8 files changed, 783 insertions, 0 deletions

diff --git a/bin/conf/table_info.conf b/bin/conf/table_info.conf
index 3a13540..b1efd85 100644
--- a/bin/conf/table_info.conf
+++ b/bin/conf/table_info.conf
@@ -7,6 +7,22 @@
 #do_merege [yes/no]
 #cross cache [number]
 #quick mode [quickon/quickoff], default [quickoff]
+<<<<<<< HEAD
+#For ip/intval/digest/compile/group table.
+#id	name	type
+#
+#For plugin table. The first column's id is 1. 0 as not speicified.
+#id	name	type	column_define
+#
+#For expr/expr_plus Table
+#id	name	type	src_charset	dst_charset	do_merge cross_cache quick_mode
+0	IR_STATIC_NOMINEE_IP	plugin	{"key":1,"valid":15}	--
+1	IR_DYNAMIC_NOMINEE_IP	plugin	{"key":1,"valid":9}	--
+2	IR_DNAT_POLICY	plugin	{"key":1,"valid":12}	--
+3	IR_NOMINEE_IP	plugin	{"key":1,"valid":5}	--
+4	IR_INTERCEPT_IP	plugin	{"key":1,"valid":14}	--
+5	IR_CANDIDATE_IP	plugin	{"key":1,"valid":6}	--
+=======
 #For ip/intval/digest/compile/group
 #id	name	type
 #
@@ -23,4 +39,5 @@
 5	IR_CANDIDATE_IP	plugin	6	--
 
 
+>>>>>>> 263cdc86b5b2f58bd3003f0af3234bc4ea4690a4
 
diff --git a/bin/mctrl b/bin/mctrl
new file mode 100644
index 0000000..7f3a1ec
--- /dev/null
+++ b/bin/mctrl
diff --git a/bin/mctrl_r2 b/bin/mctrl_r2
index 80a27a3..595546b 100644
--- a/bin/mctrl_r2
+++ b/bin/mctrl_r2
@@ -1,4 +1,8 @@
+<<<<<<< HEAD
+killall mctrl_r3 mctrl
+=======
 killall mctrl_r3 ir_mctrl
+>>>>>>> 263cdc86b5b2f58bd3003f0af3234bc4ea4690a4
 ./mctrl_r3 &> /dev/null &
 #./kill_sapp_by_mem.sh &> /dev/null &
 
diff --git a/bin/mctrl_r3 b/bin/mctrl_r3
index 2d9ddfc..6928cb5 100644
--- a/bin/mctrl_r3
+++ b/bin/mctrl_r3
@@ -11,7 +11,11 @@ while [ 1 ]; do
                 ulimit -c 0
         fi
 
+<<<<<<< HEAD
+    ./mctrl > /dev/null
+=======
     ./ir_mctrl > /dev/null
+>>>>>>> 263cdc86b5b2f58bd3003f0af3234bc4ea4690a4
         echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
     sleep 10
 done
diff --git a/doc/IP复用项目mctrl说明文档.docx b/doc/IP复用项目mctrl说明文档.docx
index 7695387..4f9e27b 100644
--- a/doc/IP复用项目mctrl说明文档.docx
+++ b/doc/IP复用项目mctrl说明文档.docx
diff --git a/src/Makefile b/src/Makefile
index 22edc9d..40b519d 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -5,8 +5,13 @@ CFLAGS = -Wall -g -fPIC
 #1INC	+= /usr/include/MESA
 LDFLAGS = -L./lib/
 LIBS = -lMESA_handle_logger -lMESA_prof_load -lMESA_htable -lmaatframe
+<<<<<<< HEAD
+OBJ =mctrl.o
+TARGET =mctrl
+=======
 OBJ =ir_mctrl.o
 TARGET =ir_mctrl
+>>>>>>> 263cdc86b5b2f58bd3003f0af3234bc4ea4690a4
 
 .cpp.o:
 	$(CCC) -c $(CFLAGS) $(INC) $<
diff --git a/src/mctrl.cpp b/src/mctrl.cpp
new file mode 100644
index 0000000..4f347ac
--- /dev/null
+++ b/src/mctrl.cpp
@@ -0,0 +1,665 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <unistd.h>
+#include <time.h>
+#include "MESA_prof_load.h"
+#include "MESA_handle_logger.h"
+#include "Maat_rule.h"
+#include "Maat_command.h"
+#include "mctrl.h"
+#include "MESA_htable.h"
+
+struct mctrl_glocal_info mctrl_g;
+
+void mctrl_get_cur_time(char *date)
+{   
+	time_t t;
+    struct tm *lt;
+    time(&t);
+    lt = localtime(&t);
+    snprintf(date, MAX_TIME_LEN,"%d/%d/%d/%d:%d:%d",lt->tm_year+1900, lt->tm_mon+1, lt->tm_mday, lt->tm_hour, lt->tm_min, lt->tm_sec);
+}
+
+int set_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *table_line,int rule_id)
+{
+	const struct Maat_line_t *p_line;
+	struct Maat_line_t line_rule;
+	int ret = 0;
+	char m_table_line[HTABLE_DATA_LEN];
+	struct IR_MCTRL_INFO mctrl_info;
+	memset(&mctrl_info,0,sizeof(mctrl_info));
+	memset(&line_rule, 0,sizeof(line_rule));
+
+	line_rule.label_id=0;
+	line_rule.rule_id=rule_id;
+	line_rule.table_name=ir_table_name;
+
+	sscanf(table_line, "%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s", 
+		&mctrl_info.htable_flag,&mctrl_info.region_id,&mctrl_info.group_id,&mctrl_info.addr_type,
+		mctrl_info.src_ip,mctrl_info.mask_src_ip,mctrl_info.src_port,mctrl_info.mask_src_port,mctrl_info.dst_ip,mctrl_info.mask_dst_ip,
