8 files changed, 73 insertions, 29 deletions
diff --git a/bin/conf/maat_table_info.conf b/bin/conf/maat_table_info.conf
index 055e9a8..3e96996 100644
--- a/bin/conf/maat_table_info.conf
+++ b/bin/conf/maat_table_info.conf
@@ -6,19 +6,19 @@
 #dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
 #do_merege yes or no
 #id	name	type	IS_VALID_INDEX
-0	APP_DOMAIN	plugin	7
-1	APP_DYN_SEV_IP_CB	plugin	9
-2	APP_POLICY	plugin	7
-3	APP_STATIC_SEV_IP	plugin	14
-4	LIMIT_DOMAIN	plugin	7
-5	LIMIT_DYN_IP_CB	plugin	9
-6	PXY_DYN_SEV_IP_CB	plugin	9
-7	PXY_INTERCEPT_DOMAIN	plugin	7
-8	LIMIT_IP	plugin	14
-9	PXY_INTERCEPT_IP	plugin	14
-10	INLINE_IP_CB	plugin	14
-11	IR_STATIC_IP_POOL_CB	plugin	9
-12	DK_CLI_IP_CB	plugin	14
-13	IPD_DYN_SUBSCIBE_IP	plugin	9
-14	IR_DYN_SIFT_IP	plugin	9
-15	ANTI_DDOS_ATTACK_CB	plugin	14
+0	APP_DOMAIN	plugin	{"valid":7,"tag":11}
+1	APP_DYN_SEV_IP_CB	plugin	{"valid":9,"tag":10}
+2	APP_POLICY	plugin	{"valid":7,"tag":11}
+3	APP_STATIC_SEV_IP	plugin	{"valid":14,"tag":18}
+4	LIMIT_DOMAIN	plugin	{"valid":7,"tag":11}
+5	LIMIT_DYN_IP_CB	plugin	{"valid":9,"tag":10}
+6	PXY_DYN_SEV_IP_CB	plugin	{"valid":9,"tag":10}
+7	PXY_INTERCEPT_DOMAIN	plugin	{"valid":7,"tag":11}
+8	LIMIT_IP	plugin	{"valid":14,"tag":18}
+9	PXY_INTERCEPT_IP	plugin	{"valid":14,"tag":18}
+10	INLINE_IP_CB	plugin	{"valid":14,"tag":18}
+11	IR_STATIC_IP_POOL_CB	plugin	{"valid":9,"tag":12}
+12	DK_CLI_IP_CB	plugin	{"valid":14,"tag":18}
+13	IPD_DYN_SUBSCIBE_IP	plugin	{"valid":9,"tag":12}
+14	IR_DYN_SIFT_IP	plugin	{"valid":9,"tag":12}
+15	ANTI_DDOS_ATTACK_CB	plugin	{"valid":14,"tag":18}
diff --git a/bin/conf/pangu_valve.conf b/bin/conf/pangu_valve.conf
index cb158a9..e9663e8 100644
--- a/bin/conf/pangu_valve.conf
+++ b/bin/conf/pangu_valve.conf
@@ -7,6 +7,7 @@ SW_HNODE_TIMEOUT_MIN=1
 #1-file; 2-redis
 MAAT_CONFIG_RECV_WAY=2
 MAAT_TABLE_INFO_PATH=./conf/maat_table_info.conf
+#MAAT_EFFECTIVE_RANGE={}
 
 CONSUL_SWITCH=0
 CONSUL_REQ_TIMEOUT=4
diff --git a/bin/conf/table_info/service_id_map.conf b/bin/conf/table_info/service_id_map.conf
index 82f448a..7dbdde9 100644
--- a/bin/conf/table_info/service_id_map.conf
+++ b/bin/conf/table_info/service_id_map.conf
@@ -18,6 +18,7 @@
 517	0	21	1	1000
 #PXY_INTERCEPT_DOMAIN MONITOR 0x201
 513	0	22	1	1000
+515	0	22	1	1000
 
