加入DNAT_POLICY表处理逻辑，修改CANDIDATE处理

1 files changed, 177 insertions, 72 deletions

diff --git a/src/ir_mctrl.cpp b/src/ir_mctrl.cpp
index d0ea89f..7f5c330 100644
--- a/src/ir_mctrl.cpp
+++ b/src/ir_mctrl.cpp
@@ -18,19 +18,24 @@ void s_d_start_cb(int update_type,void* u_para)
 	if(update_type==MAAT_RULE_UPDATE_TYPE_FULL)
 	{
 		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,Maat rule type is full",u_para);
-		if(!memcmp(u_para,DYNAMIC_NOMINEE_IP,strlen(DYNAMIC_NOMINEE_IP)))
+		if(!memcmp(u_para,DYNAMIC_NOMINEE_TABLE,strlen(DYNAMIC_NOMINEE_TABLE)))
 		{
 			mctrl_g.update_type_d=MAAT_RULE_UPDATE_TYPE_FULL;
 			mctrl_g.version_d++;
-			
 			MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,version:%d",u_para,mctrl_g.version_d);
 		}
-		else
+		else if(!memcmp(u_para,STATIC_NOMINEE_TABLE,strlen(STATIC_NOMINEE_TABLE)))
 		{
 			mctrl_g.update_type_s=MAAT_RULE_UPDATE_TYPE_FULL;
 			mctrl_g.version_s++;
 			MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,version:%d",u_para,mctrl_g.version_s);
 		}
+		else
+		{	
+			mctrl_g.update_type_dp=MAAT_RULE_UPDATE_TYPE_FULL;
+			mctrl_g.version_dp++;
+			MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"maat_rule_type", "table_name:%s,version:%d",u_para,mctrl_g.version_dp);
+		}
 	}
 	else
 	{
@@ -85,12 +90,12 @@ int set_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *tab
 
 	get_cur_time(nom_info.op_time);
 	
-	if(memcmp(ir_table_name,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+	if(!memcmp(ir_table_name,NOMINEE_TABLE,strlen(NOMINEE_TABLE)))
 	{
 		snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%d\t%s\t%s",
 			rule_id,nom_info.addr_pool_id,nom_info.addr_type,nom_info.src_ip,nom_info.is_valid,nom_info.effective_range,nom_info.op_time);
 	}
-	else
+	else 
 	{
 		snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s",
 			rule_id,nom_info.group_id,nom_info.addr_type,
@@ -131,7 +136,7 @@ int del_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *tab
 	line_rule.rule_id=rule_id;
 	line_rule.table_name=ir_table_name;
 	line_rule.table_line=NULL;
-	if(!memcmp(ir_table_name,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+	if(!memcmp(ir_table_name,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE)))
 	{
 		line_rule.expire_after=TIME_OUT;
 		p_line=&line_rule;
@@ -163,11 +168,23 @@ int del_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *tab
 	
 }
 
+long htable_del_update_search(void *data, const uchar *key, uint size, void *user_arg)
+{
+	int htable_flag=0;
+	char *htable_data=(char*)data;
+	if(htable_data!=NULL)
+	{
+		sscanf(htable_data,"%d\t",&htable_flag);
+	}
+	return htable_flag;
+}
+
 
-long htable_s_d_update_search(void *data, const uchar *key, uint size, void *user_arg)
+long htable_set_update_search(void *data, const uchar *key, uint size, void *user_arg)
 {
 	struct IR_MCTRL_INFO nom_info;
 	char *htable_data=(char*)data;
+	
 	if(htable_data!=NULL)
 	{
 		sscanf(htable_data,"%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s", 
@@ -176,19 +193,24 @@ long htable_s_d_update_search(void *data, const uchar *key, uint size, void *use
 			nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
 			&nom_info.action,&nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
 		