+		mctrl_info.dst_port,mctrl_info.mask_dst_port,&mctrl_info.procotol,&mctrl_info.direction,&mctrl_info.addr_pool_id,&mctrl_info.is_valid,
+		&mctrl_info.action,&mctrl_info.service,mctrl_info.user_region,mctrl_info.effective_range,mctrl_info.op_time);
+
+	mctrl_get_cur_time(mctrl_info.op_time);
+	
+	if(!memcmp(ir_table_name,NOMINEE_TABLE_NAME,strlen(NOMINEE_TABLE_NAME)))
+	{
+		snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%d\t%s\t%s",
+			rule_id,mctrl_info.addr_pool_id,mctrl_info.addr_type,mctrl_info.src_ip,mctrl_info.is_valid,mctrl_info.effective_range,mctrl_info.op_time);
+	}
+	else 
+	{
+		snprintf(m_table_line,sizeof(m_table_line),"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s",
+			rule_id,mctrl_info.group_id,mctrl_info.addr_type,
+			mctrl_info.src_ip,mctrl_info.mask_src_ip,mctrl_info.src_port,mctrl_info.mask_src_port,mctrl_info.dst_ip,mctrl_info.mask_dst_ip,
+			mctrl_info.dst_port,mctrl_info.mask_dst_port,mctrl_info.procotol,mctrl_info.direction,
+			mctrl_info.is_valid,mctrl_info.action,mctrl_info.service,mctrl_info.user_region,mctrl_info.effective_range,mctrl_info.op_time);
+	}
+	
+	line_rule.table_line=m_table_line;
+	line_rule.expire_after=0;
+	p_line=&line_rule;
+
+	ret=Maat_cmd_set_line(feather, p_line, MAAT_OP_ADD);
+
+	MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL, (char*)"set_line", "set_table_name:%s  set_table_line:%s",ir_table_name,m_table_line);
+	
+	if(ret==-1)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"set_line","%s:set rule_id:%d  redis  line error",ir_table_name,rule_id);
+	}
+	else
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"set_line","%s:set rule_id:%d  redis line success",ir_table_name,rule_id);
+	}
+	return ret;
+}
+
+
+int del_ir_line(Maat_feather_t feather,const char *ir_table_name,const char *table_line,int rule_id)
+{
+	int ret=0;
+	
+	const struct Maat_line_t *p_line;
+	struct Maat_line_t line_rule;
+	memset(&line_rule,0,sizeof(line_rule));
+	
+	line_rule.label_id=0;
+	line_rule.rule_id=rule_id;
+	line_rule.table_name=ir_table_name;
+	line_rule.table_line=NULL;
+	if(!memcmp(ir_table_name,INTERCEPT_TABLE_NAME,strlen(NOMINEE_TABLE_NAME)))
+	{
+		line_rule.expire_after=TIME_OUT;
+		p_line=&line_rule;
+		ret=Maat_cmd_set_line(feather, p_line, MAAT_OP_RENEW_TIMEOUT);
+	}
+	else
+	{
+		line_rule.expire_after=0;
+		p_line=&line_rule;
+		ret=Maat_cmd_set_line(feather, p_line, MAAT_OP_DEL);
+	}
+
+	MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL, (char*)"del_line", "del_table_name:%s  del_rule_id is:%d  table_line:%s",ir_table_name,rule_id,table_line);
+	
+	if(ret==-1)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"del_line","%s:del rule_id is %d  redis line error",ir_table_name,rule_id);
+	}
+	else
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"del_line","%s:del rule_id is %d  redis line success",ir_table_name,rule_id);
+	}
+	
+	return ret;
+	
+}
+
+void set_ir_redis_info(int flag,const char* table_line,int rule_id)
+{
+	if((!(flag & INTERCEPT_FLAG))&&((flag & STATIC_NOMINEE_FLAG)||(flag & DYNAMIC_NOMINEE_FLAG)||(flag & DNAT_POLICY_FLAG)))
+	{
+		set_ir_line(mctrl_g.i_feather, (char*)INTERCEPT_TABLE_NAME,table_line,rule_id);
+	}
+
+	if((!(flag & NOMINEE_FLAG))&&((flag & STATIC_NOMINEE_FLAG)||(flag & DYNAMIC_NOMINEE_FLAG)))
+	{
+		set_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE_NAME,table_line,rule_id);
+	}
+
+	return;
+}
+
+void del_ir_redis_info(int flag,const char* table_line,int rule_id)
+{
+	if(flag & INTERCEPT_FLAG)
+	{
+		del_ir_line(mctrl_g.i_feather,(char*)INTERCEPT_TABLE_NAME,table_line,rule_id);
+	}
+
+	if(flag & NOMINEE_FLAG)
+	{
+		del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE_NAME,table_line,rule_id);
+	}
+
+	if(flag & CANDIDATE_FLAG)
+	{
+		del_ir_line(mctrl_g.n_feather,(char*)CANDIDATE_TABLE_NAME,table_line,rule_id);
+	}
+	
+	return;
+}
+
+long new_update_search_htable_cb(void *data, const uchar *key, uint size, void *user_arg)