 #APP_POLICY REJECT 0x21
 33	0	8	1	1000
diff --git a/src/include/MESA/Maat_rule.h b/src/include/MESA/Maat_rule.h
index 93e499f..bea7e76 100644
--- a/src/include/MESA/Maat_rule.h
+++ b/src/include/MESA/Maat_rule.h
@@ -1,12 +1,12 @@
 
 /*
-*****************Maat Network Flow Rule Manage Framework********
+*****************Maat Deep Packet Inspection Policy Framework********
 *	Maat is the Goddess of truth and justice in ancient Egyptian concept.
 *	Her feather was the measure that determined whether the souls (considered 
 *	to reside in the heart) of the departed would reach the paradise of afterlife
 *	successfully.
-*	Author: [email protected],MESA
-*	Version 2015-11-09 digest scan
+*	Author: [email protected], MESA
+*	Version 2018-11-06 Maat Rule Extra Data.
 *	NOTE: MUST compile with G++
 *	All right reserved by Institute of Infomation Engineering,Chinese Academic of Science 2014~2018
 *********************************************************
@@ -16,7 +16,7 @@
 #ifndef __cplusplus
 #error("This file should be compiled with C++ compiler")
 #endif
-#include "stream.h"
+#include <MESA/stream.h>
 enum MAAT_CHARSET
 {
 	CHARSET_NONE=0,
@@ -48,7 +48,8 @@ typedef	void*	stream_para_t;
 typedef	void*	Maat_feather_t;
 
 
-#define	MAX_SERVICE_DEFINE_LEN	128
+#define	MAX_SERVICE_DEFINE_LEN			128
+#define	MAX_HUGE_SERVICE_DEFINE_LEN		(1024*4)
 struct Maat_rule_t
 {
 	int		config_id;
@@ -56,7 +57,7 @@ struct Maat_rule_t
 	char	do_log;
 	char 	do_blacklist;
 	char	action;
-	char	resevered;
+	char	reserved;
 	int		serv_def_len;
 	char 	service_defined[MAX_SERVICE_DEFINE_LEN];
 };
@@ -140,10 +141,10 @@ enum MAAT_INIT_OPT
 	MAAT_OPT_FULL_CFG_DIR,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
 	MAAT_OPT_INC_CFG_DIR,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
 	MAAT_OPT_JSON_FILE_PATH,		//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
-	MAAT_OPT_STAT_ON,				//VALUE is  NULL,SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
-	MAAT_OPT_PERF_ON,				//VALUE is NULL,SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
+	MAAT_OPT_STAT_ON,				//VALUE is NULL, SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
+	MAAT_OPT_PERF_ON,				//VALUE is NULL, SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
 	MAAT_OPT_STAT_FILE_PATH,		//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. DEFAULT: no default.
-	MAAT_OPT_SCAN_DETAIL,			//VALUE is interger *, SIZE=sizeof(int). 0: not return any detail;1: return  hit pos, not include regex grouping;
+	MAAT_OPT_SCAN_DETAIL,			//VALUE is interger *, SIZE=sizeof(int). 0: not return any detail;1: return  hit pos, not include regex grouping.
 									//  2 return hit pos and regex grouping pos;DEFAULT:0
 	MAAT_OPT_INSTANCE_NAME,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1, no more than 11 bytes.DEFAULT: MAAT_$tableinfo_path$.
 	MAAT_OPT_DECRYPT_KEY,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. No DEFAULT.
@@ -155,8 +156,11 @@ enum MAAT_INIT_OPT
 	MAAT_OPT_CUMULATIVE_UPDATE_OFF,	//VALUE is NULL,SIZE is 0.  Default: CUMMULATIVE UPDATE ON.
 	MAAT_OPT_LOAD_VERSION_FROM,		//VALUE is a long long, SIZE=sizeof(long long). Default: Load the Latest. Only valid in redis mode, and maybe failed for too old. 
 									//This option also disables background update.
-	MAAT_OPT_ENABLE_UPDATE			//VALUE is interger, SIZE=sizeof(int). 1: Enabled, 0:Disabled.  DEFAULT: Backgroud update is enabled. Runtime setting is allowed.
-};
+	MAAT_OPT_ENABLE_UPDATE,			//VALUE is interger, SIZE=sizeof(int). 1: Enabled, 0:Disabled.  DEFAULT: Backgroud update is enabled. Runtime setting is allowed.
+	MAAT_OPT_ACCEPT_TAGS,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. Format is a JSON, e.g.{"tags":[{"tag":"location","value":"Beijing/ChaoYang/Huayan/22A"},{"tag":"isp","value":"telecom"}]}
+	MAAT_OPT_FOREIGN_CONT_DIR,		//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. Specifies a local diretory to store foreign content. Default: []table_info_path]_files
+ 	MAAT_OPT_FOREIGN_CONT_LINGER		//VALUE is interger *, SIZE=sizeof(int). Greater than 0: delete after VALUE seconds; 0: delete foreign content right after the notification callbacks;  Less than 0: NEVER delete. Default: 0.
+ };
 //return -1 if failed, return 0 on success;
 int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT  type,const void* value,int size);
 enum MAAT_STATE_OPT
@@ -177,6 +181,7 @@ int Maat_table_callback_register(Maat_feather_t feather,short table_id,
 									Maat_finish_callback_t *finish,//u_para
 									void* u_para);
 
