diff --git a/roles/framework/files/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm b/roles/framework/files/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
new file mode 100644
index 0000000..dc287be
Binary files /dev/null and b/roles/framework/files/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm differ
diff --git a/roles/framework/files/framework/framework-2.0.9.f583d06-1.el7.centos.x86_64.rpm b/roles/framework/files/framework/framework-2.0.9.f583d06-1.el7.centos.x86_64.rpm
deleted file mode 100644
index 220fafc..0000000
Binary files a/roles/framework/files/framework/framework-2.0.9.f583d06-1.el7.centos.x86_64.rpm and /dev/null differ
diff --git a/roles/framework/files/htable/libMESA_htable.so b/roles/framework/files/htable/libMESA_htable.so
deleted file mode 100644
index 601028b..0000000
Binary files a/roles/framework/files/htable/libMESA_htable.so and /dev/null differ
diff --git a/roles/framework/files/maat/include/Maat_command.h b/roles/framework/files/maat/include/Maat_command.h
deleted file mode 100644
index 816dd63..0000000
--- a/roles/framework/files/maat/include/Maat_command.h
+++ /dev/null
@@ -1,191 +0,0 @@
-#ifndef H_MAAT_COMMAND_H_INCLUDE
-#define H_MAAT_COMMAND_H_INCLUDE
-#ifndef __cplusplus
-#error("This file should be compiled with C++ compiler")
-#endif
-#include "Maat_rule.h"
-enum MAAT_OPERATION
-{
-	MAAT_OP_DEL=0,
-	MAAT_OP_ADD,
-	MAAT_OP_RENEW_TIMEOUT	//Rule expire time is changed to now+cmd->expire_after
-};
-enum MAAT_GROUP_RELATION
-{
-	PARENT_TYPE_COMPILE=0,
-	PARENT_TYPE_GROUP
-};
-enum MAAT_REGION_TYPE
-{
-	REGION_EXPR,
-	REGION_IP,
-	REGION_INTERVAL,
-	REGION_DIGEST,
-	REGION_SIMILARITY
-};
-enum MAAT_EXPR_TYPE
-{	
-	EXPR_TYPE_STRING=0,
-	EXPR_TYPE_AND,
-	EXPR_TYPE_REGEX,
-	EXPR_TYPE_OFFSET
-};
-enum MAAT_MATCH_METHOD
-{	
-	MATCH_METHOD_SUB=0,
-	MATCH_METHOD_RIGHT,
-	MATCH_METHOD_LEFT,
-	MATCH_METHOD_COMPLETE
-};
-
-enum MAAT_CASE_TYPE
-{
-	UNCASE_PLAIN=0,
-	CASE_HEXBIN,
-	CASE_PLAIN
-};
-enum MAAT_ADDR_TYPE
-{
-	ADDR_TYPE_IPv4=4,
-	ADDR_TYPE_IPv6=6
-};
-enum MAAT_ADDR_DIRECTION
-{
-	ADDR_DIR_DOUBLE=0,
-	ADDR_DIR_SINGLE=1
-};
-struct Maat_rgn_str_t
-{
-	const char *keywords;
-	const char *district;// optional for expr_plus, otherwise set to NULL.
-	enum MAAT_EXPR_TYPE expr_type;
-	enum MAAT_MATCH_METHOD match_method;
-	enum MAAT_CASE_TYPE hex_bin;
-};
-struct Maat_rgn_addr_t
-{
-	enum MAAT_ADDR_TYPE addr_type;
-	const char* src_ip;
-	const char* mask_src_ip;
-	const char* dst_ip;
-	const char* mask_dst_ip;
-	unsigned short src_port;
-	unsigned short mask_src_port;
-	unsigned short dst_port;
-	unsigned short mask_dst_port;
-	unsigned short protocol;
-	enum MAAT_ADDR_DIRECTION direction;
-};
-struct Maat_rgn_intv_t
-{
-	unsigned int low_boundary;
-	unsigned int up_boundary;
-};
-struct Maat_rgn_digest_t
-{
-	unsigned long long orgin_len;
-	const char* digest_string;
-	short confidence_degree;
-};
-struct Maat_rgn_sim_t
-{
-	char* target;
-	short threshold;// 1~100
-};
-struct Maat_region_t
-{
-	const char* table_name;
-	int region_id;	//If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number.
-	enum MAAT_REGION_TYPE region_type;
-	union
-	{
-		struct Maat_rgn_str_t expr_rule;
-		struct Maat_rgn_addr_t ip_rule;
-		struct Maat_rgn_intv_t interval_rule;
-		struct Maat_rgn_digest_t digest_rule;
-		struct Maat_rgn_sim_t similarity_rule;
-	};
-};
-struct Maat_group_t
-{
-	const char* table_name;
-	int group_id;	//If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must assign a unique number.
-	int parent_id;
-	int not_flag;
-	enum MAAT_GROUP_RELATION parent_type;
-	int region_num;
-	struct Maat_region_t *regions;	
-};
-struct Maat_cmd_t
-{
-	//This Struct MUST alloced by Maat_create_cmd(), then released by Maat_free_cmd(). 
