Merge branch 'develop'

# Conflicts:
#	src/tsg_entry.cpp
#	src/tsg_entry.h
#	src/tsg_rule.cpp

.gitlab-ci.yml

@@ -0,0 +1,119 @@
+image: "docker:stable"
+
+services:
+  - docker:dind
+
+variables:
+  GIT_STRATEGY: "clone"
+  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+
+
+stages:
+  - build
+  - package
+  - release
+  - docker
+  
+.build_before_script:
+  before_script:
+    - mkdir -p /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_NAMESPACE/
+    - ln -s $CI_PROJECT_DIR /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_PATH
+    - cd /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/$CI_PROJECT_PATH
+
+.build_master:
+  extends: .build_before_script
+  image:  git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
+  script:
+    - source /etc/profile.d/MESA.sh
+    - mkdir -p build
+    - cd build
+    - cmake ..  -DCMAKE_BUILD_TYPE=$BUILD_TYPE
+    - make
+    - make package
+    
+.package_master:
+    extends: .build_before_script
+    image:  git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
+    script:
+      - source /etc/profile.d/MESA.sh
+      - mkdir -p build
+      - cd build
+      - cmake ..  -DCMAKE_BUILD_TYPE=$BUILD_TYPE
+      - make package
+
+build:
+  stage: build
+  extends:   .build_master
+  tags:
+    - share
+  variables:
+    BUILD_TYPE: "Debug"
+  except:
+    - tags
+
+tsg-master-release:
+  stage: package
+  extends: .package_master
+  tags:
+    - share
+  variables:
+    BUILD_TYPE: "Release"
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
+    paths:
+      -  ./build/*.rpm
+  only:
+    - tags
+
+tsg-master-debug:
+  stage: package
+  extends: .package_master
+  tags:
+    - share
+  variables:
+    BUILD_TYPE: "Debug"
+  artifacts:
+    name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME"
+    paths:
+      -  ./build/*.rpm
+  only:
+    - tags
+ 
+release-tsg-master-debug:
+  stage: release
+  image:  git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
+  tags:
+    - share
+  variables:
+    ARTIFACTS_JOB: "tsg-master-debug"
+    PROJECT_NAME: "tsg-master"
+    USER_DEFINE: "debug"
+  only:
+    - tags
+  script:
+    - /bin/bash -x ./autorelease.sh $CI_API_V4_URL $CI_PROJECT_URL $CI_PROJECT_ID $CI_TOKEN $CI_COMMIT_TAG $ARTIFACTS_JOB $PROJECT_NAME $USER_DEFINE
+   
+release-tsg-master-release:
+  stage: release
+  image:  git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
+  tags:
+    - share
+  variables:
+    ARTIFACTS_JOB: "tsg-master-release"
+    PROJECT_NAME: "tsg-master"
+    USER_DEFINE: "release"
+  only:
+    - tags
+  script:
+    - /bin/bash -x ./autorelease.sh $CI_API_V4_URL $CI_PROJECT_URL $CI_PROJECT_ID $CI_TOKEN $CI_COMMIT_TAG $ARTIFACTS_JOB $PROJECT_NAME $USER_DEFINE
+
+build-docker:
+  stage: docker
+  script:
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - docker build -t $IMAGE_TAG .
+    - docker push $IMAGE_TAG
+  tags:
+    - share
+  only:
+    - master

Dockerfile

@@ -0,0 +1,11 @@
+FROM  git.mesalab.cn:7443/mesa_platform/mesa_protocol:master
+
+ENV kernelversion 3.10.0-693.el7.x86_64
+
+COPY build/*.rpm /tmp/
+
+RUN 	cd /tmp \
+			&& rpm -i *.rpm \
+			&& rm -rf /tmp/* \
+			&& yum clean all \
+			&& rm -rf /var/cache/yum/*

src/tsg_entry.cpp

@@ -14,7 +14,7 @@
 
 
 
-char TSG_MASTER_VERSION_20191129=0;
+char TSG_MASTER_VERSION_20191211=0;
 const char *tsg_conffile="tsgconf/main.conf";
 g_tsg_para_t g_tsg_para;
 
@@ -150,7 +150,8 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
 			}
 			else
 			{
-				MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d",
+				MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "SCAN_IP", "Not hit %s scan ret: %d",
+printaddr(&a_tcp->addr, thread_seq), ret);			
 			}
 