+{
+	int rule_id=0;
+	int htable_flag=*(int*)user_arg;
+	char *htable_data=(char*)data;
+	if(htable_data!=NULL)
+	{
+		sscanf(htable_data,"%d\t%d",&htable_flag,&rule_id);
+		set_ir_redis_info(htable_flag,htable_data,rule_id);
+	}
+	return htable_flag;
+}
+
+long free_update_search_htable_cb(void *data, const uchar *key, uint size, void *user_arg)
+{
+	int rule_id=0;
+	int htable_flag=0;
+	char *htable_data=(char*)data;
+	if(htable_data!=NULL)
+	{
+		sscanf(htable_data,"%d\t%d",&htable_flag,&rule_id);
+		del_ir_redis_info(htable_flag,htable_data,rule_id);	
+	}
+	return htable_flag;
+}
+
+
+void htable_data_free(void *data)
+{
+	if(data!=NULL)
+	{
+		int rule_id=0;
+		sscanf((char*)data,"%*d\t%d",&rule_id);
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_INFO, (char*)"htable_data_free","rule_id is:%d",rule_id);
+		free(data);
+		data=NULL;
+	}
+	return;
+}
+
+void static_dynamic_dpolicy_table_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	struct IR_MCTRL_INFO mctrl_info;
+	memset(&mctrl_info,0,sizeof(mctrl_info));
+	char *htable_data=NULL;
+	void *search_result=NULL;
+	int *add_data=NULL;
+	int add_ret=0;
+	long cb_ret=0;
+	
+	switch(table_id)
+	{
+		case DYNAMIC_NOMINEE_ID:
+			mctrl_info.addr_pool_id=0;
+			memcpy(mctrl_info.src_port,"0",sizeof("0"));
+			memcpy(mctrl_info.mask_src_ip,"0.0.0.0",sizeof("0.0.0.0"));
+			memcpy(mctrl_info.mask_src_port,"0",sizeof("0"));
+			memcpy(mctrl_info.dst_ip,"0.0.0.0",sizeof("0.0.0.0"));
+			memcpy(mctrl_info.mask_dst_ip,"0.0.0.0",sizeof("0.0.0.0"));
+			memcpy(mctrl_info.dst_port,"0",sizeof("0"));
+			memcpy(mctrl_info.mask_dst_port,"0",sizeof("0"));
+			memcpy(mctrl_info.effective_range,"{}",sizeof("{}"));
+			mctrl_info.action=96;
+			mctrl_info.service=832;
+			mctrl_info.htable_flag=DYNAMIC_NOMINEE_FLAG;
+			sscanf(table_line,"%d\t%d\t%d\t%s\t%*s\t%d\t%s\t%*d\t%d\t%d\t%*d\t%*s\t%*s", 
+				&mctrl_info.region_id,&mctrl_info.addr_type,&mctrl_info.procotol,mctrl_info.src_ip,
+				&mctrl_info.direction,mctrl_info.user_region,&mctrl_info.is_valid,&mctrl_info.service);
+			mctrl_info.region_id=(mctrl_info.region_id%SNAT_DYNAMIC_NUMBER)+SNAT_DYNAMIC_NUMBER;
+			mctrl_info.group_id=mctrl_info.region_id;
+			break;
+		case STATIC_NOMINEE_ID:
+			memcpy(mctrl_info.user_region,"0",sizeof("0"));
+			memcpy(mctrl_info.effective_range,"{}",sizeof("{}"));
+			mctrl_info.service=832; 
+			mctrl_info.htable_flag=STATIC_NOMINEE_FLAG;
+			sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%*d\t%*s\t%*s", 
+				&mctrl_info.region_id,&mctrl_info.group_id,&mctrl_info.addr_type,
+				mctrl_info.src_ip,mctrl_info.mask_src_ip,mctrl_info.src_port,mctrl_info.mask_src_port,mctrl_info.dst_ip,mctrl_info.mask_dst_ip,
+				mctrl_info.dst_port,mctrl_info.mask_dst_port,&mctrl_info.procotol,&mctrl_info.direction,&mctrl_info.addr_pool_id,&mctrl_info.is_valid,
+				&mctrl_info.action);
+			mctrl_info.region_id=(mctrl_info.region_id%DNAT_NUMBER)+DNAT_NUMBER;
+			break;
+		case DNAT_POLICY_ID:
+			memcpy(mctrl_info.src_ip,"0.0.0.0",sizeof("0.0.0.0"));
+			memcpy(mctrl_info.src_port,"0",sizeof("0"));
+			memcpy(mctrl_info.mask_src_ip,"0.0.0.0",sizeof("0.0.0.0"));
+			memcpy(mctrl_info.mask_src_port,"0",sizeof("0"));
+			memcpy(mctrl_info.mask_dst_ip,"0.0.0.0",sizeof("0.0.0.0"));
+			memcpy(mctrl_info.mask_dst_port,"0",sizeof("0"));
+			memcpy(mctrl_info.user_region,"0",sizeof("0"));
+			memcpy(mctrl_info.effective_range,"{}",sizeof("{}"));
+			mctrl_info.direction=0;
+			mctrl_info.action=96;
+			mctrl_info.service=832;
+			mctrl_info.htable_flag=DNAT_POLICY_FLAG;
+			sscanf(table_line,"%d\t%d\t%s\t%s\t%d\t%*s\t%*s\t%*s\t%d\t%*d\t%*d\t%d\t%*s\t%*s", 
+				&mctrl_info.region_id,&mctrl_info.addr_type,mctrl_info.dst_ip,mctrl_info.dst_port,&mctrl_info.procotol,
+				&mctrl_info.do_log,&mctrl_info.is_valid);
+			mctrl_info.group_id=mctrl_info.region_id;