-	struct Maat_rule_t compile; // for MAAT_OP_DEL, only compile.config_id is necessary.
-	int group_num;				// for MAAT_OP_DEL, set to 0.
-	int expire_after;			//expired after $expire_after$ seconds, set to 0 for never timeout.
-	int label_id;					//>0, to be indexed and quried by Maat_cmd_select; =0 not index
-	struct Maat_group_t* groups;// Add regions with Maat_add_region2cmd 
-};	
-struct Maat_line_t
-{
-	const char* table_name;
-	const char* table_line;
-	int rule_id;		// for MAAT_OP_DEL, only rule_id and table_name are necessary.
-	int label_id;
-	int expire_after;	//expired after $timeout$ seconds, set to 0 for never timeout.
-};
-struct Maat_cmd_t* Maat_create_cmd(const struct Maat_rule_t* rule, int group_num);
-int Maat_cmd_set_opt(struct Maat_cmd_t* cmd, enum MAAT_RULE_OPT type, const char* val, int size);
-//input: which_group 0~group_num
-//input: region can be freed after added.
-void Maat_add_region2cmd(struct Maat_cmd_t* cmd,int which_group,const struct Maat_region_t* region);
-
-void Maat_free_cmd(struct Maat_cmd_t* cmd);
-int Maat_format_cmd(struct Maat_cmd_t* cmd, char* buffer, int size);
-//Input string of REGION_EXPR and REGION_SIMILARITY need to be escapeed.
-char* Maat_str_escape(char* dst,int size,const char*src);
-
-//Deletion failed due to not complete synchronize with Redis.
-//To make sure the delete command is excecuted, user should try again after MAAT_OPT_SCANDIR_INTERVAL_MS ms.
-//Returns number of successfully updated rule.
-//The following functions are NOT thread safe.
-int Maat_cmd(Maat_feather_t feather,struct Maat_cmd_t* cmd,enum MAAT_OPERATION op);
-
-//pipeline model
-int Maat_cmd_append(Maat_feather_t feather,struct Maat_cmd_t* cmd,enum MAAT_OPERATION op);
-
-//Return number of successfully updated rule.
-//Return -1 for failed.
-int Maat_cmd_commit(Maat_feather_t feather);
-
-
-int Maat_cmd_set_group(Maat_feather_t feather, int group_id, const struct Maat_region_t* region, enum MAAT_OPERATION op);
-
-//Returns number of successfully updated rule.
-//Return -1 for failed.
-int Maat_cmd_set_line(Maat_feather_t feather,const struct Maat_line_t* line_rule, enum MAAT_OPERATION op);
-int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_line_t** line_rule, int line_num ,enum MAAT_OPERATION op);
-int Maat_cmd_set_file(Maat_feather_t feather,const char* key, const char* value, size_t size, enum MAAT_OPERATION op);
-
-//Return the value of key after the increment.
-//If the key does not exist, it is set to 0 before performing the operation.
-long long Maat_cmd_incrby(Maat_feather_t feather,const char* key, int increment);
-struct Maat_cmd_key
-{
-	char* table_name;
-	int rule_id;
-};
-void Maat_cmd_key_free(struct Maat_cmd_key**keys, int number);
-int Maat_cmd_key_select(Maat_feather_t feather, int label_id, struct Maat_cmd_key** keys);
-int Maat_cmd_select(Maat_feather_t feather, int label_id, int * output_ids, unsigned int size);
-int Maat_cmd_flushDB(Maat_feather_t feather);
-
-int Maat_command_raw_set_compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int group_num);
-int Maat_command_raw_set_region(Maat_feather_t feather,  enum MAAT_OPERATION op, const struct Maat_region_t* region, int group_id);
-int Maat_command_raw_set_group(Maat_feather_t feather,  enum MAAT_OPERATION op, const struct Maat_group_t* group);
-
-int Maat_cmd_get_new_group_id(Maat_feather_t feather);
-int Maat_cmd_get_new_region_id(Maat_feather_t feather);
-
-
-#endif
-
diff --git a/roles/framework/files/maat/include/Maat_rule.h b/roles/framework/files/maat/include/Maat_rule.h
deleted file mode 100644
index 1b2f5dc..0000000
--- a/roles/framework/files/maat/include/Maat_rule.h
+++ /dev/null
@@ -1,291 +0,0 @@
-
-/*
-*****************Maat Deep Packet Inspection Policy Framework********
-*	Maat is the Goddess of truth and justice in ancient Egyptian concept.
-*	Her feather was the measure that determined whether the souls (considered 
-*	to reside in the heart) of the departed would reach the paradise of afterlife
-*	successfully.
-*	Author: zhengchao@iie.ac.cn, MESA
-*	Version 2018-12-07 Plugin Extra Data.
