	for(int i=0; i<hited_result_num; i++)
 	{
 		if(hited_result[i].action==TSG_ACTION_SHAPING)
 		{
 			continue;
 		}
 		if(result_cnt>=security_result_num)
 		{
 			break;
 		}
 		memcpy(&(security_result[result_cnt++]), &(hited_result[i]), sizeof(struct Maat_rule_t));
 	}
 	return result_cnt;
 }
--- a/src/tsg_send_log.cpp
+++ b/src/tsg_send_log.cpp
@@ -117,7 +117,7 @@ static int register_topic(struct tsg_log_instance_t *instance, struct topic_stat
 	topic_conf=rd_kafka_topic_conf_new();
 	topic->status=1;
-	topic->topic_rkt=(rd_kafka_topic_t *)calloc(1, sizeof(rd_kafka_topic_t*));
+	//topic->topic_rkt=(rd_kafka_topic_t *)calloc(1, sizeof(rd_kafka_topic_t*));
 	topic->topic_rkt=rd_kafka_topic_new(_instance->kafka_handle, topic->name, topic_conf);
 	int thread_num=get_thread_count();
@@ -242,12 +242,9 @@ static int is_tunnels(struct streaminfo *a_stream)
 static int set_isn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, enum MESA_stream_opt type)
 {
 	int ret=0;
 	unsigned int isn=0;
-	int size=sizeof(unsigned long long);
+	int size=sizeof(isn);
-
+	int ret=MESA_get_stream_opt(a_stream, type, &isn, &size);
 	size=sizeof(unsigned int);
 	ret=MESA_get_stream_opt(a_stream, type, &isn, &size);
 	if(ret==0)
 	{		
 		TLD_append(_handle, field_name, (void *)(long)isn, TLD_TYPE_LONG);
@@ -282,7 +279,7 @@ static int set_tcp_isn(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
-	const char *linkinfo=(const char *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]);
+	const char *linkinfo=(const char *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_MAC_LINKINFO]);
 	if(linkinfo==NULL)
 	{
 		return 0;
@@ -320,13 +317,13 @@ static int set_linkinfo(struct tsg_log_instance_t *_instance, struct TLD_handle_
 }
 static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct asn_info *asn_info)
 {	
 	if(asn_info!=NULL)
 	{
 		int len=0;
 		char buff[1024]={0};
 		int buff_len=sizeof(buff);
 	if(asn_info!=NULL)
 	{
 		len+=string_cat(buff+len, buff_len-len, asn_info->asn_id);
 		buff[len++]='(';
 		len+=string_cat(buff+len, buff_len-len, asn_info->organization);
@@ -339,15 +336,14 @@ static int set_asn(struct TLD_handle_t *_handle, struct streaminfo *a_stream, ch
 static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_stream, char *field_name, struct location_info *location_info)
 {
 	int len=0;
 	char buff[1024]={0};
 	int buff_len=sizeof(buff);
 	if(location_info==NULL)
 	{
 		return 0;
 	}
 	int len=0;
 	char buff[1024]={0};
 	int buff_len=sizeof(buff);
 	int location_type=tsg_get_location_type();
 	switch(location_type)
 	{
@@ -356,7 +352,7 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea
 			buff[len++]=',';
 			len+=string_cat(buff+len, buff_len-len, location_info->province_full);
 			buff[len++]=',';
-			len+=string_cat(buff+len, buff_len-len, location_info->country_full);
+			string_cat(buff+len, buff_len-len, location_info->country_full);
 			break;
 		case	19:
 			len+=string_cat(buff+len, buff_len-len, location_info->country_full);
@@ -368,7 +364,7 @@ static int set_location(struct TLD_handle_t *_handle, struct streaminfo *a_strea
 			if(location_info->subdivision_addr!=NULL)
 			{
 				buff[len++]='.';
-				len+=string_cat(buff+len, buff_len-len, location_info->subdivision_addr);
+				string_cat(buff+len, buff_len-len, location_info->subdivision_addr);
 			}
 			break;
 		default:
@@ -462,17 +458,16 @@ static int set_tuple4(struct tsg_log_instance_t *_instance, struct TLD_handle_t
 static int set_duraction(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
 	int ret=0;
 	long common_con_duration_ms=0;
 	unsigned long long create_time=0,last_time=0;
 	int size=sizeof(unsigned long long);
 	unsigned long long create_time=0,last_time=0;
 	if(a_stream->ptcpdetail!=NULL)
 	{
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_START_TIME].name, (void *)(a_stream->ptcpdetail->createtime), TLD_TYPE_LONG);
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_END_TIME].name, (void *)(a_stream->ptcpdetail->lastmtime), TLD_TYPE_LONG);
-		ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size);
+		int ret=MESA_get_stream_opt(a_stream, MSO_STREAM_CREATE_TIMESTAMP_MS, (void *)&create_time, &size);
 		if(ret>=0)
 		{
 			ret=MESA_get_stream_opt(a_stream, MSO_STREAM_LASTUPDATE_TIMESTAMP_MS, (void *)&last_time, &size);
@@ -631,19 +626,17 @@ static int set_app_identify_info(struct TLD_handle_t *_handle, char *field_name,
 static int get_app_id_list(Value *app_id_object, struct TLD_handle_t *_handle, const char *field_name, struct gather_app_result *result)
 {
 	int i=0,ret=0;
 	char app_name[512]={0};
 	if(result->app_num==0)
 	{
 		return 0;
 	}
 	Value array(kArrayType);
-	for(i=0; i<result->app_num; i++)
+	for(int i=0; i<result->app_num; i++)
 	{	
 		char app_name[512]={0};
 		Value object(kObjectType);
-		ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
+		int ret=tsg_app_id2name(result->attributes[i].app_id, app_name, sizeof(app_name), 1);
 		if(ret>0)
 		{		
 			add_str_member(_handle, &object, "app_name", app_name);
@@ -849,13 +842,10 @@ int set_app_info(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_han
 int set_app_id(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
-	char app_name[512]={0};
+	struct gather_app_result *gather_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id);
 	struct gather_app_result *gather_result=NULL;
 	gather_result=(struct gather_app_result *)project_req_get_struct(a_stream, g_tsg_para.gather_app_project_id);
 	if(gather_result==NULL)
 	{	
 		char app_name[512]={0};
 		if(tsg_app_id2name(_instance->unknown_app_id, app_name, sizeof(app_name), 0))
 		{
 			TLD_append(_handle, _instance->id2field[LOG_COMMON_APP_FULL_PATH].name, (void *)app_name, TLD_TYPE_STRING);
@@ -1137,7 +1127,7 @@ int TLD_append(struct TLD_handle_t *handle, char *key, void *value, TLD_TYPE typ
 int TLD_array_append(struct TLD_handle_t *handle, char *key, void **array, int array_num, TLD_TYPE type)
 {
-    if(handle==NULL || key==NULL ||  array_num<=0 || array==NULL || type!=TLD_TYPE_LONG || type!=TLD_TYPE_STRING)
+	if(handle==NULL || key==NULL ||  array_num<=0 || array==NULL || (type!=TLD_TYPE_LONG && type!=TLD_TYPE_STRING))
 	{
 		return -1;
 	}
@@ -1221,7 +1211,7 @@ int TLD_convert_json(struct TLD_handle_t *_handle, char *buff, unsigned int buff
 static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
-	struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA]);
+	struct tsg_conn_sketch_notify_data *notify_mail=(struct tsg_conn_sketch_notify_data *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_RECV_CONN_SKETCH_DATA].id);
 	if(notify_mail!=NULL && notify_mail->pdata.mail_eml_filename!=NULL && notify_mail->protocol==PROTO_MAIL)
 	{
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
@@ -1235,7 +1225,7 @@ static int set_mail_eml(struct tsg_log_instance_t *_instance, struct TLD_handle_
 static int set_s3_filename(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
-	struct business_notify_data *bnd_label=(struct business_notify_data *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]);
+	struct business_notify_data *bnd_label=(struct business_notify_data *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_BUSINESS_S3_FILENAME]);
 	if(bnd_label==NULL || bnd_label->pdata==NULL)
 	{
 		return 0;
@@ -1338,7 +1328,7 @@ static int set_tunnel_ipv4v6_port(struct tsg_log_instance_t *_instance, struct T
 int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
-	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)tsg_get_xxx_from_bridge(a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	if(shaping_label==NULL)
 	{
 		return 0;
@@ -1351,12 +1341,16 @@ int set_shaping_rule_ids(struct tsg_log_instance_t *_instance, struct TLD_handle
 		offset+=snprintf(shaping_rule_ids+offset, sizeof(shaping_rule_ids)-offset, "%d,", shaping_label->shaping_result[i].config_id);
 	}
 	if(offset>0)
 	{
 		shaping_rule_ids[offset-1]='\0';
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_SHAPING_RULE_IDS].name, (void *)shaping_rule_ids, TLD_TYPE_STRING);		
 		return 1;
 	}
 	return 0;
 }
 static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
 	int ret=0;	
@@ -1445,7 +1439,7 @@ static int set_common_tunnels(struct tsg_log_instance_t *_instance, struct TLD_h
 				break;
 		}
-		ptmp = pfather;;
+		ptmp=pfather;
 		tunnel_array.PushBack(tunnel_object, _handle->document->GetAllocator());
 	}
@@ -1499,7 +1493,6 @@ int is_multi_hit_same_policy(struct Maat_rule_t *result, int *policy_id, int *po
 static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_log_instance_t *_instance, struct Maat_rule_t *p_result, int thread_seq)
 {
 	int ret=0;
 	cJSON *item=NULL;
 	cJSON *object=NULL;
 	char *user_region=NULL;
@@ -1511,7 +1504,7 @@ static int set_xxxx_from_user_region(struct TLD_handle_t *_handle, struct tsg_lo
 	if(p_result->action!=TSG_ACTION_NONE && p_result->serv_def_len>0)
 	{
 		user_region=(char *)dictator_malloc(thread_seq, p_result->serv_def_len+1);
-		ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1);
+		int ret=Maat_read_rule(g_tsg_maat_feather, p_result, MAAT_RULE_SERV_DEFINE, user_region, p_result->serv_def_len+1);