 
@@ -172,6 +173,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
 											RLOG_LV_DEBUG,
 											"SCAN_FQDN",
 											"Hit %s: %s policy_id: %d service: %d action: %d addr: %s",
+
 											(identify_info.proto==PROTO_HTTP) ? "host" : "sni",
 											identify_info.domain,
 											all_result[hit_num].config_id,
@@ -182,16 +184,17 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
 
 				hit_num+=ret;
 				identify_flag=1;
-				hit_num+=ret;
 			}
 			else
 			{
 				MESA_handle_runtime_log(g_tsg_para.logger,
 											RLOG_LV_DEBUG,
 											"SCAN_FQDN",
-											RLOG_LV_DEBUG,
+											"Not hit %s: %s stream_dir: %d addr: %s",
+
 											(ret==-1) ?  "NULL" : ((identify_info.proto==PROTO_HTTP) ? "host" : "sni"),
 											(ret==-1) ? "NULL" : identify_info.domain,
+											a_tcp->dir,
 											printaddr(&a_tcp->addr, thread_seq)
 										);
 			}
@@ -208,6 +211,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
 						state|=APP_STATE_DROPPKT|APP_STATE_KILL_OTHER;
 						FS_operate(g_tsg_para.fs2_handle, g_tsg_para.fs2_field_id[TSG_FS2_DENY], 0, FS_OP_ADD, 1);
 						MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "DENY", "Hit deny policy, policy_id: %d action: %d addr: %s",
+
 															p_result[0].config_id, p_result[0].action, printaddr(&a_tcp->addr, thread_seq));
 						break;
 					case	TSG_ACTION_MONITOR:
@@ -240,6 +244,7 @@ extern "C" char TSG_MASTER_TCP_ENTRY(struct streaminfo *a_tcp, void **pme, int t
 						}
 						
 						MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_DEBUG, "INTERCEPT", "Hit intercept policy, policy_id: %d action: %d addr: %s",
+
 															priority_label->result[0].config_id, priority_label->result[0].action, printaddr(&a_tcp->addr, thread_seq));
 						break;
 					case	TSG_ACTION_NONE:

src/tsg_entry.h

@@ -40,6 +40,7 @@ typedef	struct _tsg_para
 	int device_id;
 	int ip_addr_table_id;
 	int subscribe_id_table_id;
+	int dyn_subscribe_ip_table_id; //TSG_DYN_SUBSCRIBER_IP
 	int priority_project_id;
 	int fs2_field_id[TSG_FS2_MAX];
 	void *logger;

src/tsg_rule.cpp

@@ -3,6 +3,7 @@
 #include <stdlib.h>
 #include <assert.h>
 #include <time.h>
+#include <arpa/inet.h>
 #include <MESA/stream.h>
 #include <MESA/MESA_prof_load.h>
 
@@ -15,8 +16,10 @@
 #include "tsg_entry.h"
 
 Maat_feather_t g_tsg_maat_feather;
+Maat_feather_t g_tsg_dynamic_maat_feather;
 
 #define	MAX_PATH_LEN	1024
+#define	MAX_IPV6_ADDR_LEN	128
 
 #ifndef MIN
 #define MIN(a, b)  	(((a) < (b)) ? (a) : (b))
@@ -31,15 +34,73 @@ enum kni_scan_table{
 const char *g_kni_scan_table_name[SCAN_TABLE_MAX];
 int g_kni_scan_tableid[SCAN_TABLE_MAX] = {0};
 