-*	NOTE: MUST compile with G++
-*	All right reserved by Institute of Infomation Engineering,Chinese Academic of Science 2014~2018
-*********************************************************
-*/
-#ifndef H_MAAT_RULE_H_INCLUDE
-#define H_MAAT_RULE_H_INCLUDE
-#ifndef __cplusplus
-#error("This file should be compiled with C++ compiler")
-#endif
-#include <MESA/stream.h>
-enum MAAT_CHARSET
-{
-	CHARSET_NONE=0,
-	CHARSET_GBK,
-	CHARSET_BIG5,
-	CHARSET_UNICODE,
-	CHARSET_UTF8,	// 4
-	CHARSET_BIN,	//5
-	CHARSET_UNICODE_ASCII_ESC,		// Unicode Escape format, prefix backslash-u hex, e.g. "\u627;"
-	CHARSET_UNICODE_ASCII_ALIGNED,//Unicode Escape format, prefix backslash-u with 4 bytes aligned, e.g. "\u0627"
-	CHARSET_UNICODE_NCR_DEC,		//SGML Numeric character reference,decimal base, e.g. "&#1575;"
-	CHARSET_UNICODE_NCR_HEX,		//SGML Numeric character reference,hexdecimal base, e.g. "&#x627;"
-	CHARSET_URL_ENCODE_GB2312,		//URL encode with GB2312, e.g. the chinese word "china" was encoded to %D6%D0%B9%FA
-	CHARSET_URL_ENCODE_UTF8		//11, URL encode with UTF8,e.g. the chinese word "china" was encoded to %E4%B8%AD%E5%9B%BD
-};
-enum MAAT_ACTION
-{
-	MAAT_ACTION_BLOCK=0,
-	MAAT_ACTION_MONIT,
-	MAAT_ACTION_WHITE
-};
-enum MAAT_POS_TYPE
-{
-	MAAT_POSTYPE_EXPR=0,
-	MAAT_POSTYPE_REGEX
-};
-typedef	void*	scan_status_t;
-typedef	void*	stream_para_t;
-typedef	void*	Maat_feather_t;
-
-
-#define	MAX_SERVICE_DEFINE_LEN			128
-#define	MAX_HUGE_SERVICE_DEFINE_LEN		(1024*4)
-struct Maat_rule_t
-{
-	int		config_id;
-	int		service_id;
-	char	do_log;
-	char 	do_blacklist;
-	char	action;
-	char	reserved;
-	int		serv_def_len;
-	char 	service_defined[MAX_SERVICE_DEFINE_LEN];
-};
-#define	MAAT_RULE_UPDATE_TYPE_FULL	1
-#define	MAAT_RULE_UPDATE_TYPE_INC	2
-typedef void Maat_start_callback_t(int update_type,void* u_para);
-typedef void Maat_update_callback_t(int table_id,const char* table_line,void* u_para);
-typedef void Maat_finish_callback_t(void* u_para);
-
-
-
-
-
-//--------------------HITTING DETAIL DESCRIPTION BEGIN
-
-#define	MAAT_MAX_HIT_RULE_NUM		8
-#define MAAT_MAX_EXPR_ITEM_NUM		8
-#define	MAAT_MAX_HIT_POS_NUM		8
-#define	MAAT_MAX_REGEX_GROUP_NUM	8
-
-//NOTE position buffer as hitting_regex_pos and hit_pos,are ONLY valid before next scan or Maat_stream_scan_string_end
-struct regex_pos_t
-{
-	int group_num;
-	int hitting_regex_len;
-	const char* hitting_regex_pos;
-	int grouping_len[MAAT_MAX_REGEX_GROUP_NUM];
-	const char* grouping_pos[MAAT_MAX_REGEX_GROUP_NUM];
-};
-struct str_pos_t
-{
-	int hit_len;
-	const char* hit_pos;
-};
-struct sub_item_pos_t
-{
-	enum MAAT_POS_TYPE ruletype;
-	int hit_cnt;
-	union
-	{
-		struct regex_pos_t	regex_pos[MAAT_MAX_HIT_POS_NUM];
-		struct str_pos_t substr_pos[MAAT_MAX_HIT_POS_NUM];
-	};
-};
-
-struct Maat_region_pos_t
-{
-	
-	int region_id;
-	int sub_item_num;
-	struct sub_item_pos_t sub_item_pos[MAAT_MAX_EXPR_ITEM_NUM];	
-};
-
-struct Maat_hit_detail_t
-{
-	int config_id;//set <0 if half hit;
-	int hit_region_cnt;
-	struct Maat_region_pos_t region_pos[MAAT_MAX_HIT_RULE_NUM];	
-};
-//--------------------HITTING DETAIL DESCRIPTION END
-
-//Abondon interface ,left for compatible.
-Maat_feather_t Maat_summon_feather(int max_thread_num,
-								const char* table_info_path,
-								const char* ful_cfg_dir,
-								const char* inc_cfg_dir,
-								void*logger);//MESA_handle_logger
-//Abondon interface ,left for compatible. 
-Maat_feather_t Maat_summon_feather_json(int max_thread_num,
-									const char* table_info_path,
-									const char* json_rule,
-									void* logger);
-
-Maat_feather_t Maat_feather(int max_thread_num,const char* table_info_path,void* logger);
-int Maat_initiate_feather(Maat_feather_t feather);
-
-enum MAAT_INIT_OPT
-{
-	MAAT_OPT_SCANDIR_INTERVAL_MS=1,	//VALUE is interger, SIZE=sizeof(int). DEFAULT:1,000 milliseconds.