 		if(ret==p_result->serv_def_len)
 		{
 			user_region[p_result->serv_def_len]='\0';
@@ -1567,7 +1560,7 @@ int set_application_behavior(struct tsg_log_instance_t *_instance, struct TLD_ha
 	}
 	struct application_behavior *behavior_result=NULL;
-	behavior_result=(struct application_behavior *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]);
+	behavior_result=(struct application_behavior *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_BEHAVIOR_RESULT]);
 	if(behavior_result==NULL)
 	{
 		return 0;
@@ -1587,7 +1580,7 @@ int set_notify_execution_result(struct tsg_log_instance_t *_instance, struct TLD
 	int i=0;
 	struct tsg_notify_execution_result *execution_result=NULL;
-	execution_result=(struct tsg_notify_execution_result *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]);
+	execution_result=(struct tsg_notify_execution_result *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]);
 	if(execution_result==NULL)
 	{
 		return 0;
@@ -1681,13 +1674,12 @@ int set_session_attributes(struct tsg_log_instance_t *_instance, struct TLD_hand
 int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream)
 {
-	int i=0;
+	struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)tsg_get_xxx_from_bridge(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]);
 	struct user_defined_attribute_label *uda_label=(struct user_defined_attribute_label *)stream_bridge_async_data_get(a_stream, _instance->bridge_id[LOG_BRIDGE_APP_LUA_RESULT]);
 	if(uda_label!=NULL)
 	{
 		Value array(kArrayType);
-		for(i=0; i<uda_label->attribute_num; i++)
+		for(int i=0; i<uda_label->attribute_num; i++)
 		{
 			Value object(kObjectType);		
 			switch(uda_label->attribute[i].type)
@@ -1715,20 +1707,19 @@ int set_lua_scripts_result(struct tsg_log_instance_t *_instance, struct TLD_hand
 int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, struct streaminfo *a_stream)
 {
-	int ret=0;
+	if(instance==NULL || handle==NULL || a_stream==NULL)
 	char *addr_proto=NULL;
 	char stream_id_buff[128]={0};
 	unsigned long long stream_id=0;
 	struct TLD_handle_t *_handle=handle;
 	struct tsg_log_instance_t *_instance=instance;
 	if(_instance==NULL || _handle==NULL || a_stream==NULL)
 	{
-		MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TLD_APPEND_STREAM", "instance==NULL || TLD_handle==NULL || addr==NULL");
+		if(instance)
 		{
 			MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TLD_APPEND_STREAM", "TLD_handle==NULL || addr==NULL");
 		}
 		return -1;
 	}
-	ret=set_linkinfo(_instance, _handle, a_stream);
+	struct TLD_handle_t *_handle=handle;
 	struct tsg_log_instance_t *_instance=instance;
 	int ret=set_linkinfo(_instance, _handle, a_stream);
 	if(ret==0)
 	{
 		set_direction(_instance, _handle, a_stream);
@@ -1748,11 +1739,12 @@ int TLD_append_streaminfo(struct tsg_log_instance_t *instance, struct TLD_handle
 		set_common_tunnels(_instance, _handle, a_stream);
 	}
-	stream_id=tsg_get_stream_id(a_stream);
+	unsigned long long stream_id=tsg_get_stream_id(a_stream);
 	char stream_id_buff[128]={0};
 	snprintf(stream_id_buff, sizeof(stream_id_buff), "%llu", stream_id);
 	TLD_append(_handle, _instance->id2field[LOG_COMMON_STREAM_TRACE_ID].name, (void *)stream_id_buff, TLD_TYPE_STRING);
-	addr_proto=(char *)layer_addr_prefix_ntop(a_stream);
+	char *addr_proto=(char *)layer_addr_prefix_ntop(a_stream);
 	TLD_append(_handle, _instance->id2field[LOG_COMMON_L4_PROTOCOL].name, (void *)addr_proto, TLD_TYPE_STRING);
 	return 0;
@@ -1784,7 +1776,7 @@ int load_log_common_field(const char *filename, id2field_t *id2field, struct top
 			continue;
 		}
 		memset(type_name, 0, sizeof(type_name));
-		ret=sscanf(line, "%s %s %d", type_name, field_name, &id);
+		ret=sscanf(line, "%31s %63s %d", type_name, field_name, &id);
 		assert(ret==3);
 		for(i=0; i<TLD_TYPE_MAX; i++)
@@ -1863,19 +1855,19 @@ int load_log_common_field(const char *filename, id2field_t *id2field, struct top
 struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_handle_t fs2_handle)
 {
 	int i=0,ret=0;
 	char nic_name[32]={0};
 	char override_sled_ip[32]={0};
 	char kafka_errstr[1024]={0};
 	unsigned int local_ip_nr=0;
 	char bridge_name[LOG_BRIDGE_MAX][128]={0};
 	rd_kafka_conf_t *rdkafka_conf = NULL;	
 	char broker_list[1024]={0};
 	struct tsg_log_instance_t *_instance=NULL;
-	
+	char common_field_file[128]={0};	
 	char log_path[128]={0};
 	_instance=(struct tsg_log_instance_t *)calloc(1, sizeof(struct tsg_log_instance_t));	
 	_instance->fs2_handle=fs2_handle;
-	for(i=0; i<LOG_FS2_TYPE_MAX; i++)
+	for(int i=0; i<LOG_FS2_TYPE_MAX; i++)
 	{
 		_instance->fs2_field_id[i]=FS_register(_instance->fs2_handle, FS_STYLE_FIELD, FS_CALC_SPEED, g_log_fs2_field[i].name);
 	}
@@ -1891,7 +1883,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	_instance->sum_line_id=FS_register(_instance->fs2_handle, FS_STYLE_LINE, FS_CALC_SPEED, "SUM");
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "LOG_LEVEL",&(_instance->level), 30);	
-	MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", _instance->log_path, sizeof(_instance->log_path), "./tsglog/tsglog");
+	MESA_load_profile_string_def(conffile, "TSG_LOG", "LOG_PATH", log_path, sizeof(log_path), "./log/tsglog");
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_USER_REGION", &(_instance->send_user_region), 0);		
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_DATA_CENTER_SWITCH", &(_instance->send_data_center), 0);
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "SEND_APP_ID_SWITCH", &(_instance->send_app_id), 0);
@@ -1909,7 +1901,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	MESA_load_profile_string_def(conffile, "SYSTEM", "APP_BEHAVIOR_BRIDGE_NAME", bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT], sizeof(bridge_name[LOG_BRIDGE_APP_BEHAVIOR_RESULT]), "TSG_APPLICATION_BEHAVIOR");
 	MESA_load_profile_string_def(conffile, "SYSTEM", "NOTIFY_EXEC_RESULT_BRIDGE_NAME", bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT], sizeof(bridge_name[LOG_BRIDGE_CONN_SKETCH_EXEC_RESULT]), "TSG_NOTIFICATION_EXECUTION_RESULT");
-	for(i=0; i<LOG_BRIDGE_MAX; i++)
+	for(int i=0; i<LOG_BRIDGE_MAX; i++)
 	{
 		_instance->bridge_id[i]=stream_bridge_build(bridge_name[i], "w");
 		if(_instance->bridge_id[i]<0)
@@ -1918,10 +1910,10 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 		}
 	}	
-	_instance->logger=MESA_create_runtime_log_handle(_instance->log_path, _instance->level);
+	_instance->logger=MESA_create_runtime_log_handle(log_path, _instance->level);
 	if(_instance->logger==NULL)
 	{
-		printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", _instance->log_path, _instance->level);
+		printf("MESA_create_runtime_log_handle failed ..., path: %s level: %d", log_path, _instance->level);
 		return NULL;
 	}
@@ -1934,8 +1926,8 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	MESA_load_profile_int_def(conffile, "TSG_LOG", "RECOVERY_INTERVEL_S", &(_instance->recovery_interval), 30);	
-	MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", _instance->common_field_file, sizeof(_instance->common_field_file), NULL);
+	MESA_load_profile_string_def(conffile, "TSG_LOG", "COMMON_FIELD_FILE", common_field_file, sizeof(common_field_file), NULL);
-	MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", _instance->broker_list, sizeof(_instance->broker_list), NULL);
+	MESA_load_profile_string_def(conffile, "TSG_LOG", "BROKER_LIST", broker_list, sizeof(broker_list), NULL);
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "SASL_USERNAME", _instance->sasl_username, sizeof(_instance->sasl_username), ""); //admin
 	MESA_load_profile_string_def(conffile, "TSG_LOG", "SASL_PASSWD", _instance->sasl_passwd, sizeof(_instance->sasl_passwd), "");
@@ -1963,8 +1955,9 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	char *sled_ip=getenv(override_sled_ip);
 	if(sled_ip==NULL)
 	{
 		char nic_name[32]={0};
 		MESA_load_profile_string_def(conffile, "SYSTEM", "NIC_NAME", nic_name, sizeof(nic_name), "lo");	
-		ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
+		int ret=MESA_get_dev_ipv4(nic_name, (int *)&local_ip_nr);
 		if(ret<0)
 		{
 			MESA_handle_runtime_log(_instance->logger,
@@ -1987,7 +1980,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	rd_kafka_conf_set(rdkafka_conf, "topic.metadata.refresh.interval.ms", _instance->refresh_interval_ms, kafka_errstr, sizeof(kafka_errstr));
 	rd_kafka_conf_set(rdkafka_conf, "request.required.acks", _instance->require_ack, kafka_errstr, sizeof(kafka_errstr));	
 	rd_kafka_conf_set(rdkafka_conf, "socket.keepalive.enable", "true", kafka_errstr, sizeof(kafka_errstr));	
-	rd_kafka_conf_set(rdkafka_conf, "bootstrap.servers", _instance->broker_list, kafka_errstr, sizeof(kafka_errstr));
+	rd_kafka_conf_set(rdkafka_conf, "bootstrap.servers", broker_list, kafka_errstr, sizeof(kafka_errstr));
 	if(strlen(_instance->sasl_username)> 0 && strlen(_instance->sasl_passwd)>0)
 	{
@@ -2003,11 +1996,11 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 		return NULL;
 	}
-	load_log_common_field(_instance->common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