-		if(nom_info.nominee_type==DYNAMIC_NOMINEE)
+		if(nom_info.nominee_type==DYNAMIC_NOMINEE_INFO)
 		{
 			nom_info.version=mctrl_g.version_d;		
-			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_s_d_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
 		}
-		else if(nom_info.nominee_type==STATIC_NOMINEE)
+		else if(nom_info.nominee_type==STATIC_NOMINEE_INFO)
 		{
 			nom_info.version=mctrl_g.version_s;	
-			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_s_d_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
+		}
+		else if(nom_info.nominee_type==D_POLICY_INFO)
+		{
+			nom_info.version=mctrl_g.version_dp;
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d! version:%d!",nom_info.htable_flag,nom_info.version);
 		}
 		else
 		{
-			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_s_d_update_search","get htable flag:%d!",nom_info.htable_flag);
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"htable_set_update_search","get htable flag:%d!",nom_info.htable_flag);
 		}
 		
 		snprintf(htable_data,HTABLE_DATA_LEN, "%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s", 
@@ -196,7 +218,10 @@ long htable_s_d_update_search(void *data, const uchar *key, uint size, void *use
 			nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip,
 			nom_info.dst_port,nom_info.mask_dst_port,nom_info.procotol,nom_info.direction,nom_info.addr_pool_id,nom_info.is_valid,
 			nom_info.action,nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
-		
+	}
+	else
+	{	
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_INFO, (char*)"htable_set_update_search","htable info not exist！！！");
 	}
 	return nom_info.htable_flag;
 }
@@ -215,17 +240,17 @@ long htable_n_i_search(void *data, const uchar *key, uint size, void *user_arg)
 			nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
 			&nom_info.action,&nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
 		
-		if(!memcmp(user_arg,INTERCEPT_IP,strlen(INTERCEPT_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
-			htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG))
+		if(!memcmp(user_arg,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
+			htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG||htable_flag==D_POLICY_FLAG))
 		{
 			htable_flag+=INTERCEPT_FLAG;
 		}
-		else if(!memcmp(user_arg,NOMINEE_IP,strlen(NOMINEE_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
+		else if(!memcmp(user_arg,NOMINEE_TABLE,strlen(NOMINEE_TABLE))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG||
 			htable_flag==O_AND_I_FLAG||htable_flag==O_AND_C_AND_I_FLAG))
 		{
 			htable_flag+=NOMINEE_FLAG;
 		}
-		else if(!memcmp(user_arg,CANDIDATE_IP,strlen(CANDIDATE_IP))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_N_FLAG||
+		else if(!memcmp(user_arg,CANDIDATE_TABLE,strlen(CANDIDATE_TABLE))&&(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_N_FLAG||
 			htable_flag==O_AND_I_FLAG||htable_flag==O_AND_I_AND_N_FLAG))
 		{
 			htable_flag+=CANDIDATE_FLAG;
@@ -255,17 +280,17 @@ void n_i_table_update_cb(int table_id,const char* table_line,void* u_para)
 	int is_valid=-1;
 	long search_ret=0;
 
-	if(!memcmp(u_para,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+	if(!memcmp(u_para,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE)))
 	{
 		sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*d\t%*d\t%d",&rule_id,&is_valid);
 	}
-	else if(!memcmp(u_para,NOMINEE_IP,strlen(NOMINEE_IP)))
+	else if(!memcmp(u_para,NOMINEE_TABLE,strlen(NOMINEE_TABLE)))
 	{
 		sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%d",&rule_id,&is_valid);
 	}
 	else
 	{
-		sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*d\t%*s\t%*d\t%*d\t%*d\t%*d\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%*s\t%d",&rule_id,&is_valid);
+		sscanf(table_line,"%d\t%*d\t%*d\t%*s\t%*d\t%d",&rule_id,&is_valid);
 	}
 
 	unsigned char *key_id=(unsigned char*)&rule_id;
@@ -280,7 +305,7 @@ void n_i_table_update_cb(int table_id,const char* table_line,void* u_para)
 
 	if(htable_data==NULL)
 	{
-		if(!memcmp(u_para,INTERCEPT_IP,strlen(INTERCEPT_IP)))
+		if(!memcmp(u_para,INTERCEPT_TABLE,strlen(INTERCEPT_TABLE)))
 		{
 			del_ir_line(mctrl_g.i_feather,(char*)u_para,table_line,rule_id);
 		}
@@ -308,18 +333,55 @@ void htable_data_free(void *data)
 	return;
 }
 