-	MAAT_OPT_EFFECT_INVERVAL_MS,	//VALUE is interger, SIZE=sizeof(int). DEFAULT:60,000 milliseconds.
-	MAAT_OPT_FULL_CFG_DIR,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
-	MAAT_OPT_INC_CFG_DIR,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
-	MAAT_OPT_JSON_FILE_PATH,		//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
-	MAAT_OPT_STAT_ON,				//VALUE is NULL, SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
-	MAAT_OPT_PERF_ON,				//VALUE is NULL, SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
-	MAAT_OPT_STAT_FILE_PATH,		//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. DEFAULT: no default.
-	MAAT_OPT_SCAN_DETAIL,			//VALUE is interger *, SIZE=sizeof(int). 0: not return any detail;1: return  hit pos, not include regex grouping.
-									//  2 return hit pos and regex grouping pos;DEFAULT:0
-	MAAT_OPT_INSTANCE_NAME,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1, no more than 11 bytes.DEFAULT: MAAT_$tableinfo_path$.
-	MAAT_OPT_DECRYPT_KEY,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. No DEFAULT.
-	MAAT_OPT_REDIS_IP,				//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. No DEFAULT.
-	MAAT_OPT_REDIS_PORT,			//VALUE is a unsigned short or a signed int, host order, SIZE= sizeof(unsigned short) or sizeof(int). No DEFAULT.
-	MAAT_OPT_REDIS_INDEX,			//VALUE is interger *, 0~15, SIZE=sizeof(int). DEFAULT: 0.
-	MAAT_OPT_CMD_AUTO_NUMBERING,	//VALUE is a interger *, 1 or 0, SIZE=sizeof(int). DEFAULT: 1.
-	MAAT_OPT_DEFERRED_LOAD,			//VALUE is NULL,SIZE is 0.  Default: Deffered initialization OFF.
-	MAAT_OPT_CUMULATIVE_UPDATE_OFF,	//VALUE is NULL,SIZE is 0.  Default: CUMMULATIVE UPDATE ON.
-	MAAT_OPT_LOAD_VERSION_FROM,		//VALUE is a long long, SIZE=sizeof(long long). Default: Load the Latest. Only valid in redis mode, and maybe failed for too old. 
-									//This option also disables background update.
-	MAAT_OPT_ENABLE_UPDATE,			//VALUE is interger, SIZE=sizeof(int). 1: Enabled, 0:Disabled.  DEFAULT: Backgroud update is enabled. Runtime setting is allowed.
-	MAAT_OPT_ACCEPT_TAGS,			//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. Format is a JSON, e.g.{"tags":[{"tag":"location","value":"Beijing/ChaoYang/Huayan/22A"},{"tag":"isp","value":"telecom"}]}
-	MAAT_OPT_FOREIGN_CONT_DIR,		//VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. Specifies a local diretory to store foreign content. Default: []table_info_path]_files
- 	MAAT_OPT_FOREIGN_CONT_LINGER	//VALUE is interger *, SIZE=sizeof(int). Greater than 0: delete after VALUE seconds; 0: delete foreign content right after the notification callbacks;  Less than 0: NEVER delete. Default: 0.
-};
-//return -1 if failed, return 0 on success;
-int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT  type,const void* value,int size);
-enum MAAT_STATE_OPT
-{
-	MAAT_STATE_VERSION=1,			//Get current maat version, if maat is in update progress, the updating version is returned. VALUE is long long, SIZE=sizeof(long long). 
-	MAAT_STATE_LAST_UPDATING_TABLE,	//Query at Maat_finish_callback_t to determine whether this table is the last one to update. VALUE is interger, SIZE=sizeof(int), 1:yes, 0: no
-	MAAT_STATE_IN_UPDATING
-};
-int Maat_read_state(Maat_feather_t feather, enum MAAT_STATE_OPT  type, void* value, int size);
-
-void Maat_burn_feather(Maat_feather_t feather);
-
-//return table_id(>=0) if success,otherwise return -1;
-int Maat_table_register(Maat_feather_t feather,const char* table_name);
-//return 1 if success,otherwise return -1 incase invalid table_id or registed function number exceed 32;
-int Maat_table_callback_register(Maat_feather_t feather,short table_id,
-									Maat_start_callback_t *start,//MAAT_RULE_UPDATE_TYPE_*,u_para
-									Maat_update_callback_t *update,//table line ,u_para
-									Maat_finish_callback_t *finish,//u_para
-									void* u_para);
-
-
-enum MAAT_SCAN_OPT
-{
-	MAAT_SET_SCAN_DISTRICT=1,		//VALUE is a const char*,SIZE= strlen(string).DEFAULT: no default.
-	MAAT_SET_SCAN_LAST_REGION		//VALUE is NULL, SIZE=0. This option indicates that the follow scan is the last region of current scan cobination.