+	load_log_common_field(common_field_file, _instance->id2field, &(_instance->service2topic), &(_instance->max_service));
 	if(_instance->service2topic!=NULL)
 	{
-		for(i=0; i<_instance->max_service; i++)
+		for(int i=0; i<_instance->max_service; i++)
 		{
 			if(_instance->service2topic[i].type==TLD_TYPE_MAX && strlen(_instance->service2topic[i].name)>0)
 			{
@@ -2022,12 +2015,7 @@ struct tsg_log_instance_t *tsg_sendlog_init(const char *conffile, screen_stat_ha
 	}
 	else
 	{
-		MESA_handle_runtime_log(_instance->logger,
+		MESA_handle_runtime_log(_instance->logger, RLOG_LV_FATAL, "KAFKA_INIT", "load_log_common_field is error, please check %s", common_field_file);
 									RLOG_LV_FATAL,
 									"KAFKA_INIT",
 									"load_log_common_field is error, please check %s",
 									_instance->common_field_file
 								);		
 	}
 	return _instance;
@@ -2096,21 +2084,117 @@ void tsg_sendlog_destroy(struct tsg_log_instance_t * instance)
 	return ;
 }
 int send_log(struct tsg_log_instance_t *_instance, struct TLD_handle_t *_handle, struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, int thread_id)
 {
 	int fs_id=0,ret=0,repeat_cnt=0;
 	int policy_id[MAX_RESULT_NUM]={0};
 	for(int i=0;i<p_result_num; i++)
 	{
 		if(is_multi_hit_same_policy(&(p_result[i]), policy_id, &repeat_cnt))
 		{
 			MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
 										"TSG_SEND_LOG",
 										"tsg same log:cfg_id=%d service=%d addr=%s",
 										p_result[i].config_id,
 										p_result[i].service_id,
 										(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
 									);
 			continue;
 		}
 		switch(p_result[i].do_log)
 		{
 			case	LOG_ABORT:
 				MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
 											"TSG_SEND_LOG",
 											"tsg abort log:cfg_id=%d service=%d addr=%s",
 											p_result[i].config_id,
 											p_result[i].service_id,
 											(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
 										);
 				fs_id=action2fs_id((int)p_result[i].action);
 				FS_operate(_instance->fs2_handle, _instance->fs2_field_id[fs_id], 0, FS_OP_ADD, 1);
 				continue;
 				break;
 			case	LOG_ALL:
 				if(p_result[i].action==TSG_ACTION_MONITOR)
 				{
 					set_s3_filename(_instance, _handle, a_stream);
 					set_mail_eml(_instance, _handle, a_stream);
 				}
 				break;
 			case	LOG_NOFILE:
 				if(p_result[i].action==TSG_ACTION_MONITOR)
 				{					
 					TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
 					TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name);
 					TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name);
 				}
 				break;
 			default:
 				break;
 		}
 		ret=update_percent(_instance, p_result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id);
 		if(ret==1)
 		{
 			MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
 										"TSG_SEND_LOG",
 										"tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s",
 										p_result[i].config_id,
 										p_result[i].service_id,
 										_instance->service2topic[p_result[i].service_id].send_log_percent[thread_id],
 										(a_stream==NULL ? "" : PRINTADDR(a_stream,_instance->level))
 									);
 			continue;	
 		}
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(p_result[i].config_id), TLD_TYPE_LONG);
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(p_result[i].service_id), TLD_TYPE_LONG);
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)p_result[i].action), TLD_TYPE_LONG);
 		set_notify_execution_result(_instance, _handle, a_stream, &(p_result[i]));
 		if(_instance->send_nat_linkinfo &&p_result[i].config_id==0 && a_stream!=NULL)
 		{			
 			set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]);
 			set_nat_linkinfo(_instance, _handle, a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]);
 		}
 		set_xxxx_from_user_region(_handle, _instance, &(p_result[i]), thread_id);
 		StringBuffer sb(0, 2048);
 		Writer<StringBuffer> writer(sb);
 		_handle->document->Accept(writer);
 		tsg_send_payload(_instance, p_result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name);
 	}
 	return 0;
 }
 int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handle, tsg_log_t *log_msg, int thread_id)
 {	
-	int fs_id=0,ret=0;
+	if(instance==NULL || handle==NULL || log_msg==NULL)
 	int i=0,repeat_cnt=0;
 	int policy_id[MAX_RESULT_NUM]={0};
 	struct TLD_handle_t *_handle=handle;
 	struct tsg_log_instance_t *_instance=instance;
 	if(_instance==NULL || _handle==NULL || log_msg==NULL)
 	{
 		TLD_cancel(handle);
-		MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL ");
+		if(instance!=NULL)
 		{
 			MESA_handle_runtime_log(instance->logger, RLOG_LV_DEBUG, "TSG_SEND_LOG", " instance==NULL || TLD_handle==NULL || log_msg==NULL ");
 		}
 		return -1;
 	}
 	struct TLD_handle_t *_handle=handle;
 	struct tsg_log_instance_t *_instance=instance;
 	if(_instance->mode==CLOSE)
 	{
 		TLD_cancel(handle);
@@ -2140,97 +2224,20 @@ int tsg_send_log(struct tsg_log_instance_t *instance, struct TLD_handle_t *handl
 	set_application_behavior(_instance, _handle, log_msg->a_stream);
-	if(log_msg->result[i].service_id==2 && log_msg->a_stream!=NULL)		// stream of intercept is NULL
+	if(log_msg->result[0].service_id==2 && log_msg->a_stream!=NULL)		// stream of intercept is NULL
 	{
 		set_shaping_rule_ids(_instance, _handle, log_msg->a_stream);
 	}
-	for(i=0;i<log_msg->result_num; i++)
+	send_log(_instance, _handle, log_msg->a_stream, log_msg->result,  log_msg->result_num, thread_id);
 	//fetch firewall result
 	struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	if(priority_label!=NULL && priority_label->security_result_num>0)
 	{
-		if(is_multi_hit_same_policy(&(log_msg->result[i]), policy_id, &repeat_cnt))
+		send_log(_instance, _handle, log_msg->a_stream, priority_label->security_result,  priority_label->security_result_num, thread_id);
-		{
+		free_policy_label(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
-			MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
+		tsg_set_xxx_to_bridge(log_msg->a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
 										"TSG_SEND_LOG",
 										"tsg same log:cfg_id=%d service=%d addr=%s",
 										log_msg->result[i].config_id,
 										log_msg->result[i].service_id,
 										(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
 									);
 			continue;
 		}
 		switch(log_msg->result[i].do_log)
 		{
 			case	LOG_ABORT:
 				MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
 											"TSG_SEND_LOG",
 											"tsg abort log:cfg_id=%d service=%d addr=%s",
 											log_msg->result[i].config_id,
 											log_msg->result[i].service_id,
 											(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
 										);
 				fs_id=action2fs_id((int)log_msg->result[i].action);
 				FS_operate(_instance->fs2_handle, _instance->fs2_field_id[fs_id], 0, FS_OP_ADD, 1);
 				continue;
 				break;
 			case	LOG_ALL:
 				if(log_msg->result[i].action==TSG_ACTION_MONITOR)
 				{
 					set_s3_filename(_instance, _handle, log_msg->a_stream);
 					set_mail_eml(_instance, _handle, log_msg->a_stream);
 				}
 				break;
 			case	LOG_NOFILE:
 				if(log_msg->result[i].action==TSG_ACTION_MONITOR)
 				{					
 					TLD_delete(_handle, _instance->id2field[LOG_COMMON_MAIL_EML_FILE].name);
 					TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_REQUEST_S3_FILE].name);				
 					TLD_delete(_handle, _instance->id2field[LOG_COMMON_HTTP_RESPONSE_S3_FILE].name);
 				}
 				break;
 			default:
 				break;
 		}
 		ret=update_percent(_instance, log_msg->result[i].service_id, LOG_COLUMN_STATUS_DROP, thread_id);
 		if(ret==1)
 		{
 			MESA_handle_runtime_log(_instance->logger, RLOG_LV_DEBUG,
 										"TSG_SEND_LOG",
 										"tsg drop log:cfg_id=%d service=%d send_log_percent: %d addr=%s",
 										log_msg->result[i].config_id,
 										log_msg->result[i].service_id,
 										_instance->service2topic[log_msg->result[i].service_id].send_log_percent[thread_id],
 										(log_msg->a_stream==NULL ? "" : PRINTADDR(log_msg->a_stream,_instance->level))
 									);
 			continue;	
 		}
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name, (void *)(long)(log_msg->result[i].config_id), TLD_TYPE_LONG);
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_SERVICE].name, (void *)(long)(log_msg->result[i].service_id), TLD_TYPE_LONG);
 		TLD_append(_handle, _instance->id2field[LOG_COMMON_ACTION].name, (void *)(long)((unsigned char)log_msg->result[i].action), TLD_TYPE_LONG);
 		set_notify_execution_result(_instance, _handle, log_msg->a_stream, &(log_msg->result[i]));
 		if(_instance->send_nat_linkinfo && log_msg->result[i].config_id==0 && log_msg->a_stream!=NULL)
 		{			
 			set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_C2S].name, _instance->bridge_id[LOG_BRIDGE_NAT_C2S_LINKINFO]);
 			set_nat_linkinfo(_instance, _handle, log_msg->a_stream, _instance->id2field[LOG_COMMON_LINK_INFO_S2C].name, _instance->bridge_id[LOG_BRIDGE_NAT_S2C_LINKINFO]);
 		}
 		set_xxxx_from_user_region(_handle, _instance, &(log_msg->result[i]), thread_id);
 		StringBuffer sb(0, 2048);
 		Writer<StringBuffer> writer(sb);