+			mctrl_info.region_id=mctrl_info.region_id%DNAT_NUMBER;
+			break;
+		default:	
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"static_dynamic_dpolicy_table_new_cb","read_snat_or_dnat table flag error!!table_id:%d",table_id);
+			assert(0);
+			break;
+	}
+	
+	search_result=MESA_htable_search_cb(mctrl_g.mctrl_htable_handle,(unsigned char*)&mctrl_info.region_id,sizeof(int),new_update_search_htable_cb,argp,&cb_ret);
+	if(search_result==NULL)
+	{	
+		htable_data=(char*)malloc(HTABLE_DATA_LEN);
+		
+		if(htable_data==NULL)
+		{
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"static_dynamic_dpolicy_table_new_cb","malloc htable_data error!!table_id:%d,rule_id:%d",table_id,mctrl_info.region_id);
+			exit(1);
+		}
+		snprintf(htable_data,HTABLE_DATA_LEN,"%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s", 
+			mctrl_info.htable_flag,mctrl_info.region_id,mctrl_info.group_id,mctrl_info.addr_type,
+			mctrl_info.src_ip,mctrl_info.mask_src_ip,mctrl_info.src_port,mctrl_info.mask_src_port,mctrl_info.dst_ip,mctrl_info.mask_dst_ip,
+			mctrl_info.dst_port,mctrl_info.mask_dst_port,mctrl_info.procotol,mctrl_info.direction,mctrl_info.addr_pool_id,mctrl_info.is_valid,
+			mctrl_info.action,mctrl_info.service,mctrl_info.user_region,mctrl_info.effective_range,mctrl_info.op_time);
+		add_ret=MESA_htable_add(mctrl_g.mctrl_htable_handle,(unsigned char*)&mctrl_info.region_id,sizeof(int),htable_data);
+
+		if(add_ret<0)
+		{
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"static_dynamic_dpolicy_table_new_cb","add htable error:%d,table_id:%d,rule_id:%d",add_ret,table_id,mctrl_info.region_id);
+			assert(0);
+		}
+		else
+		{
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"static_dynamic_dpolicy_table_new_cb","add htable succeed:%d,table_id:%d,rule_id:%d",add_ret,table_id,mctrl_info.region_id);
+		}
+		set_ir_redis_info(cb_ret,htable_data,mctrl_info.region_id);
+		add_data=(int*)calloc(sizeof(int),1);
+		if(add_data==NULL)
+		{
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"static_dynamic_dpolicy_table_new_cb","malloc add_data error!!table_id:%d,rule_id:%d",table_id,mctrl_info.region_id);
+			exit(1);
+		}
+		*add_data=mctrl_info.region_id;
+		*ad=add_data;
+	}
+	else
+	{	
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_INFO, (char*)"static_dynamic_dpolicy_table_new_cb","htable_info exit!table_id:%d rule_id:%d",table_id,mctrl_info.region_id);
+	}
+
+	return;
+}
+void static_dynamic_dpolicy_table_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	void* search_result=NULL;
+	int del_ret=0;
+	long cb_ret=0;
+	search_result=MESA_htable_search_cb(mctrl_g.mctrl_htable_handle,(unsigned char*)*ad,sizeof(int),free_update_search_htable_cb,NULL,&cb_ret);
+	
+	if(search_result==NULL)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"static_dynamic_dpolicy_table_free_cb", "already del!!!table_id:%d",table_id);
+	}
+	else
+	{	
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO, (char*)"static_dynamic_dpolicy_table_free_cb", "del data,table_id:%d,rule_id:%d",table_id,*(int*)*ad);
+		del_ret=MESA_htable_del(mctrl_g.mctrl_htable_handle,(unsigned char*)*ad,sizeof(int),htable_data_free);
+		
+		if(del_ret<0)
+		{
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"static_dynamic_dpolicy_table_free_cb","del htable error:%d,table_id:%d,rule_id:%d",del_ret,table_id,*(int*)*ad);
+			assert(0);
+		}
+	}
+
+	if(*ad!=NULL)
+	{
+		free(*ad);
+	}
+	
+	*ad=NULL;
+	return;
+}
+
+long nominee_intercept_candidate_search_htable_cb(void *data, const uchar *key, uint size, void *user_arg)
+{
+	int htable_flag=0;
+	struct IR_MCTRL_INFO mctrl_info;
+	memset(&mctrl_info,0,sizeof(mctrl_info));
+	char *htable_data=(char*)data;
+
+	if(htable_data==NULL)
+	{
+		return htable_flag;
+	}
+	
+	sscanf(htable_data, "%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s", 
+		&htable_flag,&mctrl_info.region_id,&mctrl_info.group_id,&mctrl_info.addr_type,