-};
-//return 0 if success, return -1 when failed;
-int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCAN_OPT type,const void* value,int size);
-
-//Return hit rule number, return -1 when error occurs,return -2 when hit current region
-//mid MUST set to NULL before fist call
-int Maat_scan_intval(Maat_feather_t feather,int table_id
-						,unsigned int intval
-						,struct Maat_rule_t*result,int rule_num
-						,scan_status_t *mid,int thread_num);
-int Maat_scan_addr(Maat_feather_t feather,int table_id
-						,struct ipaddr* addr
-						,struct Maat_rule_t*result,int rule_num
-						,scan_status_t *mid,int thread_num);
-int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
-						,struct ipaddr* addr,unsigned short int proto
-						,struct Maat_rule_t*result,int rule_num
-						,scan_status_t *mid,int thread_num);
-int Maat_full_scan_string(Maat_feather_t feather,int table_id
-						,enum MAAT_CHARSET charset,const char* data,int data_len
-						,struct Maat_rule_t*result,int* found_pos,int rule_num
-						,scan_status_t* mid,int thread_num);
-//hite_detail could be NULL if unconcern
-int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
-						,enum MAAT_CHARSET charset,const char* data,int data_len
-						,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
-						,int* detail_ret,scan_status_t* mid,int thread_num);
-
-stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id,int thread_num);
-int Maat_stream_scan_string(stream_para_t* stream_para
-									,enum MAAT_CHARSET charset,const char* data,int data_len
-									,struct Maat_rule_t*result,int* found_pos,int rule_num
-									,scan_status_t* mid);
-//hited_detail could be NULL if unconcern
-int Maat_stream_scan_string_detail(stream_para_t* stream_para
-									,enum MAAT_CHARSET charset,const char* data,int data_len
-									,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
-									,int* detail_ret,scan_status_t* mid);
-void Maat_stream_scan_string_end(stream_para_t* stream_para);
-
-stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id,unsigned long long total_len,int thread_num);
-int Maat_stream_scan_digest(stream_para_t* stream_para
-									,const char* data,int data_len,unsigned long long offset
-									,struct Maat_rule_t*result,int rule_num
-									,scan_status_t* mid);
-void Maat_stream_scan_digest_end(stream_para_t* stream_para);
-
-int Maat_similar_scan_string(Maat_feather_t feather,int table_id
-						,const char* data,int data_len
-						,struct Maat_rule_t*result,int rule_num
-						,scan_status_t* mid,int thread_num);
-
-void Maat_clean_status(scan_status_t* mid);
-
-typedef void*  MAAT_RULE_EX_DATA;
-// The idx parameter is the index: this will be the same value returned by Maat_rule_get_ex_new_index() when the functions were initially registered.
-// Finally the argl and argp parameters are the values originally passed to the same corresponding parameters when Maat_rule_get_ex_new_index() was called.
-typedef void Maat_rule_EX_new_func_t(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
-											MAAT_RULE_EX_DATA* ad, long argl, void *argp);
-typedef void Maat_rule_EX_free_func_t(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
-											MAAT_RULE_EX_DATA* ad, long argl, void *argp);
-typedef void Maat_rule_EX_dup_func_t(int idx,	MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp);
-
-int Maat_rule_get_ex_new_index(Maat_feather_t feather, const char* compile_table_name,
-										 Maat_rule_EX_new_func_t* new_func,
-										 Maat_rule_EX_free_func_t* free_func,
-										 Maat_rule_EX_dup_func_t* dup_func,
-										 long argl, void *argp);
-//returned data is duplicated by dup_func of Maat_rule_get_ex_new_index,  caller is responsible to free the data.
-MAAT_RULE_EX_DATA Maat_rule_get_ex_data(Maat_feather_t feather, const struct Maat_rule_t* rule, int idx);
-
-//Helper function for parsing space or tab seperated line.
-//Nth_column: the Nth column is numberd from 1.
-//Return 0 if success.
-int Maat_helper_read_column(const char* line, int Nth_column, size_t *column_offset, size_t *column_len);
-
-
-//Following functions are similar to Maat_rule_get_ex_data, except they are effective on plugin table.
-typedef void*  MAAT_PLUGIN_EX_DATA;
-typedef void Maat_plugin_EX_new_func_t(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
-typedef void Maat_plugin_EX_free_func_t(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
-typedef void Maat_plugin_EX_dup_func_t(int table_id,	MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp);
-typedef int Maat_plugin_EX_key2index_func_t(const char* key);
-
-int Maat_plugin_EX_register(Maat_feather_t feather, int table_id,
-										Maat_plugin_EX_new_func_t* new_func,
-										Maat_plugin_EX_free_func_t* free_func,
-										Maat_plugin_EX_dup_func_t* dup_func,
-										Maat_plugin_EX_key2index_func_t* key2index_func,
-										long argl, void *argp);
-//Data is duplicated by dup_func of Maat_plugin_EX_register,  caller is responsible to free the data.
-MAAT_PLUGIN_EX_DATA Maat_plugin_get_EX_data(Maat_feather_t feather, int table_id, const char* key);
-
-enum MAAT_RULE_OPT
-{
-	MAAT_RULE_SERV_DEFINE	//VALUE is a char* buffer,SIZE= buffer size. 