-int tsg_rule_init(const char* conffile, void *logger)
+void subscribe_id_dup_data(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void* argp)
+{
+	void *logger=argp;
+	
+	*to=calloc(1, strlen((char *)*from)+1);
+	memcpy(*to, *from, strlen((char *)*from));
+	
+	MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Dup subscribe_id: %s table_id: %d", (char *)*to, table_id);
+	return;
+}
+
+void subscribe_id_new_data(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
+{
+	void *logger=argp;
+	int ret=0,id=0,type=0,is_valid=0;
+	char subscribe_id[256]={0};
+	char ip_addr[MAX_IPV6_ADDR_LEN]={0};
+	
+	ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%d", &id, &type, ip_addr, subscribe_id, &is_valid);
+	if(ret!=5)
+	{
+		MESA_handle_runtime_log(logger, 
+								RLOG_LV_FATAL,
+								"SUBSCRIBE_ID",
+								"Parse subscribe_id failed, ret: %d table_id: %d key: %s table_line: %s",
+								ret,
+								table_id,
+								key,
+								table_line
+								);
+		return;
+	}
+	
+	*ad=calloc(1, strlen(subscribe_id)+1);
+	
+	memcpy(*ad, subscribe_id, strlen(subscribe_id));
+	MESA_handle_runtime_log(logger, 
+								RLOG_LV_INFO,
+								"SUBSCRIBE_ID",
+								"Add subscribe_id: %s table_id: %d key: %s table_line: %s",
+								*ad,
+								table_id,
+								key,
+								table_line
+								);
+	return;
+}
+
+void subscribe_id_free_data(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
+{
+	void *logger=argp;
+	MESA_handle_runtime_log(logger, RLOG_LV_INFO, "SUBSCRIBE_ID", "Delete subscribe_id: %s table_id: %d", (char *)*ad, table_id);
+	free(*ad);
+	*ad=NULL;
+
+	return;
+}
+
+
+static Maat_feather_t init_maat_feather(const char* conffile, char* instance_name, char *module, void *logger)
 {
 	unsigned short redis_port = 0;
 	int ret=0,scan_detail=0,effect_interval=60;
-	const char* instance_name="TSG",*module="MAAT";
+	Maat_feather_t _maat_feather=NULL;
 	int factor=0, redis_port_num=0,redis_index=0;
 	char redis_ip[16]={0}, effective_flag[1024]={0};
 	int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0;
-	char ip_addr_table[32]={0},subscriber_id_table[32]={0};
 	char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0};
 	char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
 
@@ -56,7 +117,7 @@ int tsg_rule_init(const char* conffile, void *logger)
 	effect_interval*=1000;//convert s to ms
 
 	thread_max=get_thread_count();
-	g_tsg_maat_feather=Maat_feather(thread_max, table_info, logger);
+	_maat_feather=Maat_feather(thread_max, table_info, logger);
 	
 	if(maat_mode==2)
 	{
@@ -67,34 +128,34 @@ int tsg_rule_init(const char* conffile, void *logger)
 		
 		if(strlen(effective_flag)!=0)
 		{
-			Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
+			Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
 		}
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
 
 		srand((unsigned int)time(NULL));
 		factor = rand()%redis_port_num;
 		redis_port = redis_port+factor;
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_IP, redis_ip, strlen(redis_ip)+1);
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_PORT, (void *)&redis_port, sizeof(redis_port));
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1);
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_ON, NULL, 0);
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index));
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_IP, redis_ip, strlen(redis_ip)+1);
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_PORT, (void *)&redis_port, sizeof(redis_port));
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1);
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0);
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index));
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
 		//Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_DEFERRED_LOAD, NULL,0);
 	}
 	else
 	{
 		if(strlen(effective_flag)!=0)
 		{
-			ret=Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
+			ret=Maat_set_feather_opt(_maat_feather,MAAT_OPT_ACCEPT_TAGS,effective_flag, strlen(effective_flag)+1);
 			assert(ret>=0);
 		}
-		Maat_set_feather_opt(g_tsg_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1);
+		Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1);
 		if(maat_mode==1)
 		{
 			MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
-			Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1);
+			Maat_set_feather_opt(_maat_feather, MAAT_OPT_JSON_FILE_PATH, json_cfg_file, strlen(json_cfg_file)+1);
 		}
 		else
 		{
@@ -102,31 +163,52 @@ int tsg_rule_init(const char* conffile, void *logger)
 			MESA_load_profile_string_def(conffile,module,"FULL_CFG_DIR",ful_cfg_dir, sizeof(ful_cfg_dir),"");	
 			assert(strlen(inc_cfg_dir)!=0&&strlen(ful_cfg_dir)!=0);
 			
-			Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1);
-			Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1);
+			Maat_set_feather_opt(_maat_feather, MAAT_OPT_FULL_CFG_DIR, ful_cfg_dir, strlen(ful_cfg_dir)+1);
+			Maat_set_feather_opt(_maat_feather, MAAT_OPT_INC_CFG_DIR, inc_cfg_dir, strlen(inc_cfg_dir)+1);
 		}
 		if(maat_stat_on)
 		{
-			Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1);
-			Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_STAT_ON, NULL, 0);
+			Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_FILE_PATH, maat_stat_file, strlen(maat_stat_file)+1);
+			Maat_set_feather_opt(_maat_feather, MAAT_OPT_STAT_ON, NULL, 0);
 			if(maat_perf_on)
 			{
-				Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
+				Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
 			}
 		}
 