 		_handle->document->Accept(writer);
 		tsg_send_payload(_instance, log_msg->result[i].service_id, (char *)sb.GetString(), sb.GetSize(), thread_id);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_POLICY_ID].name);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_SERVICE].name);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_ACTION].name);
 		TLD_delete(_handle, _instance->id2field[LOG_COMMON_USER_REGION].name);
 	}
 	TLD_cancel(handle);
@@ -2248,8 +2255,8 @@ int tsg_register_topic(struct tsg_log_instance_t *instance, char *topic_name)
 	_instance->service2topic=(struct topic_stat *)realloc(_instance->service2topic, (_instance->max_service+1)*sizeof(struct topic_stat));
 	_instance->service2topic[_instance->max_service].type=TLD_TYPE_MAX;
-	memset(_instance->service2topic[_instance->max_service].name, 0, MAX_STRING_LEN);
+	memset(_instance->service2topic[_instance->max_service].name, 0, MAX_STRING_LEN32);
-	memcpy(_instance->service2topic[_instance->max_service].name, topic_name, MIN(MAX_STRING_LEN-1, strlen(topic_name)));
+	memcpy(_instance->service2topic[_instance->max_service].name, topic_name, MIN(MAX_STRING_LEN32-1, strlen(topic_name)));
 	register_topic(_instance, &(_instance->service2topic[_instance->max_service]));
 	_instance->max_service++;
@@ -2308,9 +2315,6 @@ int tsg_send_payload(struct tsg_log_instance_t *instance, int topic_id, char *pa
 							);
 	}
 	update_percent(_instance, topic_id, LOG_COLUMN_STATUS_MAX, thread_id); 
 	return 0;
--- a/src/tsg_send_log_internal.h
+++ b/src/tsg_send_log_internal.h
@@ -11,7 +11,10 @@
 #define	MAX_L7_PROTO_ID	150
 #define	MAX_IPV4_LEN	16
-#define	MAX_STRING_LEN	32
+
 #ifndef	MAX_STRING_LEN32
 #define	MAX_STRING_LEN32	32
 #endif
 enum _SEND_MODE
 {
@@ -181,7 +184,7 @@ typedef	struct _id2field
 {
 	int type;
 	int id;
-	char name[MAX_STRING_LEN];
+	char name[MAX_STRING_LEN32];
 }id2field_t;
 struct topic_stat
@@ -190,7 +193,7 @@ struct topic_stat
 	int type;
 	int fs2_line_id;
 	int *send_log_percent;
-	char name[MAX_STRING_LEN];	
+	char name[MAX_STRING_LEN32];	
 	long long *drop_start;
 	rd_kafka_topic_t *topic_rkt;
 };
@@ -215,18 +218,14 @@ struct tsg_log_instance_t
 	int bridge_id[LOG_BRIDGE_MAX];
 	int fs2_column_id[LOG_COLUMN_STATUS_MAX];
 	int fs2_field_id[LOG_FS2_TYPE_MAX];
-	char log_path[MAX_STRING_LEN*2];
+	char tcp_label[MAX_STRING_LEN32];
-	char tcp_label[MAX_STRING_LEN];
+	char udp_label[MAX_STRING_LEN32];
-	char udp_label[MAX_STRING_LEN];
+	char sasl_username[MAX_STRING_LEN32];
-	char common_field_file[MAX_STRING_LEN*4];
+	char sasl_passwd[MAX_STRING_LEN32];
-	char broker_list[MAX_STRING_LEN*8];
+	char send_queue_max_msg[MAX_STRING_LEN32];
-	char sasl_username[MAX_STRING_LEN];
+	char require_ack[MAX_STRING_LEN32];
-	char sasl_passwd[MAX_STRING_LEN];
+	char refresh_interval_ms[MAX_STRING_LEN32];
 	char send_queue_max_msg[MAX_STRING_LEN];
 	char require_ack[MAX_STRING_LEN];
 	char refresh_interval_ms[MAX_STRING_LEN];
 	char local_ip_str[MAX_IPV4_LEN];
 	char l7_proto_id_file[MAX_STRING_LEN*4];
 	id2field_t id2field[LOG_COMMON_MAX];
 	rd_kafka_t *kafka_handle;
 	struct topic_stat *service2topic;
--- a/src/tsg_ssl_utils.cpp
+++ b/src/tsg_ssl_utils.cpp
@@ -175,11 +175,10 @@ static char* parse_alpn_extension(const unsigned char* buff, size_t buff_len, en
 static char*  parse_server_name_extension(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result)
 {
 	size_t pos = 2; /* skip server name list length */
    size_t len;
 	char* sni = NULL;
 	while (pos + 3 < buff_len)
 	{
-        len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2];
+		size_t len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2];
 		if (pos + 3 + len > buff_len)
 		{
 			*result = CHELLO_PARSE_INVALID_FORMAT;
@@ -366,7 +365,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
        	*result = CHELLO_PARSE_NOT_ENOUGH_BUFF;
 			return NULL;
 		}
-		if(buff[1] != 3 || buff[2] > 4 || buff[2] < 0)
+		if(buff[1] != 3 || buff[2] > 4)
 		{
 			*result = CHELLO_PARSE_INVALID_FORMAT;
        	return NULL;
--- a/src/tsg_statistic.cpp
+++ b/src/tsg_statistic.cpp
@@ -203,9 +203,6 @@ static int _set_traffic_info(struct _traffic_info *from, struct _traffic_info *t
 }
 static void *tsg_statistic_thread(void *arg)
 {
 	long long value=0;
 	long long total_value=0;
 	int value_len=sizeof(long long);
 	int thread_num=get_thread_count();
 	struct _traffic_info policy_traffic_info;
 	struct _traffic_info total_traffic_info;
@@ -215,6 +212,10 @@ static void *tsg_statistic_thread(void *arg)
 	while(g_tsg_statis_para.thread_alive)
 	{
 		long long value=0;
 		long long total_value=0;
 		int value_len=sizeof(long long);
 		memset(&policy_traffic_info, 0, sizeof(policy_traffic_info));
 		memset(&total_traffic_info, 0, sizeof(total_traffic_info));
 		memset(&default_traffic_info, 0, sizeof(default_traffic_info));
@@ -344,9 +345,9 @@ int tsg_statistic_init(const char *conffile, void *logger)
 	int output_prometheus=0;
 	int i=0,value=0,thread_num=0;
 	unsigned short fs_server_port=0;
-	char app_name[MAX_STRING_LEN]={0};
+	char app_name[128]={0};
 	char fs_server_ip[MAX_IPV4_LEN]={0};
-	char fs_output_path[MAX_STRING_LEN*4]={0};
+	char fs_output_path[128]={0};
 	memset(&g_tsg_statis_para, 0, sizeof(g_tsg_statis_para));
@@ -381,7 +382,6 @@ int tsg_statistic_init(const char *conffile, void *logger)
    FS_set_para(g_tsg_statis_para.fs2_handle, APP_NAME, app_name, strlen(app_name)+1);
 	FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_DEVICE, fs_output_path, strlen(fs_output_path)+1);
 	value=1;
 	FS_set_para(g_tsg_statis_para.fs2_handle, OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
    if(fs_server_port > 0 && strlen(fs_server_ip) > 0)
@@ -390,8 +390,8 @@ int tsg_statistic_init(const char *conffile, void *logger)
        FS_set_para(g_tsg_statis_para.fs2_handle, STATS_SERVER_PORT,&(fs_server_port), sizeof(fs_server_port));
    }
-	value=FS_OUTPUT_INFLUX_LINE;
+	int output_influx_line=FS_OUTPUT_INFLUX_LINE;
-	FS_set_para(g_tsg_statis_para.fs2_handle, STATS_FORMAT, &value, sizeof(value));
+	FS_set_para(g_tsg_statis_para.fs2_handle, STATS_FORMAT, &output_influx_line, sizeof(output_influx_line));
 	g_tsg_statis_para.fs_field_id[STATIS_NEW_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_SPEED, (char *)"new_conn_num");
 	g_tsg_statis_para.fs_field_id[STATIS_ESTABLISHED_CON_NUM]=FS_register(g_tsg_statis_para.fs2_handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, (char *)"established_conn_num");
--- a/src/tsg_tamper.cpp
+++ b/src/tsg_tamper.cpp
@@ -34,8 +34,6 @@
 int  swap_payload2byte(char *str, int endlen)
 {
    int i = 0;
    int j = 0;
    char temp;
    if(endlen<4){    //最少满足2个16bit的长度，即最小4字节。
@@ -43,8 +41,8 @@ int  swap_payload2byte(char *str, int endlen)
    }
    //这样交换是别面校验和不对的问题
-    for(i=1; i<endlen; i=i+2){
+    for(int i=1; i<endlen; i=i+2){
-        for (j=i+2; j<endlen; j=j+2){
+        for (int j=i+2; j<endlen; j=j+2){
            if(str[i] != str[j]){
                temp = str[i];
                str[i] = str[j];
--- a/src/tsg_variable.cpp
+++ b/src/tsg_variable.cpp
@@ -1,89 +0,0 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <assert.h>
 #include <sys/time.h>
 #include <unistd.h>
 #include "tsg_variable.h"
 g_tsg_para_t g_tsg_para;
 id2field_t g_tsg_fs2_field[TSG_FS2_MAX]={{0, TSG_FS2_TCP_LINKS, "tcp_links"},
 										 {0, TSG_FS2_UDP_LINKS, "udp_links"}, 
 										 {0, TSG_FS2_BYPASS, "bypass"},
 										 {0, TSG_FS2_HIT_ADDR, "hit_addr"},
 										 {0, TSG_FS2_HIT_SHARE, "hit_share"},
 										 {0, TSG_FS2_INTERCEPT, "intercept"},
 										 {0, TSG_FS2_SHAPING, "shaping"},
 										 {0, TSG_FS2_EXCLUSION, "exclusion"},
 										 {0, TSG_FS2_APP_DPKT_RESULT, "D_result"},
 										 {0, TSG_FS2_APP_Q_RESULT, "Q_result"},
 										 {0, TSG_FS2_APP_USER_RESULT, "U_result"},
 										 {0, TSG_FS2_APP_BUILT_IN_RESULT, "B_result"},
 										 {0, TSG_FS2_INJECT_PKT_SUCCESS, "inject_succuess"},
 										 {0, TSG_FS2_INJECT_PKT_FAILED, "inject_failed"},
 										 {0, TSG_FS2_MIRRORED_PKT_SUCCESS, "mirror_pkt_suc"},
 										 {0, TSG_FS2_MIRRORED_BYTE_SUCCESS, "mirror_byte_suc"},
 										 {0, TSG_FS2_MIRRORED_PKT_FAILED, "mirror_pkt_fai"},
 										 {0, TSG_FS2_MIRRORED_BYTE_FAILED, "mirror_byte_fai"},
 										 {0, TSG_FS2_SET_TIMOUT_SUCCESS, "set_timeout_suc"},
 										 {0, TSG_FS2_SET_TIMOUT_FAILED, "set_timeout_fai"},
                                         {0, TSG_FS2_SUCESS_TAMPER, "tamper_sucess"},
                                         {0, TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4, "tamper_nopload"},
                                         {0, TSG_FS2_TAMPER_FAILED_NOSWAP, "tamper_noswap"},
 										 {0, TSG_FS2_ASN_ADD, "asn_add"},
 										 {0, TSG_FS2_ASN_DEL, "asn_del"},
 										 {0, TSG_FS2_GTPC_ADD, "gtpc_add"},
 										 {0, TSG_FS2_GTPC_DEL, "gtpc_del"},
 										 {0, TSG_FS2_LOCATION_ADD, "location_add"},
 										 {0, TSG_FS2_LOCATION_DEL, "location_del"},
 										 {0, TSG_FS2_FQDN_ADD, "fqdn_add"},
 										 {0, TSG_FS2_FQDN_DEL, "fqdn_del"},
 										 {0, TSG_FS2_SUBSCRIBER_ADD, "subscriber_add"},