-};
-int Maat_read_rule(Maat_feather_t feather, const struct Maat_rule_t* rule, enum MAAT_RULE_OPT type, void* value, int size);
-
-
-#endif	//	H_MAAT_RULE_H_INCLUDE
-
diff --git a/roles/framework/files/maat/include/gram_index_engine.h b/roles/framework/files/maat/include/gram_index_engine.h
deleted file mode 100644
index 452dc4d..0000000
--- a/roles/framework/files/maat/include/gram_index_engine.h
+++ /dev/null
@@ -1,72 +0,0 @@
-#ifndef _GRAM_INDEX_ENGINE_
-#define _GRAM_INDEX_ENGINE_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-enum GIE_operation
-{
-	GIE_INSERT_OPT,
-	GIE_DELETE_OPT
-};
-enum GIE_INPUT_FORMAT
-{
-	GIE_INPUT_FORMAT_PLAIN,
-	GIE_INPUT_FORMAT_SFH
-};
-
-typedef struct 
-{
-	/* data */
-}GIE_handle_t;
-
-
-typedef struct 
-{
-	unsigned int id;
-	unsigned int sfh_length;//size of fuzzy_hash
-	enum GIE_operation operation;//GIE_INSERT_OPT or GIE_DELETE_OPT.if operation is GIE_DELETE_OPT, only id is needed;
-	short cfds_lvl;
-	char * sfh;
-	void * tag;
-}GIE_digest_t;
-
-
-typedef struct 
-{
-	unsigned int id;
-	short cfds_lvl;
-	void * tag;
-}GIE_result_t;
-
-
-typedef struct 
-{
-	unsigned int gram_value;
-	//unsigned int htable_num;
-	unsigned int position_accuracy;
-	enum GIE_INPUT_FORMAT format; //if format==GIE_INPUT_FORMAT_SFH, means the input string is a GIE_INPUT_FORMAT_SFH string 
-	                //else id format==PALIN, means the input string is common string
-	int ED_reexamine;//if ED_reexamine==1, calculate edit distance to verify the final result
-}GIE_create_para_t;
-
-
-GIE_handle_t * GIE_create(const GIE_create_para_t * para);
-
-
-int GIE_update(GIE_handle_t * handle, GIE_digest_t ** digests, int size);
-
-
-//return actual matched result count
-//return 0 when matched nothing;
-//return -1 when error occurs;
-int GIE_query(GIE_handle_t * handle, const char * data, int data_len, GIE_result_t * results, int result_size);
-
-void GIE_destory(GIE_handle_t * handle);
-int GIE_string_similiarity(const char *str1, int len1, const char *str2, int len2);
-int GIE_sfh_similiarity(const char *sfh1, int len1, const char *sfh2, int len2);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/roles/framework/files/maat/include/stream_fuzzy_hash.h b/roles/framework/files/maat/include/stream_fuzzy_hash.h
deleted file mode 100644
index 9e85e81..0000000
--- a/roles/framework/files/maat/include/stream_fuzzy_hash.h
+++ /dev/null
@@ -1,78 +0,0 @@
-#ifndef _STREAM_FUZZY_HASH_
-#define _STREAM_FUZZY_HASH_
-
-/*
- * Copyright (C) MESA 2015
-
- *
- */
-
-#include <stdint.h>
-#include <stdio.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define TOTAL_LENGTH     0
-#define EFFECTIVE_LENGTH 1
-#define HASH_LENGTH      2
-
-// typedef sfh_instance_t void*;
-typedef struct
-{
-}sfh_instance_t;
-
-/**
- * create a fuzzy hash handle and return it.
- * @return        [handle]
- */
-sfh_instance_t * SFH_instance(unsigned long long origin_len);
-
-/**
- * destroy context by a fuzzy hash handle.
- * @param handle  [handle]
- */
-void SFH_release(sfh_instance_t * handle);
-
-/**
- * Feed the function your data.
- * Call this function several times, if you have several parts of data to feed.
- * @param  handle [handle]
- * @param  data   [data that you want to fuzzy_hash]
- * @param  size   [data size]
- * @param  offset [offset]
- * @return        [return effective data length in current feed]
- */
-unsigned int SFH_feed(sfh_instance_t * handle, const char* data, unsigned int size, unsigned long long offset);
-
-/**
- * Obtain the fuzzy hash values.
- * @param  handle  [handle]
- * @param  result  [fuzzy hash result]
- *     Fuzzy hash result with offsets(in the square brackets, with colon splitted).
- *     eg. abc[1:100]def[200:300]
- * @param  size    [@result size]
- * @return         [return zero on success, non-zero on error]
- */
-int SFH_digest(sfh_instance_t * handle, char* result, unsigned int size);
-
-/**
- * Obtain certain length of fuzzy hash status.
- * @param  handle [handle]
- * @param  type   [length type]
-     * TOTAL_LENGTH:Total length of data you have fed.
-     *     Overlapped data will NOT count for 2 times.
-     * EFFECTIVE_LENGTH:Length of data that involved in the calculation of hash.
-     * HASH_LENGTH:Hash result length.