+
 enum MAAT_SCAN_OPT
 {
 	MAAT_SET_SCAN_DISTRICT=1,		//VALUE is a const char*,SIZE= strlen(string).DEFAULT: no default.
@@ -235,5 +240,30 @@ int Maat_similar_scan_string(Maat_feather_t feather,int table_id
 
 void Maat_clean_status(scan_status_t* mid);
 
+typedef void*  MAAT_RULE_EX_DATA;
+// The idx parameter is the index: this will be the same value returned by Maat_rule_get_ex_new_index() when the functions were initially registered.
+// Finally the argl and argp parameters are the values originally passed to the same corresponding parameters when Maat_rule_get_ex_new_index() was called.
+typedef void Maat_rule_EX_new_func_t(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
+											MAAT_RULE_EX_DATA* ad, long argl, void *argp);
+typedef void Maat_rule_EX_free_func_t(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
+											MAAT_RULE_EX_DATA* ad, long argl, void *argp);
+typedef void Maat_rule_EX_dup_func_t(int idx,	MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp);
+
+int Maat_rule_get_ex_new_index(Maat_feather_t feather, const char* compile_table_name,
+										 Maat_rule_EX_new_func_t* new_func,
+										 Maat_rule_EX_free_func_t* free_func,
+										 Maat_rule_EX_dup_func_t* dup_func,
+										 long argl, void *argp);
+//returned data is duplicated by dup_func of Maat_rule_get_ex_new_index,  caller is responsible to free the data.
+MAAT_RULE_EX_DATA Maat_rule_get_ex_data(Maat_feather_t feather, const struct Maat_rule_t* rule, int idx);
+
+
+enum MAAT_RULE_OPT
+{
+	MAAT_RULE_SERV_DEFINE	//VALUE is a char* buffer,SIZE= buffer size. 
+};
+int Maat_read_rule(Maat_feather_t feather, const struct Maat_rule_t* rule, enum MAAT_RULE_OPT type, void* value, int size);
+
+
 #endif	//	H_MAAT_RULE_H_INCLUDE
 
diff --git a/src/pg_valve_deal.cpp b/src/pg_valve_deal.cpp
index 36e6d25..2083541 100644
--- a/src/pg_valve_deal.cpp
+++ b/src/pg_valve_deal.cpp
@@ -42,6 +42,7 @@ const char*sscanf_error_string(SSCANF_ERROR_NO_t type)
 SSCANF_ERROR_NO_t fill_in_dsetid_did_limitid(const char *user_region, int64_t *did,int64_t *dsetid, int32_t *limit_rate)
 {
 	const char *pos;
+	float droprate;
 	
 	if(did!=NULL && NULL!=(pos = strcasestr(user_region, "DOMAIN_ID=")))
 	{
@@ -59,9 +60,14 @@ SSCANF_ERROR_NO_t fill_in_dsetid_did_limitid(const char *user_region, int64_t *d
 		}
 	}
 	