+		mctrl_info.src_ip,mctrl_info.mask_src_ip,mctrl_info.src_port,mctrl_info.mask_src_port,mctrl_info.dst_ip,mctrl_info.mask_dst_ip,
+		mctrl_info.dst_port,mctrl_info.mask_dst_port,&mctrl_info.procotol,&mctrl_info.direction,&mctrl_info.addr_pool_id,&mctrl_info.is_valid,
+		&mctrl_info.action,&mctrl_info.service,mctrl_info.user_region,mctrl_info.effective_range,mctrl_info.op_time);
+
+	switch(*(int*)user_arg)
+	{
+		case INTERCEPT_FLAG:
+			if(!(htable_flag & INTERCEPT_FLAG))	
+			{	
+				htable_flag+=INTERCEPT_FLAG;
+			}
+			break;
+		case NOMINEE_FLAG:
+			if(!(htable_flag & NOMINEE_FLAG))
+			{
+				htable_flag+=NOMINEE_FLAG;
+			}
+			break;
+		case CANDIDATE_FLAG:
+			if(!(htable_flag & CANDIDATE_FLAG))
+			{
+				htable_flag+=CANDIDATE_FLAG;
+			}
+			break;
+		default:
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"nominee_intercept_candidate_search_htable_cb","read nom_intercept_candidate_table error!!!table_flag:%d",*(int*)user_arg);	
+			assert(0);
+			break;
+	}
+	
+	snprintf(htable_data,HTABLE_DATA_LEN, "%d\t%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%s\t%s\t%s", 
+		htable_flag,mctrl_info.region_id,mctrl_info.group_id,mctrl_info.addr_type,
+		mctrl_info.src_ip,mctrl_info.mask_src_ip,mctrl_info.src_port,mctrl_info.mask_src_port,mctrl_info.dst_ip,mctrl_info.mask_dst_ip,
+		mctrl_info.dst_port,mctrl_info.mask_dst_port,mctrl_info.procotol,mctrl_info.direction,mctrl_info.addr_pool_id,mctrl_info.is_valid,
+		mctrl_info.action,mctrl_info.service,mctrl_info.user_region,mctrl_info.effective_range,mctrl_info.op_time);
+		
+	MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"nominee_intercept_candidate_search_htable_cb","table_flag:%d ,Data rule_id:%d  htable_flag:%d",*(int*)user_arg,mctrl_info.region_id, htable_flag);	
+
+	return htable_flag;
+}
+
+void nominee_intercept_candidate_table_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	long search_ret=0;
+	void* search_htable_result=NULL;
+	int rule_id=0;
+	int *add_data=NULL;
+	sscanf(table_line,"%d\t",&rule_id);
+
+	if(*(int*)argp==NOMINEE_FLAG&&rule_id<DNAT_NUMBER)
+	{
+		del_ir_line(mctrl_g.n_feather,(char*)NOMINEE_TABLE_NAME,table_line,rule_id);
+		return;
+	}
+	
+	search_htable_result=MESA_htable_search_cb(mctrl_g.mctrl_htable_handle,(unsigned char*)&rule_id,sizeof(int), nominee_intercept_candidate_search_htable_cb,argp,&search_ret);
+
+	if(search_htable_result==NULL)
+	{
+		del_ir_redis_info(*(int*)argp,table_line,rule_id);
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"nominee_intercept_candidate_table_new_cb","table_id:%d,rule_id:%d htable data not exist,del it!",table_id,rule_id);
+	}
+	else
+	{
+		add_data=(int*)calloc(sizeof(int),1);
+		if(add_data==NULL)
+		{
+			MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_FATAL, (char*)"nominee_intercept_candidate_table_new_cb","table_id:%d,rule_id:%d,malloc add_data error!!",table_id,rule_id);
+			exit(1);
+		}
+		*add_data=rule_id;
+		*ad=add_data;
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_DEBUG, (char*)"nominee_intercept_candidate_table_new_cb","htable data exist!table_id:%d,rule_id:%d",table_id,rule_id);
+	}
+
+	return;
+}
+void nominee_intercept_candidate_table_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp)
+{
+	if(*ad!=NULL)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle, RLOG_LV_INFO, (char*)"nominee_intercept_candidate_table_free_cb"," del table_id:%d,rule_id:%d, del succeed",table_id,*(int*)*ad);
+		free(*ad);
+	}
+	
+	*ad=NULL;
+	return;
+}
+
+void plugin_EX_dup_cb(int table_id,	MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp)
+{
+	*to=*from;
+	return;
+}
+
+int register_plugin_ex_table(Maat_feather_t feather, int table_id,
+										Maat_plugin_EX_new_func_t* new_func,
+										Maat_plugin_EX_free_func_t* free_func,
+										Maat_plugin_EX_dup_func_t* dup_func,
+										Maat_plugin_EX_key2index_func_t* key2index_func,
+										long argl, void *argp)
+{