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
-		Maat_set_feather_opt(g_tsg_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_EFFECT_INVERVAL_MS, &effect_interval, sizeof(effect_interval));
+		Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
 	}
 	
-	ret=Maat_initiate_feather(g_tsg_maat_feather);
+	ret=Maat_initiate_feather(_maat_feather);
 	if(ret<0)
 	{
-		return -1;
+		return NULL;
 	}
 
-	MESA_load_profile_string_def(conffile, module, "IP_ADDR_TABLE", ip_addr_table, sizeof(ip_addr_table), "TSG_OBJ_IP_ADDR");
-	MESA_load_profile_string_def(conffile, module, "SUBSCRIBER_ID_TABLE", subscriber_id_table, sizeof(subscriber_id_table), "TSG_OBJ_SUBSCRIBER_ID");
+	return _maat_feather;
+}
+
+int tsg_rule_init(const char* conffile, void *logger)
+{
+	int ret=0;
+	char maat_conffile[256]={0};
+	char ip_addr_table[32]={0};
+	char subscriber_id_table[32]={0};
+	char cb_subscriber_ip_table[32]={0};
+	
+	MESA_load_profile_string_def(conffile, "MAAT", "PROFILE", maat_conffile, sizeof(maat_conffile), "./tsgconf/maat_profile.conf");	
+	MESA_load_profile_string_def(conffile, "MAAT", "IP_ADDR_TABLE", ip_addr_table, sizeof(ip_addr_table), "TSG_OBJ_IP_ADDR");
+	MESA_load_profile_string_def(conffile, "MAAT", "SUBSCRIBER_ID_TABLE", subscriber_id_table, sizeof(subscriber_id_table), "TSG_OBJ_SUBSCRIBER_ID");
+
+
+	//init dynamic maat feather
+	g_tsg_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_STATIC", (char *)"STATIC", logger);
+	if(g_tsg_maat_feather==NULL)
+	{
+		MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_STATIC", "STATIC"); 
+		return -1;
+	}
 	
 	g_tsg_para.ip_addr_table_id=Maat_table_register(g_tsg_maat_feather, ip_addr_table);
 	if(g_tsg_para.ip_addr_table_id<0)
@@ -142,6 +224,7 @@ int tsg_rule_init(const char* conffile, void *logger)
 		return -1;
 	}
 
+	// init sni or host share table
 	ret=tsg_shared_table_init(conffile, g_tsg_maat_feather, logger);
 	if(ret<0)
 	{
@@ -149,6 +232,37 @@ int tsg_rule_init(const char* conffile, void *logger)
 		return -1;	
 	}
 	
+
+	//init dynamic maat feather
+	g_tsg_dynamic_maat_feather=init_maat_feather(maat_conffile, (char *)"TSG_DYNAMIC", (char *)"DYNAMIC", logger);
+	if(g_tsg_maat_feather==NULL)
+	{
+		MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "init_maat_feather failed, instance_name: %s module: %s", "TSG_DYNAMIC", "DYNAMIC"); 
+		return -1;
+	}
+
+	MESA_load_profile_string_def(conffile, "MAAT", "CB_SUBSCRIBER_IP_TABLE", cb_subscriber_ip_table, sizeof(cb_subscriber_ip_table), "TSG_DYN_SUBSCRIBER_IP");
+
+	g_tsg_para.dyn_subscribe_ip_table_id=Maat_table_register(g_tsg_dynamic_maat_feather, cb_subscriber_ip_table);
+	if(g_tsg_para.dyn_subscribe_ip_table_id<0)
+	{
+		MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "Maat_table_register %s failed", cb_subscriber_ip_table); 
+		return -1;
+	}
+	ret=Maat_plugin_EX_register(g_tsg_dynamic_maat_feather,
+							g_tsg_para.dyn_subscribe_ip_table_id,
+							subscribe_id_new_data,
+							subscribe_id_free_data,
+							subscribe_id_dup_data,
+							NULL,
+							0,
+							logger);
+	if(ret<0)
+	{
+		MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "RULE_INIT", "Maat_plugin_EX_register failed, table_name: %s table_id: %d", cb_subscriber_ip_table, g_tsg_para.dyn_subscribe_ip_table_id); 
+		return -1;		
+	}
+
 	return 0;
 }
 