 										 {0, TSG_FS2_SUBSCRIBER_DEL, "subscriber_del"},
 										 {0, TSG_FS2_SECURIRY_ADD, "security_add"},
 										 {0, TSG_FS2_SECURIRY_DEL, "security_del"},
 										 {0, TSG_FS2_MIRRORED_ADD, "mirrored_add"},
 										 {0, TSG_FS2_MIRRORED_DEL, "mirrored_del"},
 										 {0, TSG_FS2_HTTP_RES_ADD, "http_res_add"},
 										 {0, TSG_FS2_HTTP_RES_DEL, "http_res_del"},
 										 {0, TSG_FS2_DNS_RES_ADD, "dns_profile_add"},
 										 {0, TSG_FS2_DNS_RES_DEL, "dns_profile_del"},
 										 {0, TSG_FS2_APP_ID_ADD, "app_id_add"},
 										 {0, TSG_FS2_APP_ID_DEL, "app_id_del"},
 										 {0, TSG_FS2_TUNNEL_CATALOG_ADD, "t_catalog_add"},
 										 {0, TSG_FS2_TUNNEL_CATALOG_DEL, "t_catalog_del"},
 										 {0, TSG_FS2_TUNNEL_ENDPOINT_ADD, "t_endpoint_add"},
 										 {0, TSG_FS2_TUNNEL_ENDPOINT_DEL, "t_endpoint_del"},
 										 {0, TSG_FS2_TUNNEL_LABEL_ADD, "t_label_add"},
 										 {0, TSG_FS2_TUNNEL_LABEL_DEL, "t_label_del"}
 										};
 id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, 
 										 {PROTO_IPv4, 	0,	"IPV4"},
 										 {PROTO_IPv6, 	0,	"IPV6"},
 										 {PROTO_TCP, 	0, 	"TCP"},
 										 {PROTO_UDP, 	0, 	"UDP"},
 										 {PROTO_HTTP, 	0, 	"HTTP"},
 										 {PROTO_MAIL, 	0, 	"MAIL"},
 										 {PROTO_DNS, 	0, 	"DNS"},
 										 {PROTO_FTP, 	0, 	"FTP"},
 										 {PROTO_SSL, 	0, 	"SSL"},
 										 {PROTO_SIP, 	0, 	"SIP"},
 										 {PROTO_BGP, 	0, 	"BGP"},
 										 {PROTO_STREAMING_MEDIA, 0, "STREAMING_MEDIA"},
 										 {PROTO_QUIC, 	0,	 "QUIC"},
 										 {PROTO_SSH, 	0, 	"SSH"},
 										 {PROTO_SMTP, 	0, 	"SMTP"},
 										 {PROTO_IMAP, 	0, 	"IMAP"},
 										 {PROTO_POP3, 	0, 	"POP3"},
 										 {PROTO_RTP, 	0, 	"RTP"},
 										 {PROTO_APP, 	0,	"BASE"},
 										 {PROTO_L2TP, 	0,	"L2TP"},
 										 {PROTO_PPTP, 	0,	"PPTP"},
 										 {PROTO_STRATUM, 	0,	"Stratum"},
 										 {PROTO_RDP, 	0,	"RDP"},
 										 {PROTO_DTLS, 	0,	"DTLS"}
 										};
--- a/src/tsg_variable.h
+++ b/src/tsg_variable.h
@@ -1,5 +1,142 @@
 #pragma once
 #include <MESA/stream.h>
 #include <MESA/field_stat2.h>
 #include <ctemplate/template.h>
 enum TSG_FS2_TYPE
 {
 	TSG_FS2_TCP_LINKS=0,
 	TSG_FS2_UDP_LINKS,
 	TSG_FS2_BYPASS,
 	TSG_FS2_HIT_ADDR,
 	TSG_FS2_HIT_SHARE,
 	TSG_FS2_INTERCEPT,
 	TSG_FS2_SHAPING,
 	TSG_FS2_EXCLUSION,
 	TSG_FS2_APP_DPKT_RESULT,
 	TSG_FS2_APP_Q_RESULT,
 	TSG_FS2_APP_USER_RESULT,
 	TSG_FS2_APP_BUILT_IN_RESULT,
 	TSG_FS2_INJECT_PKT_SUCCESS,
 	TSG_FS2_INJECT_PKT_FAILED,
 	TSG_FS2_MIRRORED_PKT_SUCCESS,	
 	TSG_FS2_MIRRORED_BYTE_SUCCESS,
 	TSG_FS2_MIRRORED_PKT_FAILED,
 	TSG_FS2_MIRRORED_BYTE_FAILED,
 	TSG_FS2_SET_TIMOUT_SUCCESS,
 	TSG_FS2_SET_TIMOUT_FAILED,
    TSG_FS2_SUCESS_TAMPER,
    TSG_FS2_TAMPER_FAILED_PLOAD_LESS_4,
    TSG_FS2_TAMPER_FAILED_NOSWAP,
 	TSG_FS2_ASN_ADD,
 	TSG_FS2_ASN_DEL,
 	TSG_FS2_GTPC_ADD,
 	TSG_FS2_GTPC_DEL,
 	TSG_FS2_LOCATION_ADD,
 	TSG_FS2_LOCATION_DEL,
 	TSG_FS2_FQDN_ADD,
 	TSG_FS2_FQDN_DEL,
 	TSG_FS2_SUBSCRIBER_ADD,
 	TSG_FS2_SUBSCRIBER_DEL,
 	TSG_FS2_SECURIRY_ADD,
 	TSG_FS2_SECURIRY_DEL,
 	TSG_FS2_MIRRORED_ADD,
 	TSG_FS2_MIRRORED_DEL,
 	TSG_FS2_HTTP_RES_ADD,
 	TSG_FS2_HTTP_RES_DEL,
 	TSG_FS2_DNS_RES_ADD,
 	TSG_FS2_DNS_RES_DEL,
 	TSG_FS2_APP_ID_ADD,
 	TSG_FS2_APP_ID_DEL,
 	TSG_FS2_TUNNEL_CATALOG_ADD,
 	TSG_FS2_TUNNEL_CATALOG_DEL,
 	TSG_FS2_TUNNEL_ENDPOINT_ADD,
 	TSG_FS2_TUNNEL_ENDPOINT_DEL,
 	TSG_FS2_TUNNEL_LABEL_ADD,
 	TSG_FS2_TUNNEL_LABEL_DEL,
 	TSG_FS2_MAX
 };
 enum DEPLOY_MODE
 {
 	DEPLOY_MODE_MIRROR,
 	DEPLOY_MODE_INLINE,
 	DEPLOY_MODE_TRANSPARENT,
 	DEPLOY_MODE_MAX
 };
 enum MASTER_STATIC_TABLE
 {
 	TABLE_SECURITY_COMPILE=0,
 	TABLE_IP_ADDR,
 	TABLE_SUBSCRIBER_ID,
 	TABLE_APP_ID,
 	TABLE_HTTP_HOST,
 	TABLE_SSL_SNI,
 	TABLE_EXCLUSION_SSL_SNI,
 	TABLE_SRC_ASN,
 	TABLE_DST_ASN,
 	TABLE_SRC_LOCATION,
 	TABLE_DST_LOCATION,
 	TABLE_ASN_USER_DEFINED,
 	TABLE_ASN_BUILT_IN,
 	TABLE_LOCATION_USER_DEFINED,
 	TABLE_LOCATION_BUILT_IN,
 	TABLE_QUIC_SNI,
 	TABLE_FQDN_CAT_ID,
 	TABLE_FQDN_CAT_USER_DEFINED,
 	TABLE_FQDN_CAT_BUILT_IN,
 	TABLE_APP_ID_DICT,
 	TABLE_SELECTOR_ID,
 	TABLE_SELECTOR_PROPERTIES,
 	TABLE_GTP_APN,
 	TABLE_GTP_IMSI,
 	TABLE_GTP_PHONE_NUMBER,
 	TABLE_RESPONSE_PAGES,
 	TABLE_DNS_PROFILE_RECORD,
 	TABLE_PROFILE_MIRROR,
 	TABLE_HTTP_URL,
 	TABLE_DTLS_SNI,
 	TABLE_TUNNEL_ID,
 	TABLE_TUNNEL_CATALOG,
 	TABLE_TUNNEL_ENDPOINT,
 	TABLE_TUNNEL_LABEL,
 	TABLE_SESSION_FLAGS,
 	TABLE_MAX
 };
 enum MASTER_DYNAMIC_TABLE
 {
 	DYN_TABLE_SUBSCRIBER_IP=0,
 	DYN_TABLE_GTP_SIGNALING,
 	DYN_TABLE_MAX
 };
 #ifndef MIN
 #define MIN(a, b)  	(((a) < (b)) ? (a) : (b))
 #endif
 #ifndef	PRINTADDR
 #define	PRINTADDR(a, b)	((b)<RLOG_LV_FATAL ? printaddr(&(a->addr), a->threadnum) : "")
 #endif
 #ifndef	MAX_TSG_ALL_RESULT_NUM
 #define	MAX_TSG_ALL_RESULT_NUM	MAX_RESULT_NUM*2
 #endif
 #ifndef	MAX_STRING_LEN32
 #define	MAX_STRING_LEN32	32
 #endif
 struct id2field
 {
 	int type;
 	int id;
 	char name[MAX_STRING_LEN32];
 };
 struct reset_argv
 {
 	int pkt_num;
@@ -10,7 +147,14 @@ struct reset_argv
 	int remedy;
 };
-#define	_MAX_TABLE_NAME_LEN	64
+#ifndef	MAX_TABLE_NAME_LEN
 #define	MAX_TABLE_NAME_LEN	64
 #endif
 #ifndef	MAX_STRING_LEN128
 #define	MAX_STRING_LEN128	128
 #endif
 typedef	struct tsg_para
 {
 	int level;
@@ -34,23 +178,17 @@ typedef	struct tsg_para
 	int default_compile_id;
 	int table_id[TABLE_MAX];
 	int dyn_table_id[DYN_TABLE_MAX];
 	int priority_project_id;
 	int shaping_project_id;
 	int session_attribute_project_id;
 	int context_project_id;
 	int tcpall_project_id;
 	int gather_app_project_id;	
 	int bridge_id[BRIDGE_TYPE_MAX];
 	int proto_flag; //tsg_protocol_t
 	int fs2_field_id[TSG_FS2_MAX];
-	char device_sn[MAX_DOMAIN_LEN/8];
+	char device_sn[MAX_STRING_LEN128];
-	char log_path[MAX_DOMAIN_LEN/8];
+	char log_path[MAX_STRING_LEN128];
-	char device_id_command[MAX_DOMAIN_LEN/8];
+	char device_id_command[MAX_STRING_LEN128];
-	char data_center[_MAX_TABLE_NAME_LEN];
+	char data_center[MAX_STRING_LEN128];
-	char device_tag[MAX_DOMAIN_LEN/2];
+	char device_tag[MAX_STRING_LEN128];
-	char table_name[TABLE_MAX][_MAX_TABLE_NAME_LEN];	
+	char table_name[TABLE_MAX][MAX_TABLE_NAME_LEN];	
-	char dyn_table_name[DYN_TABLE_MAX][_MAX_TABLE_NAME_LEN];
+	char dyn_table_name[DYN_TABLE_MAX][MAX_TABLE_NAME_LEN];
-	char bridge_name[BRIDGE_TYPE_MAX][_MAX_TABLE_NAME_LEN];
+	struct bridge_info bridge[BRIDGE_TYPE_MAX];
 	void *logger;
 	void *maat_logger;
 	struct reset_argv reset;
@@ -66,4 +204,5 @@ typedef	struct tsg_para
 extern g_tsg_para_t g_tsg_para;
 extern Maat_feather_t g_tsg_dynamic_maat_feather;
-extern id2field_t g_tsg_proto_name2id[PROTO_MAX];
+extern struct id2field g_tsg_proto_name2id[PROTO_MAX];
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -1,25 +0,0 @@
 cmake_minimum_required(VERSION 2.8)
 include_directories(${CMAKE_SOURCE_DIR}/inc)
 include_directories(/opt/MESA/include/MESA/)
 include_directories(/opt/MESA/include)
 include_directories(/usr/include/)
 set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
 add_library(tsg_master_gtest SHARED src/tsg_master_gtest_protocol.cpp src/tsg_master_gtest_entry.cpp)
 set_target_properties(tsg_master_gtest  PROPERTIES PREFIX "")
 add_definitions(-std=c++11)
 LINK_DIRECTORIES(/opt/MESA/lib)
 add_executable(master_gtest "src/tsg_master_gtest_main.cpp")
 target_compile_options(master_gtest PUBLIC ${MEM_POOL_DEFINITIONS})
 target_link_libraries(master_gtest pthread dl m pcap systemd cjson MESA_prof_load MESA_htable MESA_handle_logger MESA_jump_layer breakpad_mini MESA_field_stat2)
 target_link_libraries(master_gtest /home/mesasoft/sapp_run/lib/libsapp_devel.so)
 target_link_libraries(master_gtest gtest-static ctemplate-static)
 install(TARGETS master_gtest DESTINATION ${CMAKE_INSTALL_PREFIX}/ COMPONENT EXECUTABLE)
--- a/test/bin/conflist.inf
+++ b/test/bin/conflist.inf
@@ -1,4 +0,0 @@
 [platform]
 ./plug/platform/tsg_master/tsg_master.inf
 [protocol]
 [business]
--- a/test/bin/etc/asymmetric_addr_layer.conf
+++ b/test/bin/etc/asymmetric_addr_layer.conf
@@ -1,6 +0,0 @@
 vlan[*]
 mpls[*]
 gre[*]
 gtp[*]
--- a/test/bin/etc/asymmetric_presence_layer.conf
+++ b/test/bin/etc/asymmetric_presence_layer.conf
@@ -1,2 +0,0 @@
 #
--- a/test/bin/etc/entrylist.conf
+++ b/test/bin/etc/entrylist.conf
@@ -1,27 +0,0 @@
 IP
 IPV6
 IPV6_RAW
 TCP_ALL
 TCP
 UDP
 HTTP
 SSL
 MAIL
 FTP
 PHONY
 POLLING
 IPSEC
 L2TP
 PPTP
 RTP
 DNS
 GTP
 STRATUM
 RADIUS
 QUIC
 RDP
 SSH
 SOCKS
 BGP
 DTLS
 SIP
--- a/test/bin/etc/gdev.conf
+++ b/test/bin/etc/gdev.conf
@@ -1,5 +0,0 @@
 [Module]
 pcapdevice=ens1f0
 sendto_gdev_card=ens1f0
 sendto_gdev_ip=10.252.20.1
 gdev_status_switch=1
--- a/test/bin/etc/gdev_block.conf
+++ b/test/bin/etc/gdev_block.conf
@@ -1,14 +0,0 @@
 [main]
 nfs_proto_stat_path=./log
 nfs_ddos_flow_detail_path=./log
 [gdev]
 service_type=1
 rule_scope=1
 durable=0
 auth_data=B9840E2442951834
 #phony server
 c3_list=10.0.6.201:22;
 c3_server_ip=10.0.6.201
 c3_server_port=22
--- a/test/bin/etc/necessary_plug_list.conf
+++ b/test/bin/etc/necessary_plug_list.conf
@@ -1,4 +0,0 @@
 #以下插件如果加载,初始化失败, sapp平台会退出;
 #插件的路径来自配置文件 ./plug/conflist.inf, 不需要加段落标识[platform],[protocol],[business]等.