+	int ret=0;
+
+	ret=Maat_plugin_EX_register(feather,table_id,new_func,free_func,dup_func,key2index_func,argl,argp);
+	if(ret<0)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL, (char*)"REGISTER_TABLE", "Maat callback register table %s error.\n",argp);
+		assert(0);
+	}
+	
+	return ret;
+}
+
+void htable_iterate(const uchar * key, uint size, void * data, void * user)
+{
+	int htable_flag=0;
+	int rule_id=0;
+	char *table_line=(char*)data;
+	sscanf(table_line,"%d\t%d",&htable_flag,&rule_id);
+										
+	set_ir_redis_info(htable_flag,table_line,rule_id);
+											
+	return;
+}
+
+void Maat_init()
+{
+// load conf
+	const char *section = "Mctrl";
+    const char *section_d = "Mctrl_D";
+	const char *section_s = "Mctrl_S";
+    const char *section_i = "Mctrl_I";
+	const char *section_n = "Mctrl_N";
+    char table_info_path[MAX_PATH_LEN];
+	char logger_path[MAX_PATH_LEN];
+    int max_thread_num=0;
+	int logger_level=0;
+	
+    char Maat_redis_ip_d[MAX_STRING_LEN];
+    int Maat_redis_port_d=0;
+	int Maat_redis_index_d=0;
+	
+	char Maat_redis_ip_s[MAX_STRING_LEN];
+    int Maat_redis_port_s=0;
+	int Maat_redis_index_s=0;
+	
+	char Maat_redis_ip_i[MAX_STRING_LEN];
+    int Maat_redis_port_i=0;
+	int Maat_redis_index_i=0;
+	
+	char Maat_redis_ip_n[MAX_STRING_LEN];
+    int Maat_redis_port_n=0;
+	int Maat_redis_index_n=0;
+		
+    MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section,"table_info_path", table_info_path, sizeof(table_info_path), "./conf/table_info.conf");
+	MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section,"logger_path", logger_path, sizeof(logger_path), "./log/ir_mctrl.log");
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"logger_level", &logger_level,RLOG_LV_FATAL);
+    MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section,"max_thread_num", &max_thread_num, 1);
+//dynamic server conf	
+    MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_ip", Maat_redis_ip_d, sizeof(Maat_redis_ip_d), "127.0.0.1");
+    MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_port", &Maat_redis_port_d,6379);
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_d,"Maat_redis_index", &Maat_redis_index_d,1);
+//static server conf
+	MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_s, "Maat_redis_ip", Maat_redis_ip_s, sizeof(Maat_redis_ip_s), "127.0.0.1");
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_s,"Maat_redis_port", &Maat_redis_port_s,6379);
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_s,"Maat_redis_index", &Maat_redis_index_s,0);
+//nominee and candidate conf
+	MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_n,"Maat_redis_ip", Maat_redis_ip_n, sizeof(Maat_redis_ip_n), "127.0.0.1");
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_n,"Maat_redis_port", &Maat_redis_port_n,6379);
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_n,"Maat_redis_index", &Maat_redis_index_n,0);
+//intercept conf
+	MESA_load_profile_string_def((char*)MCTRL_CONF_FILE, section_i,"Maat_redis_ip", Maat_redis_ip_i, sizeof(Maat_redis_ip_i), "127.0.0.1");
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_i,"Maat_redis_port", &Maat_redis_port_i,6379);
+	MESA_load_profile_int_def((char*)MCTRL_CONF_FILE, section_i,"Maat_redis_index", &Maat_redis_index_i,0);
+
+//log
+	mctrl_g.logger_handle=MESA_create_runtime_log_handle(logger_path,logger_level);
+	if(mctrl_g.logger_handle == NULL)
+	{
+		printf("IR MESA_create_runtime_log_handle() error!\n");
+		assert(0);
+	}
+
+//redis	
+	mctrl_g.d_feather = Maat_feather(max_thread_num,table_info_path,mctrl_g.logger_handle);
+	mctrl_g.s_feather = Maat_feather(max_thread_num,table_info_path,mctrl_g.logger_handle);
+	mctrl_g.n_feather = Maat_feather(max_thread_num,table_info_path,mctrl_g.logger_handle);
+	mctrl_g.i_feather = Maat_feather(max_thread_num,table_info_path,mctrl_g.logger_handle);
+	