+void del_redis_info(int flag,const char* table_line,int rule_id)
+{
+	switch(flag)
+	{
+		case ALL_EXIST_FLAG:
+			del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+			del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+			del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+			break;
+		case O_AND_I_AND_N_FLAG:
+			del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+			del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+			break;
+		case O_AND_C_AND_I_FLAG:
+			del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+			del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+			break;
+		case O_AND_C_AND_N_FLAG:
+			del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+			del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+			break;
+		case O_AND_I_FLAG:
+		case DP_AND_I_FLAG:
+			del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+			break;
+		case O_AND_C_FLAG:
+			del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE,table_line,rule_id);
+			break;
+		case O_AND_N_FLAG:
+			del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
+			break;
+		default:
+			break;
+	}
+	return;
+}
+
 void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
 {
 	int add_ret=0;
 	struct IR_MCTRL_INFO nom_info;
 	memset(&nom_info,0,sizeof(nom_info));
 	char *htable_data=NULL;
-	nom_info.htable_flag=S_OR_D_ORIGIN_FLAG;
+	void *search_result=NULL;
 	int rule_id=0;
 	int del_ret=0;
 	long cb_ret=0;
 
-	if(!memcmp(u_para,DYNAMIC_NOMINEE_IP,strlen(DYNAMIC_NOMINEE_IP)))
+	if(!memcmp(u_para,DYNAMIC_NOMINEE_TABLE,strlen(DYNAMIC_NOMINEE_TABLE)))
 	{
 		sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%d\t%s\t%*d\t%d\t%d\t%*d\t%s\t%s", 
 			&nom_info.region_id,&nom_info.addr_type,&nom_info.procotol,nom_info.src_ip,nom_info.src_port,
@@ -337,20 +399,44 @@ void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
 		memcpy(nom_info.effective_range,"{}",sizeof("{}"));
 		nom_info.action=96;
 		nom_info.service=832;
-		nom_info.nominee_type=DYNAMIC_NOMINEE; 
+		nom_info.htable_flag=S_OR_D_ORIGIN_FLAG;
+		nom_info.nominee_type=DYNAMIC_NOMINEE_INFO; 
 		
 	}
-	else
+	else if(!memcmp(u_para,STATIC_NOMINEE_TABLE,strlen(STATIC_NOMINEE_TABLE)))
 	{
 		sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s", 
 			&nom_info.region_id,&nom_info.group_id,&nom_info.addr_type,
 			nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip,
 			nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
 			&nom_info.action,&nom_info.service,nom_info.effective_range,nom_info.op_time);
+		nom_info.region_id+=500000000;
+		memcpy(nom_info.user_region,"0",sizeof("0"));
 		memcpy(nom_info.effective_range,"{}",sizeof("{}"));
+		nom_info.service=832;	
+		nom_info.htable_flag=S_OR_D_ORIGIN_FLAG;
+		nom_info.nominee_type=STATIC_NOMINEE_INFO; 
+	}
+	else
+	{
+		sscanf(table_line,"%d\t%d\t%s\t%s\t%d\t%*s\t%*s\t%d\t%d\t%d\t%d\t%s\t%s", 
+			&nom_info.region_id,&nom_info.addr_type,nom_info.dst_ip,nom_info.dst_port,&nom_info.procotol,
+			&nom_info.do_log,&nom_info.action,&nom_info.service,&nom_info.is_valid,
+			nom_info.effective_range,nom_info.op_time);
+		nom_info.group_id=nom_info.region_id;
+		memcpy(nom_info.src_ip,"0.0.0.0",sizeof("0.0.0.0"));
+		memcpy(nom_info.src_port,"0",sizeof("0"));
+		memcpy(nom_info.mask_src_ip,"0.0.0.0",sizeof("0.0.0.0"));
+		memcpy(nom_info.mask_src_port,"0",sizeof("0"));
+		memcpy(nom_info.mask_dst_ip,"0.0.0.0",sizeof("0.0.0.0"));
+		memcpy(nom_info.mask_dst_port,"0",sizeof("0"));
 		memcpy(nom_info.user_region,"0",sizeof("0"));
+		memcpy(nom_info.effective_range,"{}",sizeof("{}"));
+		nom_info.direction=0;
+		nom_info.action=96;
 		nom_info.service=832;
-		nom_info.nominee_type=STATIC_NOMINEE; 
+		nom_info.htable_flag=D_POLICY_FLAG;
+		nom_info.nominee_type=D_POLICY_INFO; 
 	}
 