@@ -249,15 +363,54 @@ int tsg_pull_policy_result(struct streaminfo *a_stream, PULL_RESULT_TYPE pull_re
 	return 0;
 }
 
+
+int tsg_get_subscribe_id(const struct streaminfo *a_stream, char **source_subscribe_id, char **dest_subscribe_id)
+{
+	char source_ip[MAX_IPV6_ADDR_LEN]={0};
+	char dest_ip[MAX_IPV6_ADDR_LEN]={0};
+	struct stream_tuple4_v4 *v4=NULL;
+	struct stream_tuple4_v6 *v6=NULL;
+	
+	switch(a_stream->addr.addrtype)
+	{
+		case	ADDR_TYPE_IPV4:
+			v4=a_stream->addr.tuple4_v4;
+			inet_ntop(AF_INET, &(v4->saddr), source_ip, MAX_IPV6_ADDR_LEN);
+			inet_ntop(AF_INET, &(v4->daddr), dest_ip, MAX_IPV6_ADDR_LEN);
+			break;
+		case	ADDR_TYPE_IPV6:
+			v6=a_stream->addr.tuple4_v6;
+			inet_ntop(AF_INET6, v6->saddr, source_ip, MAX_IPV6_ADDR_LEN);
+			inet_ntop(AF_INET6, v6->daddr, dest_ip, MAX_IPV6_ADDR_LEN);
+			break;
+		default:
+			break;
+	}
+
+	if(strlen(dest_ip)>0)
+	{
+		*dest_subscribe_id = (char*)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, dest_ip);
+	}
+
+	if(strlen(source_ip)>0)
+	{
+		*source_subscribe_id = (char*)Maat_plugin_get_EX_data(g_tsg_dynamic_maat_feather, g_tsg_para.dyn_subscribe_ip_table_id, source_ip);
+	}
+
+	return 0;
+}
+
 int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *a_stream, tsg_protocol_t proto, scan_status_t *mid, Maat_rule_t*result, int result_num)
 {
 	struct ipaddr t_addr;
-	struct ipaddr* p_addr = NULL;
-	char subscribe_id[64]={0};
+	struct ipaddr* p_addr=NULL;
 	int hit_num=0,tans_proto=0;
+	char *source_subscribe_id=NULL;
+	char *dest_subscribe_id=NULL;
 	int is_scan_addr=1, maat_ret=0,found_pos=0;
 	const struct streaminfo *cur_stream = a_stream;
 
+
 	if(result == NULL || result_num <= 0 || a_stream == NULL || maat_feather == NULL)
 	{
 		return -1;
@@ -322,13 +475,17 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
 	}while(cur_stream != NULL && hit_num < result_num);
 
 
-	if(hit_num<result_num && subscribe_id!=NULL && strlen(subscribe_id)>0)
+	if(hit_num<result_num)
+	{
+		tsg_get_subscribe_id(a_stream, &source_subscribe_id, &dest_subscribe_id);
+		
+		if(source_subscribe_id!=NULL)
 		{
 			maat_ret=Maat_full_scan_string(maat_feather,
 										g_tsg_para.subscribe_id_table_id,
 										CHARSET_GBK,
-										subscribe_id,
-										strlen(subscribe_id),
+										source_subscribe_id,
+										strlen(source_subscribe_id),
 										result+hit_num,
 										&found_pos,
 										result_num-hit_num,
@@ -338,6 +495,29 @@ int tsg_scan_nesting_addr(Maat_feather_t maat_feather, const struct streaminfo *
 			{
 				hit_num+=maat_ret;
 			}
+			
+			subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&source_subscribe_id, 0, g_tsg_para.logger);
+		}
+		
+		if(dest_subscribe_id!=NULL)
+		{
+			maat_ret=Maat_full_scan_string(maat_feather,
+										g_tsg_para.subscribe_id_table_id,
+										CHARSET_GBK,
+										dest_subscribe_id,
+										strlen(dest_subscribe_id),
+										result+hit_num,
+										&found_pos,
+										result_num-hit_num,
+										mid,
+										a_stream->threadnum);
+			if(maat_ret > 0)
+			{
+				hit_num+=maat_ret;
+			}
+			
+			subscribe_id_free_data(g_tsg_para.dyn_subscribe_ip_table_id,(MAAT_PLUGIN_EX_DATA *)&dest_subscribe_id, 0, g_tsg_para.logger);
+		}
 	}
 
 	return hit_num;