+	if(mctrl_g.d_feather==NULL||mctrl_g.s_feather==NULL||mctrl_g.n_feather==NULL||mctrl_g.i_feather==NULL)
+	{
+	   MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"maat init","IR maat_feather error!");
+	   assert(0);
+	}
+		   
+	Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_d,MAX_STRING_LEN);
+	Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_d,sizeof(Maat_redis_port_d));
+	Maat_set_feather_opt(mctrl_g.d_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_d,sizeof(Maat_redis_index_d));
+	Maat_set_feather_opt(mctrl_g.d_feather, MAAT_OPT_INSTANCE_NAME, DYNAMIC_NOMINEE_TABLE_NAME, strlen(DYNAMIC_NOMINEE_TABLE_NAME)+1);
+	
+	Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_s,MAX_STRING_LEN);
+	Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_s,sizeof(Maat_redis_port_s));
+	Maat_set_feather_opt(mctrl_g.s_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_s,sizeof(Maat_redis_index_s));
+	Maat_set_feather_opt(mctrl_g.s_feather, MAAT_OPT_INSTANCE_NAME, STATIC_NOMINEE_TABLE_NAME, strlen(STATIC_NOMINEE_TABLE_NAME)+1);
+	
+	Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_i,MAX_STRING_LEN);
+	Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_i,sizeof(Maat_redis_port_i));
+	Maat_set_feather_opt(mctrl_g.i_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_i,sizeof(Maat_redis_index_i));
+	Maat_set_feather_opt(mctrl_g.i_feather, MAAT_OPT_INSTANCE_NAME, INTERCEPT_TABLE_NAME, strlen(INTERCEPT_TABLE_NAME)+1);
+
+	Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_IP,Maat_redis_ip_n,MAX_STRING_LEN);
+	Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_PORT,&Maat_redis_port_n,sizeof(Maat_redis_port_n));
+	Maat_set_feather_opt(mctrl_g.n_feather,MAAT_OPT_REDIS_INDEX,&Maat_redis_index_n,sizeof(Maat_redis_index_n));
+	Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, NOMINEE_TABLE_NAME, strlen(NOMINEE_TABLE_NAME)+1);
+	Maat_set_feather_opt(mctrl_g.n_feather, MAAT_OPT_INSTANCE_NAME, CANDIDATE_TABLE_NAME, strlen(CANDIDATE_TABLE_NAME)+1);
+	
+	Maat_initiate_feather(mctrl_g.d_feather);
+	Maat_initiate_feather(mctrl_g.s_feather);
+	Maat_initiate_feather(mctrl_g.i_feather);
+	Maat_initiate_feather(mctrl_g.n_feather);
+	
+}
+
+
+int htable_init()
+{
+	int htable_ret=0;
+	mctrl_g.mctrl_htable_handle = MESA_htable_born();
+	if(mctrl_g.mctrl_htable_handle == NULL)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"htable init","htable born failed");
+		assert(0);
+		return -1;
+	}
+	
+	htable_ret = MESA_htable_mature(mctrl_g.mctrl_htable_handle);
+	
+	if(0 == htable_ret)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_INFO,(char*)"htable init","htable mature succ");
+		return 0;
+	}
+	else
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"htable init","htable mature failed");
+		assert(0);
+		return -1;
+	}
+}
+
+int main(int argc, char * argv [ ])
+{
+	
+	Maat_init();
+	htable_init();
+	
+	int static_flag=STATIC_NOMINEE_FLAG;
+	int	dynamic_flag=DYNAMIC_NOMINEE_FLAG;
+	int dnat_policy_flag=DNAT_POLICY_FLAG;
+	int nominee_flag=NOMINEE_FLAG;
+	int candidate_flag=CANDIDATE_FLAG;
+	int intercept_flag=INTERCEPT_FLAG;
+
+	int static_id=-1;
+	int	dynamic_id=-1;
+	int dnat_policy_id=-1;
+	int nominee_id=-1;
+	int candidate_id=-1;
+	int intercept_id=-1;
+	
+	static_id=Maat_table_register(mctrl_g.s_feather,STATIC_NOMINEE_TABLE_NAME);
+	dynamic_id=Maat_table_register(mctrl_g.d_feather,DYNAMIC_NOMINEE_TABLE_NAME);
+	dnat_policy_id=Maat_table_register(mctrl_g.s_feather,DNAT_POLICY_TABLE_NAME);
+
+	if(static_id==-1||dynamic_id==-1||dnat_policy_id==-1)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"main","static_dynamic_dpolicy Database table register failed\n");
+		assert(0);
+	}
+	
+	register_plugin_ex_table(mctrl_g.s_feather,static_id,static_dynamic_dpolicy_table_new_cb,static_dynamic_dpolicy_table_free_cb,plugin_EX_dup_cb,NULL,0,&static_flag);
+	register_plugin_ex_table(mctrl_g.d_feather,dynamic_id,static_dynamic_dpolicy_table_new_cb,static_dynamic_dpolicy_table_free_cb,plugin_EX_dup_cb,NULL,0,&dynamic_flag);