 #If the following plugins fail to initialize, the sapp platform will exit.
 #The name of the plugin comes from the configuration ./plug/conflist.inf, section identification is not required.
--- a/test/bin/etc/plugin.conf
+++ b/test/bin/etc/plugin.conf
@@ -1,5 +0,0 @@
 [PLUGIN]
 platform_config = ./plug/platform/conflist_platform.inf
 protocol_config = ./plug/protocol/conflist_protocol.inf
 business_config = ./plug/business/conflist_business.inf
 entrylist_config = ./etc/entrylist.conf
--- a/test/bin/etc/project_list.conf
+++ b/test/bin/etc/project_list.conf
@@ -1,18 +0,0 @@
 tcp_flow_stat           struct
 udp_flow_stat           struct
 tcp_deduce_flow_stat    struct
 POLICY_PRIORITY	struct
 ESTABLISH_LATENCY	long
 MAIL_IDENTIFY	int
 TSG_MASTER_INTERNAL_LABEL	struct
 BASIC_PROTO_LABEL	struct
 SKETCH_TRANS_LAYER_CTX_LABEL    struct
 SKETCH_PROTO_CTX_LABEL   struct
 common_link_info_c2s	struct
 common_link_info_s2c	struct
 common_link_info struct
 JA3_FINGERPRINT_LABEL	struct
 DKPT_PRO_V2	struct
 DPKT_PROJECT_V2	struct
 PPROJECT_PRO_V2	struct
 DPKT_BHSTAT_PROJECT	struct
--- a/test/bin/etc/sapp.toml
+++ b/test/bin/etc/sapp.toml
@@ -1,266 +0,0 @@
 ###################################################################################################
 # NOTE:                                                                                           #
 #    The format of this file is toml (https://github.com/cktan/tomlc99)                           #
 #    to make vim editor display colorful and human readable,                                      #
 #    you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini       #
 ###################################################################################################
 [SYSTEM]
    instance_name = "sapp_v4.2"
 [CPU]
 worker_threads=1
    send_only_threads_max=0
 ### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
 ### there are two different grammars:
 ### toml array format: bind_mask=[1,2,3,4,5,11,12,13,14,15]
 ### MESA_load_profile range format: bind_mask="1-5,11-15"
    bind_mask=[]
 [MEM]
    dictator_enable=1
 [PACKET_IO]
    [overlay_tunnel_definition]
 ### note, since 2020-10-01, L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) is process and offload by mrtunnat, 	
 ### after 2020-10-01, sapp support L2-L3 tunnel(VLAN,MPLS,PPPOE,etc.) without mrtunnat.
 l2_l3_tunnel_support=0
 ### note, optional value is [none, vxlan]
 overlay_mode=none
    [packet_io.feature]
    destroy_all_plug_enabled=0
 ### note, used to represent inbound or outbound direction value,
 ### because it comes from Third party device, so it needs to be specified manually,
 ### if inbound_route_dir=1, then outbound_route_dir=0, vice versa,
 ### in other words, outbound_route_dir = 1 ^ inbound_route_dir;
    inbound_route_dir=1
 ### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
    BSD_packet_filter=""
 ### note, same as tcpdump -Q/-P arg, possible values are `in', `out' and `inout', default is "in"
    pcap_capture_direction="in"
 ### note, support two mode: "inner_tuple2", "outer_tuple2"
    pcap_distmode="inner_tuple2"
 ### note, depolyment.mode options: [sys_route, vxlan_by_inline_device, raw_ethernet_single_gateway, raw_ethernet_multi_gateway]
 ### sys_route: send ip(ipv6) packet by system route table, this is default mode in mirror mode;
 ### vxlan_by_inline_device: encapsulation inject packet with vxlan, and then send to inline device by udp socket.
 ### raw_ethernet_single_gateway: send layer2 ethernet packet to specific gateway in same broadcast domain. 
 ### raw_ethernet_multi_gateway: send layer2 ethernet packet to multiple gateway in same broadcast domain. 
    inject_pkt_mode=sys_route
 ### note, this config is valid if inject_pkt_mode==vxlan_by_inline_device, means udp socket src port.
    inject_mode_inline_device_sport=54789
 ### note, this config is valid if inject_pkt_mode==raw_ethernet_single_gateway.
    inject_mode_single_gateway_device="eth1"
 ### inject_mode_single_gateway_src_mac has lower priority than get smac from inject_mode_single_gateway_device
    inject_mode_single_gateway_src_mac="00:11:22:77:88:99"
    inject_mode_single_gateway_dst_mac="00:11:22:33:44:55"
 dumpfile_sleep_time_before_exit=0
 ### note, for example, dst mac is 01:12:34:56:78:90, src src is 02:AA:BB:CC:DD:EE:FF, 
 ### ether[0] is 0x01, dst mac first octet, ether[1] is 0x12, dst mac second octet,
 ### ether[6] is 0x02, src mac first octet, ether[11] is 0xFF, src mac sixth octet.
 ### the bit field is from 0 to 7, the 0 is least significant bit, the 7 is most significant bit.
    ##extract_linkdir_from_mac_in_mirror_mode="ether[4]:0"  ## for Xj example
    extract_linkdir_from_mac_in_mirror_mode=""
 ### note, depolyment.mode options: [mirror, inline, transparent]
    [packet_io.depolyment]
    mode=mirror
 ### note, interface.type options: [pag, pcap, marsio, tun]
 ### receive from internal interface, route dir is 0,
 ### receive from external interface, route dir is 1.
    [packet_io.internal.interface]
    type=pcap
    name="lo"
    [packet_io.external.interface]
    type=pcap
    name=lo
    [packet_io.polling]
    enabled=1    
 ### note, polling_priority = call sapp_recv_pkt every call polling_entry times,     
    polling_priority=1
    [packet_io.under_ddos]
 ### note, to reduce impact of ddos attack,set some stream bypass, all plugins will not process these streams   
    stream_bypass_enabled=0
 ### note, cpu usage value is percent, for example, config value is 85, means 85%, valid range: [1,100]    
 ### sapp change to bypass state immediately when realtime cpu usage > bypass_trigger_cpu_usage
    bypass_trigger_cpu_usage=85    
 ### note, unit of get_cpu_usage_interval is milliseconds(ms)     
    get_cpu_usage_interval=500
 ### note, use the average of the last $smooth_avg_window times as current realtime value 
    smooth_avg_window=2
    decrease_ratio="0.95"
    increase_ratio="1.005"
 ### note, unit of bypass_observe_time is second(s)     
    recovery_observe_time=30
 [PROTOCOL_FEATURE]
    ipv6_decapsulation_enabled=1
    ipv6_send_packet_enabled=1
    tcp_drop_pure_ack_pkt=0
    tcp_syn_option_parse_enabled=1 
 skip_not_ip_layer_over_eth=0
    skip_gtp_S_PN_E_field_for_inject=0
 [DUPLICATE_PKT]
 [dup_pkt.traffic.original]
    original_ipv4_tcp_enabled=1
    original_ipv4_udp_enabled=0
 ### note, can't distinguish between duplicate traffic and application retransmit traffic for IPv6 packets,
 ### so not support IPv6 original duplicate traffic check.
 [dup_pkt.traffic.inject]
    inject_all_enabled=1
 [dup_pkt.parameters]
    bloom_capacity=1000000
    bloom_error_rate=0.00001
    bloom_timeout=10
 [STREAM]
 ### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S" 
    stream_id_base_time="2021-01-01 00:00:00"
    [stream.tcp]
 max=1000
 timeout=0
    syn_mandatory=1
 reorder_pkt_max=5
    analyse_option_enabled=1
    tuple4_reuse_time_interval=30
    meaningful_statistics_minimum_pkt=3
    meaningful_statistics_minimum_byte=5
    special_timeout_ratio=10
        [stream.tcp.inject]
        link_mss=1460
        [stream.tcp.inject.rst]
        auto_remedy=1
        number=1
        signature_enabled=1
        signature_seed1=65535
        signature_seed2=13
        remedy_kill_tcp_by_inline_device=0
    [stream.udp]
 max=1000
 timeout=0
    meaningful_statistics_minimum_pkt=3
    meaningful_statistics_minimum_byte=5
    special_timeout_ratio=20
 [PROFILING]
 [profiling.pkt_latency]
    enabled=0
    accurate_enable=0
 ### note, threshold unit is microseconds (us)
    threshold=100000
    [profiling.sanity_check]
    raw_pkt_broken_enabled=0
    symbol_conflict_enabled=0
    [profiling.log]
    level=20
    interval=1
        [profiling.log.local]
        enabled=1
 ### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.	 
        file_truncate_enabled = 1
        [profiling.log.remote]
        enabled=0
        server_ip="127.0.0.1"
        server_port=8126
        [profiling.log.remote.field_stat2]
 ### note, is valid when "remote_send_out_type=field_stat2"	 
 ### note, metric_type option value: [default, json]
        metric_type = default
        app_name=sapp
        [profiling.log.prometheus]
        prometheus_enabled=0
        prometheus_port=9273
        prometheus_url_path="/metrics"
 [TOOLS]
    [tools.pkt_dump]
    enabled=0
 ### note, mode options value:[storage, udp_socket]
    mode=udp_socket
    BSD_packet_filter=""
        [tools.pkt_dump.threads]
 ### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=0
 ###       if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
        all_threads_enabled=1
 ### note, dump_thread_id start from 0, max is CPU.worker_threads-1
        dump_thread_id=[0,1,2,3,4]
        [tools.pkt_dump.udp]
        command_port=12345
        pkt_dump_ratio=30
        [tools.pkt_dump.storage]
 ### note, file path must be double quotation mark extension, for example,  path="/dev/shm/pkt_dump"
        path="/dev/shm/pkt_dump"
 ### note, file size unit: MB
        file_size_max_per_thread=10000 
 [breakpad]
    disable_coredump=0
    enable_breakpad=0
    breakpad_minidump_dir="/tmp/crashreport"
    enable_breakpad_upload=0
    breakpad_upload_url="http://127.0.0.1/"
    breakpad_upload_tools="/opt/MESA/bin/minidump_upload"