 	unsigned char *key_id=(unsigned char*)&nom_info.region_id;
@@ -377,20 +463,20 @@ void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
 		}
 
 		
-		MESA_htable_search_cb(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_s_d_update_search,NULL,&cb_ret);
+		MESA_htable_search_cb(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_set_update_search,NULL,&cb_ret);
 
 		if(cb_ret==S_OR_D_ORIGIN_FLAG||cb_ret==O_AND_C_FLAG)
 		{
-			set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_IP,htable_data,rule_id);
-			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,htable_data,rule_id);
+			set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_TABLE,htable_data,rule_id);
+			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,htable_data,rule_id);
 		}
-		else if(cb_ret==O_AND_N_FLAG||cb_ret==O_AND_C_AND_N_FLAG)
+		else if(cb_ret==O_AND_N_FLAG||cb_ret==O_AND_C_AND_N_FLAG||cb_ret==D_POLICY_FLAG)
 		{
-			set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_IP,htable_data,rule_id);
+			set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_TABLE,htable_data,rule_id);
 		}
 		else if(cb_ret==O_AND_I_FLAG||cb_ret==O_AND_C_AND_I_FLAG)
 		{
-			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,htable_data,rule_id);
+			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,htable_data,rule_id);
 		}
 		else
 		{
@@ -401,9 +487,16 @@ void s_d_table_update_cb(int table_id,const char* table_line,void* u_para)
 	}
 	else if(nom_info.is_valid==0)
 	{
-		del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,table_line,rule_id);
-		del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,table_line,rule_id);
-		del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_IP,table_line,rule_id);
+		search_result=MESA_htable_search_cb(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_del_update_search,NULL,&cb_ret);
+		
+		if(search_result==NULL)
+		{
+			MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL, (char*)"write_update", "already del!!!");
+			return;
+		}
+
+		del_redis_info(cb_ret,table_line,rule_id);
+		
 		del_ret=MESA_htable_del(mctrl_g.s_d_htable,key_id,sizeof(rule_id),htable_data_free);
 		
 		if(del_ret<0)
@@ -437,14 +530,15 @@ void s_d_htable_iterate(const uchar * key, uint size, void * data, void * user)
 		nom_info.src_ip,nom_info.mask_src_ip,nom_info.src_port,nom_info.mask_src_port,nom_info.dst_ip,nom_info.mask_dst_ip,
 		nom_info.dst_port,nom_info.mask_dst_port,&nom_info.procotol,&nom_info.direction,&nom_info.addr_pool_id,&nom_info.is_valid,
 		&nom_info.action,&nom_info.service,nom_info.user_region,nom_info.effective_range,nom_info.op_time);
-	if((mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==STATIC_NOMINEE&&nom_info.version!=mctrl_g.version_s)||
-		(mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==DYNAMIC_NOMINEE&&nom_info.version!=mctrl_g.version_d))
+	if((mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==STATIC_NOMINEE_INFO&&nom_info.version!=mctrl_g.version_s)||
+		(mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==DYNAMIC_NOMINEE_INFO&&nom_info.version!=mctrl_g.version_d)||
+		(mctrl_g.update_type_dp==MAAT_RULE_UPDATE_TYPE_FULL&&nom_info.nominee_type==D_POLICY_INFO&&nom_info.version!=mctrl_g.version_dp))
 		