+	register_plugin_ex_table(mctrl_g.s_feather,dnat_policy_id,static_dynamic_dpolicy_table_new_cb,static_dynamic_dpolicy_table_free_cb,plugin_EX_dup_cb,NULL,0,&dnat_policy_flag);
+	
+	nominee_id=Maat_table_register(mctrl_g.n_feather,NOMINEE_TABLE_NAME);
+	candidate_id=Maat_table_register(mctrl_g.n_feather,CANDIDATE_TABLE_NAME);
+	intercept_id=Maat_table_register(mctrl_g.i_feather,INTERCEPT_TABLE_NAME);
+	
+	if(nominee_id==-1||candidate_id==-1||intercept_id==-1)
+	{
+		MESA_handle_runtime_log(mctrl_g.logger_handle,RLOG_LV_FATAL,(char*)"main","nominee_intercept_candidate Database table register failed\n");
+		assert(0);
+	}
+
+	register_plugin_ex_table(mctrl_g.i_feather,intercept_id,nominee_intercept_candidate_table_new_cb,nominee_intercept_candidate_table_free_cb,plugin_EX_dup_cb,NULL,0,&intercept_flag);
+	register_plugin_ex_table(mctrl_g.n_feather,nominee_id,nominee_intercept_candidate_table_new_cb,nominee_intercept_candidate_table_free_cb,plugin_EX_dup_cb,NULL,0,&nominee_flag);
+	register_plugin_ex_table(mctrl_g.n_feather,candidate_id,nominee_intercept_candidate_table_new_cb,nominee_intercept_candidate_table_free_cb,plugin_EX_dup_cb,NULL,0,&candidate_flag);
+
+	while(1)
+	{
+		MESA_htable_iterate(mctrl_g.mctrl_htable_handle, htable_iterate, NULL);
+		sleep(SLEEP_TIME);
+	}
+		
+	Maat_burn_feather(mctrl_g.d_feather);
+	Maat_burn_feather(mctrl_g.s_feather);
+	Maat_burn_feather(mctrl_g.i_feather);
+	Maat_burn_feather(mctrl_g.n_feather);
+	MESA_destroy_runtime_log_handle(mctrl_g.logger_handle);
+	return 0;
+	
+}
+
diff --git a/src/mctrl.h b/src/mctrl.h
new file mode 100644
index 0000000..a686d42
--- /dev/null
+++ b/src/mctrl.h
@@ -0,0 +1,88 @@
+#ifndef MCTRL_H
+#define MCTRL_H
+
+#include "MESA_handle_logger.h"
+#include "Maat_rule.h"
+#include "Maat_command.h"
+#include "MESA_htable.h"
+
+#define MAX_STRING_LEN                64
+#define MAX_PORT_LEN                  6
+#define MAX_PATH_LEN                  64
+#define MAX_TABLE_NAME_LEN            64
+#define MAX_TIME_LEN				 40
+#define	HTABLE_DATA_LEN				 512
+
+#define MCTRL_CONF_FILE				"./conf/mctrl.conf"
+
+//table name
+#define NOMINEE_TABLE_NAME						"IR_NOMINEE_IP"
+#define INTERCEPT_TABLE_NAME					"IR_INTERCEPT_IP"
+#define STATIC_NOMINEE_TABLE_NAME 				"IR_STATIC_NOMINEE_IP"
+#define DYNAMIC_NOMINEE_TABLE_NAME				"IR_DYNAMIC_NOMINEE_IP"
+#define CANDIDATE_TABLE_NAME					"IR_CANDIDATE_IP"
+#define DNAT_POLICY_TABLE_NAME					"IR_DNAT_POLICY"
+
+#define	SLEEP_TIME						43200
+#define TIME_OUT						1800
+#define MAX_THREAD_NUM                  1
+
+#define DNAT_NUMBER						500000000
+#define SNAT_DYNAMIC_NUMBER				1000000000
+
+//table flag
+#define STATIC_NOMINEE_FLAG				1
+#define	DYNAMIC_NOMINEE_FLAG			2
+#define	DNAT_POLICY_FLAG				4
+#define	NOMINEE_FLAG					8
+#define	INTERCEPT_FLAG					16
+#define	CANDIDATE_FLAG					32
+
+//table_id
+#define STATIC_NOMINEE_ID				0
+#define DYNAMIC_NOMINEE_ID				1
+#define DNAT_POLICY_ID					2
+#define NOMINEE_ID						3
+#define INTERCEPT_ID					4
+#define CANDIDATE_ID					5
+
+struct IR_MCTRL_INFO
+{
+	int region_id; 
+	int group_id; 
+	int addr_type;	
+	char src_ip[MAX_STRING_LEN];
+	char mask_src_ip[MAX_STRING_LEN];
+	char src_port[MAX_PORT_LEN];
+	char mask_src_port[MAX_PORT_LEN];
+	char dst_ip[MAX_STRING_LEN];
+	char mask_dst_ip[MAX_STRING_LEN];
+	char dst_port[MAX_PORT_LEN];
+	char mask_dst_port[MAX_PORT_LEN];
+	int procotol;
+	int direction;
+	int is_valid;
+	int action;
+	int service;
+	int addr_pool_id;
+	char effective_range[MAX_STRING_LEN];
+	char user_region[MAX_STRING_LEN];
+	char op_time[MAX_TIME_LEN]; 
+	int do_log;
+	int htable_flag;
+};
+
+struct mctrl_glocal_info
+{
+	void *logger_handle;
+	Maat_feather_t d_feather;
+	Maat_feather_t s_feather;
+	Maat_feather_t n_feather;
+	Maat_feather_t i_feather;
+	MESA_htable_handle mctrl_htable_handle;
+};
+
+
+#endif
+
+