- * @return        [length value]
- */
-unsigned long long SFH_status(sfh_instance_t * handle, int type);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/roles/framework/files/maat/lib/libmaatframe.so b/roles/framework/files/maat/lib/libmaatframe.so
deleted file mode 120000
index 5b75b57..0000000
--- a/roles/framework/files/maat/lib/libmaatframe.so
+++ /dev/null
@@ -1 +0,0 @@
-libmaatframe.so.2
\ No newline at end of file
diff --git a/roles/framework/files/maat/lib/libmaatframe.so.2 b/roles/framework/files/maat/lib/libmaatframe.so.2
deleted file mode 120000
index 5685c67..0000000
--- a/roles/framework/files/maat/lib/libmaatframe.so.2
+++ /dev/null
@@ -1 +0,0 @@
-libmaatframe.so.2.7
\ No newline at end of file
diff --git a/roles/framework/files/maat/lib/libmaatframe.so.2.7 b/roles/framework/files/maat/lib/libmaatframe.so.2.8
old mode 100755
new mode 100644
similarity index 59%
rename from roles/framework/files/maat/lib/libmaatframe.so.2.7
rename to roles/framework/files/maat/lib/libmaatframe.so.2.8
index 476ae67..2c12548
Binary files a/roles/framework/files/maat/lib/libmaatframe.so.2.7 and b/roles/framework/files/maat/lib/libmaatframe.so.2.8 differ
diff --git a/roles/framework/files/rulescan/librulescan.so b/roles/framework/files/rulescan/librulescan.so
index b953420..2901da9 100755
Binary files a/roles/framework/files/rulescan/librulescan.so and b/roles/framework/files/rulescan/librulescan.so differ
diff --git a/roles/framework/files/rulescan/rulescan.h b/roles/framework/files/rulescan/rulescan.h
deleted file mode 100644
index 4397f18..0000000
--- a/roles/framework/files/rulescan/rulescan.h
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- *
- * Copyright (c) 2014
- * String Algorithms Research Group
- * Institute of Information Engineering, Chinese Academy of Sciences (IIE-CAS)
- * National Engineering Laboratory for Information Security Technologies (NELIST)
- * All rights reserved
- *
- * Written by: LIU YANBING    (liuyanbing@iie.ac.cn)
- * Last modification: 2016-06-05
- *
- * This code is the exclusive and proprietary property of IIE-CAS and NELIST. 
- * Usage for direct or indirect commercial advantage is not allowed without 
- * written permission from the authors.
- *
- */
-
-#ifndef H_RULE_SCAN_H
-#define H_RULE_SCAN_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-	/* rulescan_set_param函数可设置的参数类型 */
-	enum RULESCAN_PARA_NAME
-	{
-		RULESCAN_DETAIL_RESULT=1,		/* 本标志位表示：返回详细命中位置等信息, optval设为NULL，optlen设为0。默认不返回详细信息*/
-		RULESCAN_REGEX_GROUP  =2,		/* 本标志位表示：返回正则表达式匹配的分组信息；开启本字段，需要先设置RULESCAN_DETAIL_RESULT标志位,optval设为NULL，optlen设为0。默认不返回分组信息 */
-		RULEACAN_ERRLOG_CLOSE,			/* 本标志位表示：关闭Rulescan错误日志输出，optval设为NULL，optlen设为0。不设置的话默认打开Rulescan错误日志输出 */
-		RULESCAN_ERRLOG_FILE_PATH,		/* 设置Rulescan错误日志的路径名（包含文件名），由用户传入，optval的值为包含文件名的日志路径，optlen为路径长度。如果没有设定，
-										则日志默认存储在可执行程序当前目录下的rulescan_tmp中 */
-	};
-
-	#define MAX_REGEX_GROUP_NUM 5		 /* 对于正则表达式，所支持的最大分组的个数 */	
-
-	#define MAX_EXPR_ITEM_NUM  (1U<<3)   /* 每条与表达式最多由MAX_EXPR_ITEM_NUM个规则组成 */
-	#define MAX_MATCH_POS_NUM  1024      /* 每条规则最多允许返回的命中位置的个数 */
-	#define MATCH_POS_NUM_INC  64		 /* 每条规则允许返回的命中位置的个数初始值与增量值 */
-
-	/* 定义不同的规则类型  */
-	const unsigned int RULETYPE_STR  = 0; /* 字符串或二进制规则 */
-	const unsigned int RULETYPE_REG  = 1; /* 正则表达式规则 */
-	const unsigned int RULETYPE_INT  = 2; /* 数值区间规则 */
-	const unsigned int RULETYPE_IPv4 = 3; /* IPv4规则 */
-	const unsigned int RULETYPE_IPv6 = 4; /* IPv6规则 */
-