 	{
+		del_redis_info(nom_info.htable_flag,(char*)data,nom_info.region_id);
+		
 		unsigned char *key_id=(unsigned char*)&nom_info.region_id;
-		del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,(char*)data,nom_info.region_id);
-		del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,(char*)data,nom_info.region_id);
-		del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_IP,(char*)data,nom_info.region_id);
+		
 		del_ret=MESA_htable_del(mctrl_g.s_d_htable,key_id,sizeof(int),htable_data_free);
 				
 		if(del_ret<0)
@@ -458,20 +552,27 @@ void s_d_htable_iterate(const uchar * key, uint size, void * data, void * user)
 
 void s_d_finish_cb(void* u_para)
 {
-	if((!memcmp(u_para,DYNAMIC_NOMINEE_IP,strlen(DYNAMIC_NOMINEE_IP)))&&mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL)
+	if((!memcmp(u_para,DYNAMIC_NOMINEE_TABLE,strlen(DYNAMIC_NOMINEE_TABLE)))&&mctrl_g.update_type_d==MAAT_RULE_UPDATE_TYPE_FULL)
 	{
 		MESA_htable_iterate(mctrl_g.s_d_htable, s_d_htable_iterate,NULL);
 		mctrl_g.update_type_d=MAAT_RULE_UPDATE_TYPE_INC;
 		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,update_type:%d,finish succeed",u_para,mctrl_g.update_type_d);
 	}
-	else if((!memcmp(u_para,STATIC_NOMINEE_IP,strlen(STATIC_NOMINEE_IP)))&&mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL)
+	else if((!memcmp(u_para,STATIC_NOMINEE_TABLE,strlen(STATIC_NOMINEE_TABLE)))&&mctrl_g.update_type_s==MAAT_RULE_UPDATE_TYPE_FULL)
 	{
 		MESA_htable_iterate(mctrl_g.s_d_htable, s_d_htable_iterate,NULL);
 		mctrl_g.update_type_s=MAAT_RULE_UPDATE_TYPE_INC;	
 		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,update_type:%d,finish succeed",u_para,mctrl_g.update_type_s);
 	}
+	else if((!memcmp(u_para,DNAT_POLICY_TABLE,strlen(DNAT_POLICY_TABLE)))&&mctrl_g.update_type_dp==MAAT_RULE_UPDATE_TYPE_FULL)
+	{
+		
+		MESA_htable_iterate(mctrl_g.s_d_htable, s_d_htable_iterate,NULL);
+		mctrl_g.update_type_dp=MAAT_RULE_UPDATE_TYPE_INC;	
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,update_type:%d,finish succeed",u_para,mctrl_g.update_type_dp);
+	}
 	else
-	{	
+	{
 		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"maat_finish", "table_name:%s,finish succeed",u_para);
 	}
 	return;
@@ -519,21 +620,21 @@ void htable_iterate(const uchar * key, uint size, void * data, void * user)
 