-	if(limit_rate!=NULL && NULL!=(pos = strcasestr(user_region, "RATE_LIMIT=")))
+	if(limit_rate!=NULL && NULL!=(pos = strcasestr(user_region, "Droprate=")))
 	{
-		if(sscanf(pos+strlen("RATE_LIMIT="), "%d", limit_rate) != 1)
+		if(sscanf(pos+strlen("Droprate="), "%f", &droprate) != 1)
+		{
+			return SSCANF_ERROR_LIMIT;
+		}
+		*limit_rate = (int)(droprate*100);
+		if(*limit_rate > 100)
 		{
 			return SSCANF_ERROR_LIMIT;
 		}
diff --git a/src/pg_valve_maat.cpp b/src/pg_valve_maat.cpp
index 31039d4..a04e177 100644
--- a/src/pg_valve_maat.cpp
+++ b/src/pg_valve_maat.cpp
@@ -114,6 +114,10 @@ int MaatService::maat_feather_start(void)
 	ret |= Maat_set_feather_opt(feather, MAAT_OPT_PERF_ON, NULL, 0);
 
 	ret |= Maat_set_feather_opt(feather, MAAT_OPT_INSTANCE_NAME, table_relate->instance_name, strlen(table_relate->instance_name)+1);
+	if(strlen(g_pgvalve_info.effective_range)>0)
+	{
+		ret |= Maat_set_feather_opt(feather, MAAT_OPT_ACCEPT_TAGS, g_pgvalve_info.effective_range, strlen(g_pgvalve_info.effective_range)+1);
+	}
 	if(g_pgvalve_info.maat_source == MAAT_CONFIG_FILE)
 	{
 		ret |= Maat_set_feather_opt(feather, MAAT_OPT_FULL_CFG_DIR, table_relate->full_dir, strlen(table_relate->full_dir)+1);
diff --git a/src/pg_valve_main.cpp b/src/pg_valve_main.cpp
index 0931ede..798cdfb 100644
--- a/src/pg_valve_main.cpp
+++ b/src/pg_valve_main.cpp
@@ -129,6 +129,7 @@ static int32_t read_conf_and_init(void)
 	//Maat//
 	MESA_load_profile_string_def(PANGU_CONF_FILE, "SYSTEM", "MAAT_TABLE_INFO_PATH", g_pgvalve_info.maat_table_info, sizeof(g_pgvalve_info.maat_table_info), "./conf/maat_table_info.conf");
 	MESA_load_profile_int_def(PANGU_CONF_FILE, "SYSTEM", "MAAT_CONFIG_RECV_WAY", &g_pgvalve_info.maat_source, MAAT_CONFIG_REDIS);
+	MESA_load_profile_string_def(PANGU_CONF_FILE, "SYSTEM", "MAAT_EFFECTIVE_RANGE", g_pgvalve_info.effective_range, 4096, "");
 
 	MESA_load_profile_uint_def(PANGU_CONF_FILE, "SYSTEM", "SERVICE_TOPLIMIT_SW", &g_pgvalve_info.service_limit_sw, 0);
 	if(MESA_load_profile_string_nodef(PANGU_CONF_FILE, "SYSTEM", "C3_AUTH_DATA", g_pgvalve_info.authdata, 128) < 0)
diff --git a/src/pg_valve_main.h b/src/pg_valve_main.h
index e83e9e7..ba641a1 100644
--- a/src/pg_valve_main.h
+++ b/src/pg_valve_main.h
@@ -68,6 +68,7 @@ typedef struct __pgvavle_global_info
 	//MaatRedis//
 	char maat_table_info[MAX_PATH_LEN];
 	char redis_ip[64];
+	char effective_range[4096];
 	int redis_port;
 	int maat_source;