 ### note:
 ### These configurations format is complex and difficult to describe with toml grammar,
 ### so, create a independent secondary config file to description specific information.
 [SECONDARY_CONFIG_LINK]
 cfg_file_sapp_log="etc/sapp_log.conf"
 cfg_file_plug_list="plug/conflist.inf"
    cfg_file_project_list="etc/project_list.conf"
    cfg_file_entrylist="etc/entrylist.conf"
    cfg_file_send_raw_pkt="etc/send_raw_pkt.conf"
    cfg_file_vxlan_sport_map="etc/vxlan_sport_service_map.conf"
    cfg_file_inline_device="etc/gdev.conf"
    cfg_file_necessary_plug_list="etc/necessary_plug_list.conf"
    cfg_file_stream_compare_layer="etc/stream_compare_layer.conf"
    cfg_file_vlan_flipping="etc/vlan_flipping_map.conf"
    cfg_file_asymmetric_addr_layer="etc/asymmetric_addr_layer.conf"
    cfg_file_well_known_port="etc/well_known_port.conf"
 [SECONDARY_DATA_LINK]
 data_file_sysinfo_log="sysinfo.log"
    data_file_field_stat_log="fs2_sysinfo.log"
    data_file_inline_keepalive_log="gdev_keeplive_status.log"
    data_file_load_plugin_stat_log="load_plugin_stat.log"
    data_file_under_ddos_stat_log="under_ddos_stat.log"
    data_file_memory_stat_log="memory_used_stat.log"
 [LIBRARY_LINK]
    marsio_library_path="/opt/mrzcpd/lib/libmarsio.so"
--- a/test/bin/etc/sapp_log.conf
+++ b/test/bin/etc/sapp_log.conf
@@ -1,16 +0,0 @@
 [global]
 default format = "%d(%c), %V, %U, %m%n"
 [levels]
 DEBUG=10
 INFO=20
 FATAL=30
 STOP=40
 [formats]
 other = "%d(%c), %V, %F, %U, %m%n"
 plugin = "%d(%c), %m%n"
 [rules]
 __log_runtimelog.info    "./log/runtimelog.%d(%F)"
 __log_runtimelog_plugin.fatal    >stdout; plugin
 __log_runtimelog_plugin.fatal    "./log/plugin.log"; plugin
 __log_http_runtime.stop	"./log/%c.%d(%F)"; other
 !.*    "./log/%c.%d(%F)"; other
--- a/test/bin/etc/send_gdev.conf
+++ b/test/bin/etc/send_gdev.conf
@@ -1,2 +0,0 @@
 3	10.3.127.1	
--- a/test/bin/etc/send_raw_pkt.conf
+++ b/test/bin/etc/send_raw_pkt.conf
@@ -1,16 +0,0 @@
 #<23><><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
 #<23><>ƽ̨<C6BD><CCA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ͬ<EFBFBD><CDAC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,  <20>ײ<EFBFBD><D7B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2>ͬ,
 #<23><><EFBFBD><EFBFBD>ͨģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, DPDKģʽ<C4A3><CABD>ʹ<EFBFBD>ö˿ں<CBBF>, PFRINGģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9>index<65><78>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ.
 #target_id<69><64><EFBFBD>ڱ<EFBFBD>ʾ<EFBFBD><CABE><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD>ն˷<D5B6><CBB7><EFBFBD>, 
 #<23><><EFBFBD>ڷ<EFBFBD><DAB7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0>ײ<EFBFBD>MAC<41><43>Ŀ<EFBFBD><C4BF>IP<49><50>, <20><><EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, ƽֻ̨<CCA8><D6BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC>.
 #target_id<69>൱<EFBFBD><E0B5B1><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><DDBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 #(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
 ##(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
 #target_id
 #0 	pag p7p2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 vxlan_user smith dpdk dpdk pag
 #1 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag
 #2 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p1 smith dpdk dpdk pag
 #3 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag
 #4 	pag eth1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 p7p2 smith dpdk dpdk pag
--- a/test/bin/etc/send_route.conf
+++ b/test/bin/etc/send_route.conf
@@ -1,3 +0,0 @@
 #dev_id link_id  mac_addr
 3	2	00:50:56:f3:59:5c
--- a/test/bin/etc/stream_compare_layer.conf
+++ b/test/bin/etc/stream_compare_layer.conf
@@ -1,2 +0,0 @@
 #
--- a/test/bin/etc/vlan_flipping_map.conf
+++ b/test/bin/etc/vlan_flipping_map.conf
@@ -1,12 +0,0 @@
 #for inline a device vlan flipping 
 #数据包来自C路由器端, 即C2I(I2E)方向, 
 #数据包来自I路由器端, 即I2C(E2I)方向, 
 #平台会根据vlan_id,设置当前包route_dir的值, 以便上层业务插件做两个方向的流量统计,
 #如果一对vlan_id写反了, 网络是通的, 但是I2E,E2I的流量统计就颠倒了.
 #配置文件格式, pattern:
 #来自C路由器vlan_id	  	来自I路由器vlan_id   	是否开启mac地址翻转
 #C_router_vlan_id  I_router_vlan_id mac_flipping_enable
 #1001	1002	1
 #1003	1004	1
 #4000	4001	0
--- a/test/bin/etc/vxlan_sport_service_map.conf
+++ b/test/bin/etc/vxlan_sport_service_map.conf
@@ -1,86 +0,0 @@
 #service-id  	vpn-id  sport-dport
 1		101	50000-50016
 2		102	50064-50080
 3		103	50128-50144
 4		104	50192-50208
 5		105	50256-50272
 6		106	50320-50336
 7		107	50384-50384
 8		108	50448-50464
 9		109	50512-50512
 10		110	50576-50592
 11		111	50640-50656
 12		112	50704-50720
 13		113	50768-50784
 14		114	50832-50848
 15		115	50896-50912
 16		116	50960-50960
 17		117	51024-51024
 18		118	51088-51088
 19		119	51152-51168
 20		120	51216-51232
 21		121	51280-51296
 22		122	51344-51360
 23		123	51408-51408
 24		124	51472-51472
 25		125	51536-51536
 26		126	51600-51600
 27		127	51664-51664
 28		128	51728-51728
 29		129	51792-51792
 30		130	51856-51856
 31		131	51920-51920
 32		132	51984-51984
 33		133	52048-52064
 34		134	52112-52128
 35		135	52176-52192
 36	136	52240-52256
 37	137	52304-52320
 38	138	52368-52384
 39	139	52432-52448
 40	140	52496-52512
 41	141	52560-52576
 42	142	52624-52640
 43	143	52688-52704
 44	144	52752-52768
 45	145	52816-52832
 46	146	52880-52896
 47	147	52944-52960
 48	148	53008-53024
 49	149	53072-53088
 50	150	53136-53152
 51	151	53200-53216
 52	152	53264-53280
 53	153	53328-53344
 54	154	53392-53408
 55	155	53456-53472
 56	156	53520-53536
 57	157	53584-53600
 58	158	53648-53664
 59	159	53712-53712
 60	160	53776-53776
 61	161	53840-53840
 62	162	53904-53904
 63	163	53968-53968
 64	164	54032-54032
 65	165	54096-54096
 66	166	54160-54176
 67	167	54224-54240
 68	168	54288-54304
 69	169	54352-54368
 70	170	54416-54432
 71	171	54480-54496
 72	172	54544-54560
 73	173	54608-54624
 74	174	54672-54688
 75	175	54736-54736
 76	176	54800-54800
 77	177	54864-54864
 78	178	54928-54928
 79	179	54992-54992
 80	180	55056-55056
 81	181	55120-55120
 82	182	55184-55184
 83	183	55248-55248
 84	184	55312-55312
 85	185	55376-55376
--- a/test/bin/etc/well_known_port.conf
+++ b/test/bin/etc/well_known_port.conf
@@ -1,2 +0,0 @@
 [TCP]
 [UDP]
--- a/test/bin/tsg_master_gtest.inf
+++ b/test/bin/tsg_master_gtest.inf
@@ -1,9 +0,0 @@
 [PLUGINFO]
 PLUGNAME=GTEST_MASTER
 SO_PATH=./plug/platform/tsg_master_gtest/tsg_master_gtest.so
 INIT_FUNC=GTEST_INIT
 DESTROY_FUNC=GTEST_UNLOAD
 [TCP_ALL]
 FUNC_FLAG=ALL
 FUNC_NAME=GTEST_APP_FULL_PATH_1_ENTRY
--- a/test/src/CMakeLists.txt
+++ b/test/src/CMakeLists.txt
@@ -9,7 +9,7 @@ include_directories(${PROJECT_SOURCE_DIR}/src/)
 add_definitions(-std=c++11)
 LINK_DIRECTORIES(/opt/MESA/lib)
-add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp gtest_common.cpp gtest_rule.cpp)
+add_executable(gtest_rule ${PROJECT_SOURCE_DIR}/src/tsg_rule.cpp ${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp ${PROJECT_SOURCE_DIR}/src/tsg_leaky_bucket.cpp gtest_common.cpp gtest_rule.cpp)
 target_link_libraries(gtest_rule gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe)
 set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp 
@@ -24,7 +24,8 @@ set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp
 	${PROJECT_SOURCE_DIR}/src/tsg_dns.cpp 
 	${PROJECT_SOURCE_DIR}/src/tsg_icmp.cpp
 	${PROJECT_SOURCE_DIR}/src/tsg_tamper.cpp
 	${PROJECT_SOURCE_DIR}/src/tsg_bridge.cpp
 )
-add_executable(gtest_master ${TSG_MASTER_SRC} gtest_common.cpp gtest_master.cpp)
+add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp)
-target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe rdkafka MESA_htable)
+target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maatframe MESA_htable)
--- a/test/src/gtest_kafka.cpp
+++ b/test/src/gtest_kafka.cpp
@@ -0,0 +1,76 @@
 #include <string.h>
 #include <librdkafka/rdkafka.h>
 #ifndef	MIN
 #define	MIN(a,b)	((a)>(b) ? (b) : (a))
 #endif
 int g_kafka_sendlog_cnt=0;
 char g_kafka_sendlog[16][1024]={0,0};
 rd_kafka_conf_t *rd_kafka_conf_new(void)
 {
 	return (rd_kafka_conf_t *)0x1;
 }
 rd_kafka_conf_res_t rd_kafka_conf_set(rd_kafka_conf_t *conf, const char *name, const char *value, char *errstr, size_t errstr_size)
 {
 	return (rd_kafka_conf_res_t)0x1;
 }
 rd_kafka_t *rd_kafka_new(rd_kafka_type_t type, rd_kafka_conf_t *conf, char *errstr, size_t errstr_size)
 {
 	return (rd_kafka_t *)0x2;
 }
 rd_kafka_topic_conf_t* rd_kafka_topic_conf_new(void)
 {
 	return (rd_kafka_topic_conf_t*)0x3;
 }
 rd_kafka_topic_t* rd_kafka_topic_new(rd_kafka_t *rk, const char *topic, rd_kafka_topic_conf_t *	conf)
 {
 	return (rd_kafka_topic_t*)0x4;
 }
 void rd_kafka_topic_destroy (rd_kafka_topic_t *rkt)
 {
 }
 void rd_kafka_destroy (rd_kafka_t *rk)
 {
 }
 rd_kafka_resp_err_t rd_kafka_last_error(void)
 {
 	return (rd_kafka_resp_err_t)0x5;
 }
 const char *rd_kafka_err2name(rd_kafka_resp_err_t err)
 {
 	return "err2name";
 }
 const char *rd_kafka_err2str(rd_kafka_resp_err_t err)
 {
 	return "err2str";
 }
 int rd_kafka_produce(rd_kafka_topic_t *rkt, int32_t partitition, int msgflags, void *payload, size_t len, const void *key, size_t keylen, void *msg_opaque)
 {
 	int length=MIN(len, sizeof(g_kafka_sendlog[g_kafka_sendlog_cnt]));
 	memcpy((void *)(g_kafka_sendlog[g_kafka_sendlog_cnt++]), payload, length);
 	return 0;
 }
 int rd_kafka_get_sendlog_cnt(void)
 {
 	return g_kafka_sendlog_cnt;
 }
 const char *rd_kafka_get_sendlog_payload(int idx)
 {
 	if(idx>g_kafka_sendlog_cnt || idx <0)
 	{
 		return NULL;
 	}
 	return (const char *)g_kafka_sendlog[idx];
 }
--- a/test/src/gtest_kafka.h
+++ b/test/src/gtest_kafka.h
@@ -0,0 +1,3 @@
 #pragma once
--- a/test/src/gtest_master.cpp
+++ b/test/src/gtest_master.cpp
@@ -7,6 +7,9 @@
 #include "tsg_entry.h"
 #include <gtest/gtest.h>
 extern int rd_kafka_get_sendlog_cnt(void);
 extern const char *rd_kafka_get_sendlog_payload(int idx);
 TEST(TSGMaster, SetAPPIDHttp)
 {
 	struct streaminfo a_stream={0};
@@ -16,8 +19,8 @@ TEST(TSGMaster, SetAPPIDHttp)
 	gather_result[ORIGIN_BASIC_PROTOCOL].origin=ORIGIN_BASIC_PROTOCOL;
 	gather_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id=67;	//HTTP
-	project_req_add_struct(&a_stream, g_tsg_para.gather_app_project_id, (const void *)gather_result);
+	tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, (void *)gather_result);
-	struct gather_app_result *get_result=(struct gather_app_result *)project_req_get_struct(&a_stream, g_tsg_para.gather_app_project_id);
+	struct gather_app_result *get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id);
 	EXPECT_NE(nullptr, get_result);
 	EXPECT_EQ(1, get_result[ORIGIN_BASIC_PROTOCOL].app_num);
 	EXPECT_EQ(67, get_result[ORIGIN_BASIC_PROTOCOL].attributes[0].app_id);
@@ -32,8 +35,8 @@ TEST(TSGMaster, SetAPPIDHttp)
 	EXPECT_STREQ("{\"common_app_full_path\":\"http\",\"common_app_label\":\"http\"}", app_ids);