 		if(htable_flag==S_OR_D_ORIGIN_FLAG||htable_flag==O_AND_C_FLAG)
 		{
-			set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,table_line,rule_id);
-			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,table_line,rule_id);
+			set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
+			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
 		}
-		else if(htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG)
+		else if(htable_flag==O_AND_N_FLAG||htable_flag==O_AND_C_AND_N_FLAG||htable_flag==D_POLICY_FLAG)
 		{
-			set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_IP,table_line,rule_id);
+			set_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE,table_line,rule_id);
 		}
 		else if(htable_flag==O_AND_I_FLAG||htable_flag==O_AND_C_AND_I_FLAG)
 		{
-			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_IP,table_line,rule_id);
+			set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE,table_line,rule_id);
 		}
 		else
 		{
 			MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"htable_iterate", "htable flag >=14: %d!",htable_flag);
-			assert(htable_flag>=S_OR_D_ORIGIN_FLAG);
+			assert(htable_flag>=D_POLICY_FLAG);
 		}
 	}
 	else 
@@ -556,6 +657,8 @@ void Maat_init()
     char table_info_path[MAX_PATH_LEN];
 	char logger_path[MAX_PATH_LEN];
     int max_thread_num=0;
+	int logger_level=0;
+	
     char Maat_redis_ip_d[MAX_STRING_LEN];
     int Maat_redis_port_d=0;
 	int Maat_redis_index_d=0;
@@ -571,17 +674,15 @@ void Maat_init()
 	char Maat_redis_ip_n[MAX_STRING_LEN];
     int Maat_redis_port_n=0;
 	int Maat_redis_index_n=0;
-	
-	int logger_level=0;
-	
-//dynamic server conf
+		
     MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section,"table_info_path", table_info_path, sizeof(table_info_path), "./conf/table_info.conf");
 	MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section,"logger_path", logger_path, sizeof(logger_path), "./log/ir_mctrl.log");
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"logger_level", &logger_level,RLOG_LV_FATAL);
     MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"max_thread_num", &max_thread_num, 1);
+//dynamic server conf	
     MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_ip", Maat_redis_ip_d, sizeof(Maat_redis_ip_d), "127.0.0.1");
     MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_port", &Maat_redis_port_d,6379);
 	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_index", &Maat_redis_index_d,1);
-	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"logger_level", &logger_level,RLOG_LV_FATAL);
 //static server conf
 	MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_s, "Maat_redis_ip", Maat_redis_ip_s, sizeof(Maat_redis_ip_s), "127.0.0.1");
 	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_s,"Maat_redis_port", &Maat_redis_port_s,6379);
@@ -618,23 +719,23 @@ void Maat_init()
 	Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_d,MAX_STRING_LEN);
 	Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_d,sizeof(Maat_redis_port_d));
 	Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_d,sizeof(Maat_redis_index_d));
-	Maat_set_feather_opt(mctrl_g.d_feather, MAAT_OPT_INSTANCE_NAME, DYNAMIC_NOMINEE_IP, strlen(DYNAMIC_NOMINEE_IP)+1);
+	Maat_set_feather_opt(mctrl_g.d_feather, MAAT_OPT_INSTANCE_NAME, DYNAMIC_NOMINEE_TABLE, strlen(DYNAMIC_NOMINEE_TABLE)+1);
 	
 	Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_s,MAX_STRING_LEN);
 	Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_s,sizeof(Maat_redis_port_s));
 	Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_s,sizeof(Maat_redis_index_s));
-	Maat_set_feather_opt(mctrl_g.s_feather, MAAT_OPT_INSTANCE_NAME, STATIC_NOMINEE_IP, strlen(STATIC_NOMINEE_IP)+1);
+	Maat_set_feather_opt(mctrl_g.s_feather, MAAT_OPT_INSTANCE_NAME, STATIC_NOMINEE_TABLE, strlen(STATIC_NOMINEE_TABLE)+1);
 	
 	Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_i,MAX_STRING_LEN);
 	Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_i,sizeof(Maat_redis_port_i));
 	Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_i,sizeof(Maat_redis_index_i));
-	Maat_set_feather_opt(mctrl_g.i_feather, MAAT_OPT_INSTANCE_NAME, INTERCEPT_IP, strlen(INTERCEPT_IP)+1);
+	Maat_set_feather_opt(mctrl_g.i_feather, MAAT_OPT_INSTANCE_NAME, INTERCEPT_TABLE, strlen(INTERCEPT_TABLE)+1);
 
 	Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_n,MAX_STRING_LEN);
 	Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_n,sizeof(Maat_redis_port_n));
 	Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_n,sizeof(Maat_redis_index_n));
-	Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, NOMINEE_IP, strlen(NOMINEE_IP)+1);
-	Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, CANDIDATE_IP, strlen(CANDIDATE_IP)+1);
+	Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, NOMINEE_TABLE, strlen(NOMINEE_TABLE)+1);
+	Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, CANDIDATE_TABLE, strlen(CANDIDATE_TABLE)+1);
 	
 	Maat_initiate_feather(mctrl_g.d_feather);
 	Maat_initiate_feather(mctrl_g.s_feather);
@@ -676,47 +777,51 @@ int main(int argc, char * argv [ ])
 	Maat_init();
 	htable_init();
 
-	char  static_nominee[]=STATIC_NOMINEE_IP;
-	char  dynamic_nominee[]=DYNAMIC_NOMINEE_IP;
-	char  nominee[]=NOMINEE_IP;
-	char  candidate[]=CANDIDATE_IP;
-	char  intercept[]=INTERCEPT_IP;
+	char  static_nominee[]=STATIC_NOMINEE_TABLE;
+	char  dynamic_nominee[]=DYNAMIC_NOMINEE_TABLE;
+	char  nominee[]=NOMINEE_TABLE;
+	char  candidate[]=CANDIDATE_TABLE;
+	char  intercept[]=INTERCEPT_TABLE;
+	char  d_policy[]=DNAT_POLICY_TABLE;
 
 	int static_id=-1;
 	int	dynamic_id=-1;
 	int nominee_id=-1;
 	int candidate_id=-1;
 	int intercept_id=-1;
+	int d_policy_id=-1;
 
 	static_id=Maat_table_register(mctrl_g.s_feather,static_nominee);
 	dynamic_id=Maat_table_register(mctrl_g.d_feather,dynamic_nominee);
 	nominee_id=Maat_table_register(mctrl_g.n_feather,nominee);
 	candidate_id=Maat_table_register(mctrl_g.n_feather,candidate);
 	intercept_id=Maat_table_register(mctrl_g.i_feather, intercept);
+	d_policy_id=Maat_table_register(mctrl_g.s_feather,d_policy);
 	
-	if(static_id==-1||dynamic_id==-1||nominee_id==-1||candidate_id==-1||intercept_id==-1)
+	if(static_id==-1||dynamic_id==-1||nominee_id==-1||candidate_id==-1||intercept_id==-1||d_policy_id==-1)
 	{
 		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"REGISTER_TABLE","Database table register failed\n");
 		assert(0);
 	}
 
-	read_plugin_table(mctrl_g.s_feather,STATIC_NOMINEE_IP,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
+	read_plugin_table(mctrl_g.s_feather,STATIC_NOMINEE_TABLE,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
 		static_nominee,mctrl_g.logger_handle,static_id);
-	read_plugin_table(mctrl_g.d_feather,DYNAMIC_NOMINEE_IP,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
+	read_plugin_table(mctrl_g.d_feather,DYNAMIC_NOMINEE_TABLE,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
 		dynamic_nominee,mctrl_g.logger_handle,dynamic_id);
+	read_plugin_table(mctrl_g.s_feather,DNAT_POLICY_TABLE,s_d_start_cb,s_d_table_update_cb,s_d_finish_cb,
+		d_policy,mctrl_g.logger_handle,d_policy_id);
 		
-	read_plugin_table(mctrl_g.i_feather,INTERCEPT_IP,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
+	read_plugin_table(mctrl_g.i_feather,INTERCEPT_TABLE,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
 		intercept,mctrl_g.logger_handle,intercept_id);
-	read_plugin_table(mctrl_g.n_feather,NOMINEE_IP,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
+	read_plugin_table(mctrl_g.n_feather,NOMINEE_TABLE,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
 		nominee,mctrl_g.logger_handle,nominee_id);
-	read_plugin_table(mctrl_g.n_feather,CANDIDATE_IP,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
+	read_plugin_table(mctrl_g.n_feather,CANDIDATE_TABLE,Maat_start_cb,n_i_table_update_cb,Maat_finish_cb,
 		candidate,mctrl_g.logger_handle,candidate_id);
 
-
 	while(1)
 	{
 		MESA_htable_iterate(mctrl_g.s_d_htable, htable_iterate, NULL);
-		sleep(86400);
+		sleep(SLEEP_TIME);
 	}
 		
 	Maat_burn_feather(mctrl_g.d_feather);