-	project_req_add_struct(&a_stream, g_tsg_para.gather_app_project_id, NULL);
+	tsg_set_xxx_to_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id, NULL);
-	get_result=(struct gather_app_result *)project_req_get_struct(&a_stream, g_tsg_para.gather_app_project_id);
+	get_result=(struct gather_app_result *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_GATHER_APP_RESULT].id);
 	EXPECT_EQ(nullptr, get_result);
 }
@@ -68,7 +71,7 @@ TEST(TSGMaster, ShapingSetRuleIds)
 	TLD_convert_json(handle, shaping_rule_ids, sizeof(shaping_rule_ids));
 	EXPECT_STREQ("{\"common_shaping_rule_ids\":\"32,33,34,35,36,37,38,39\"}", shaping_rule_ids);
-	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	EXPECT_NE(nullptr, shaping_label);
 	EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num);
 	for(int i=0; i<shaping_label->shaping_result_num; i++)
@@ -77,9 +80,9 @@ TEST(TSGMaster, ShapingSetRuleIds)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
 	}
-	free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label);
+	free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
-	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL);
+	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
-	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]));
+	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
 }
 int shaping_policy_notify_cb(const struct streaminfo *stream, int bridge_id, void *data)
@@ -107,7 +110,7 @@ TEST(TSGMaster, ShapingPolicyNotify)
 		shaping_result[i].config_id=TSG_ACTION_SHAPING+i;
 	}
-	stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_policy_notify_cb);
+	stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_policy_notify_cb);
 	tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
 	int shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM);
@@ -118,7 +121,7 @@ TEST(TSGMaster, ShapingPolicyNotify)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
 	}
-	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	EXPECT_NE(nullptr, shaping_label);
 	EXPECT_EQ(MAX_RESULT_NUM, shaping_label->shaping_result_num);
 	for(int i=0; i<shaping_label->shaping_result_num; i++)
@@ -127,9 +130,9 @@ TEST(TSGMaster, ShapingPolicyNotify)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
 	}
-	free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label);
+	free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
-	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL);
+	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
-	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]));
+	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
 }
 int shaping_policy_notify_null_cb(const struct streaminfo *stream, int bridge_id, void *data)
@@ -143,10 +146,10 @@ TEST(TSGMaster, ShapingPolicyNotifyNULL)
 	const struct streaminfo a_stream={0};
 	struct Maat_rule_t shaping_result[MAX_RESULT_NUM]={0};
-	stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_policy_notify_null_cb);
+	stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_policy_notify_null_cb);
 	tsg_notify_hited_shaping_result(&a_stream, shaping_result, 0, 0);
-	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	EXPECT_EQ(nullptr, shaping_label);
 }
@@ -175,7 +178,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyNotify)
 		shaping_result[i].config_id=TSG_ACTION_SHAPING+(i%4);
 	}
-	stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_duplicate_policy_notify_cb);
+	stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_duplicate_policy_notify_cb);
 	tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM, 0);
 	int shaping_result_num=tsg_pull_shaping_result((struct streaminfo *)&a_stream, shaping_result, MAX_RESULT_NUM);
@@ -186,7 +189,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyNotify)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
 	}
-	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	EXPECT_NE(nullptr, shaping_label);
 	EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num);
 	for(int i=0; i<shaping_label->shaping_result_num; i++)
@@ -195,9 +198,9 @@ TEST(TSGMaster, ShapingDuplicatePolicyNotify)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
 	}
-	free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label);
+	free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
-	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL);
+	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
-	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]));
+	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
 }
 TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify)
@@ -211,7 +214,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify)
 		shaping_result[i].config_id=TSG_ACTION_SHAPING+i;
 	}
-	stream_bridge_register_data_sync_cb(g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], shaping_duplicate_policy_notify_cb);
+	stream_bridge_register_data_sync_cb(g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, shaping_duplicate_policy_notify_cb);
 	// First notify
 	tsg_notify_hited_shaping_result(&a_stream, shaping_result, MAX_RESULT_NUM/2, 0);
@@ -223,7 +226,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
 	}
-	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	struct notify_shaping_policy *shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	EXPECT_NE(nullptr, shaping_label);
 	EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num);
 	for(int i=0; i<shaping_label->shaping_result_num; i++)
@@ -242,7 +245,7 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_result[i].config_id);
 	}
-	shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]);
+	shaping_label=(struct notify_shaping_policy *)stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id);
 	EXPECT_NE(nullptr, shaping_label);
 	EXPECT_EQ(MAX_RESULT_NUM/2, shaping_label->shaping_result_num);
 	for(int i=0; i<shaping_label->shaping_result_num; i++)
@@ -251,9 +254,94 @@ TEST(TSGMaster, ShapingDuplicatePolicyMultipleNotify)
 		EXPECT_EQ(TSG_ACTION_SHAPING+i, shaping_label->shaping_result[i].config_id);
 	}
-	free_shaping_result(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], (void *)shaping_label);
+	free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, (void *)shaping_label);
-	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT], NULL);
+	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id, NULL);
-	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge_id[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT]));
+	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_NOTIFY_SHAPING_RESULT].id));
 }
 TEST(TSGMaster, SecurityPolicySendlog)
 {
 	const struct streaminfo a_stream={0};
 	struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
 	for(int i=0; i<MAX_RESULT_NUM; i++)
 	{
 		security_result[i].do_log=1;
 		security_result[i].action=TSG_ACTION_MONITOR;
 		security_result[i].config_id=TSG_ACTION_MONITOR+i;
 	}
 	// First notify
 	tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM, 0);
 	struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	EXPECT_NE(nullptr, priority_label);
 	EXPECT_EQ(MAX_RESULT_NUM, priority_label->security_result_num);
 	for(int i=0; i<priority_label->security_result_num; i++)
 	{	
 		EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action);
 		EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id);
 	}
 	struct TLD_handle_t * handle=TLD_create(0);
 	struct Maat_rule_t session_record={0, 2, 1, 0, 0, 0, 0, {0}};
 	tsg_log_t log_msg={1, &session_record, (struct streaminfo*)&a_stream};
 	tsg_send_log(g_tsg_log_instance, handle, &log_msg, 0);
 	int sendlog_cnt=rd_kafka_get_sendlog_cnt();
 	EXPECT_EQ(9, sendlog_cnt);
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(0));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(1));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(2));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(3));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(4));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(5));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(6));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(7));
 	//EXPECT_STREQ("{}", rd_kafka_get_sendlog_payload(8));
 	priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	EXPECT_EQ(nullptr, priority_label);
 }
 TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify)
 {
 	const struct streaminfo a_stream={0};
 	struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
 	for(int i=0; i<MAX_RESULT_NUM/2; i++)
 	{
 		security_result[i].action=TSG_ACTION_MONITOR;
 		security_result[i].config_id=TSG_ACTION_MONITOR+i;
 	}
 	// First notify
 	tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM/2, 0);
 	struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	EXPECT_NE(nullptr, priority_label);
 	EXPECT_EQ(MAX_RESULT_NUM/2, priority_label->security_result_num);
 	for(int i=0; i<priority_label->security_result_num; i++)
 	{	
 		EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action);
 		EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id);
 	}
 	// Second notify
 	tsg_notify_hited_security_result(&a_stream, security_result, MAX_RESULT_NUM/2, 0);
 	priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
 	EXPECT_NE(nullptr, priority_label);
 	EXPECT_EQ(MAX_RESULT_NUM/2, priority_label->security_result_num);
 	for(int i=0; i<priority_label->security_result_num; i++)
 	{	
 		EXPECT_EQ(TSG_ACTION_MONITOR, priority_label->security_result[i].action);
 		EXPECT_EQ(TSG_ACTION_MONITOR+i, priority_label->security_result[i].config_id);
 	}
 	free_shaping_result(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
 	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
 	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
 }
 int main(int argc, char *argv[])
--- a/test/src/gtest_rule.cpp
+++ b/test/src/gtest_rule.cpp
@@ -8,7 +8,7 @@
 #include <gtest/gtest.h>
 g_tsg_para_t g_tsg_para;
-id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, 
+struct id2field g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"}, 
 										 {PROTO_IPv4, 	0,	"IPV4"},
 										 {PROTO_IPv6, 	0,	"IPV6"},
 										 {PROTO_TCP, 	0, 	"TCP"},
@@ -35,13 +35,19 @@ id2field_t g_tsg_proto_name2id[PROTO_MAX]={{PROTO_UNKONWN, 0, "unknown"},
 										 {PROTO_DTLS, 	0,	"DTLS"}
 										};
-unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name)
+int app_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data)
 {
 	return 0;
 }
-void free_policy_label(int thread_seq, void *project_req_value)
+int session_flags_identify_result_cb(const struct streaminfo *a_stream, int bridge_id, void *data)
 {
 	return 0;
 }
 unsigned int tsg_l7_protocol_name2id(const char *l7_protocol_name)
 {
 	return 0;
 }
 void set_session_attribute_label(const struct streaminfo *a_stream, enum TSG_ATTRIBUTE_TYPE type, void *value, int value_len, int thread_seq)
		`@@ -1,3 +0,0 @@`
			`#dev_id link_id mac_addr`
			`3 2 00:50:56:f3:59:5c`