-	const unsigned int MAX_RULETYPE     = 5;          /* 规则类型数量 */
-	const unsigned int MAX_SUB_RULETYPE = 4096;       /* 规则子类型数量 */
-
-	/* 字符串类型规则（可表示文本字符串、二进制字符串、正则表达式） */
-	typedef struct _string_rule_t
-	{
-		char *        str;            /* 字符串内容；如果是正则表达式，须以'\0'结束，可不指定长度 */
-		unsigned int  len;            /* 字符串长度 */
-		unsigned char case_sensitive; /* 是否大小写敏感匹配（1：敏感；0：不敏感） */
-		unsigned char match_mode;     /* 匹配模式：子串匹配（0），完整匹配（1）；仅对精确串匹配有效 */
-		int  l_offset;                /* 表示模式串只能在文本范围[l_offset, r_offset]中出现，-1表示无限制,-2表示左匹配；仅对精确串匹配有效 */
-		int  r_offset;                /* 表示模式串只能在文本范围[l_offset, r_offset]中出现，-1表示无限制,-2表示右匹配；仅对精确串匹配有效 */
-	}string_rule_t;
-
-	/* 整数数值区间规则，表示整数区间[lb, ub] */
-	typedef struct _interval_rule_t
-	{
-		unsigned int lb; /* 数据区间的下界（包含lb），无限制默认为0 */
-		unsigned int ub; /* 数据区间的下界（包含ub），无限制默认为0 */
-	}interval_rule_t;
-
-	/* IPv4规则 */
-	typedef struct _ipv4_rule_t
-	{
-		unsigned int	min_saddr; /* 源地址下界；0表示忽略本字段 */     
-		unsigned int	max_saddr; /* 源地址上界；0表示固定IP=min_saddr */    
-		unsigned int    min_daddr; /* 目的地址下界；0表示忽略本字段 */      
-		unsigned int    max_daddr; /* 目的地址上界；0表示固定IP=min_daddr */ 
-		unsigned short	min_sport; /* 源端口范围下界；0表示忽略本字段 */
-		unsigned short	max_sport; /* 源端口范围上界；0表示固定端口=min_sport */
-		unsigned short	min_dport; /* 目的端口范围下界；0表示忽略本字段 */
-		unsigned short	max_dport; /* 目的端口范围上界；0表示固定端口=min_dport */
-		unsigned short	proto;     /* 传输层协议，6表示TCP，17表示UDP；0表示忽略本字段 */
-		unsigned short	direction; /* 方向，0表示双向，1表示单向 */
-	}ipv4_rule_t;
-
-	/* IPv6规则 */
-	typedef struct _ipv6_rule_t
-	{
-		unsigned int	min_saddr[4]; /* 源地址下界；全0表示忽略本字段 */     
-		unsigned int	max_saddr[4]; /* 源地址上界；全0表示固定IP=min_saddr */
-		unsigned int	min_daddr[4]; /* 目的地址下界；全0表示忽略本字段 */      
-		unsigned int	max_daddr[4]; /* 目的地址上界；全0表示固定IP=min_daddr */ 
-		unsigned short	min_sport;    /* 源端口范围下界；0表示忽略本字段 */
-		unsigned short	max_sport;    /* 源端口范围上界；0表示固定端口=min_sport */
-		unsigned short	min_dport;    /* 目的端口范围下界；0表示忽略本字段 */
-		unsigned short	max_dport;    /* 目的端口范围上界；0表示固定端口=min_dport */
-		unsigned short	proto;        /* 传输层协议，6表示TCP，17表示UDP，无限制默认为0 */
-		unsigned short	direction;    /* 方向，0表示双向，1表示单向 */
-	}ipv6_rule_t;
-
-	/* 通用的规则类型 */
-	typedef struct _scan_rule_t
-	{
-		unsigned int rule_type;              /* 规则类型，必须为上述枚举规则类型之一 */
-		unsigned int sub_type;               /* 子类类型，用户自定义，但子类型个数不允许超过MAX_SUB_RULETYPE（见前文定义） */
-		union                                /* 根据rule_type决定规则是字符串、数值区间、还是IP规则 */
-		{
-			string_rule_t    string_rule;    /* 字符串规则（字符串、二进制、正则表达式） */
-			interval_rule_t  interval_rule;  /* 整数数值区间规则 */
-			ipv4_rule_t      ipv4_rule;      /* 带掩码的IPv4规则 */
-			ipv6_rule_t      ipv6_rule;      /* 带掩码的IPv6规则 */
-		};
-	}scan_rule_t;
-
-	/* 一条与表达式规则 */
-	typedef struct _boolean_expr_t
-	{
-		unsigned int  expr_id;   /* 与表达式的ID */
-		unsigned int  operation; /* 对与表达式执行的操作：0表示增加，1表示删除 */
-		unsigned int  rnum;      /* 该与表达式包含多少个项；如果operation=1，置rnum=0即可 */
-		scan_rule_t * rules;     /* 组成与表达式的项；如果operation=1，置rules=NULL即可 */
-		void *        tag;       /* 用户自定义数据，命中时随匹配结果返回 */
-	}boolean_expr_t;
-
-
-	/* 待扫描的文本数据类型 */
-	typedef struct _text_data_t
-	{
-		const char * text;   /* 文本数据内容 */
-		unsigned int tlen;   /* 文本数据长度 */
-		int			 toffset;/* 本段文本数据在整个流数据中的偏移量，流式扫描情况下有效，由用户传入，其它情况置为0(这个必须置为0) */  
-	}text_data_t;
-
-	/* 待扫描的IPv4元组 */
-	typedef struct _ipv4_data_t
-	{
-		unsigned int       saddr; /* 源IP地址 */
-		unsigned int       daddr; /* 目的IP地址 */
-		unsigned short int sport; /* 源端口 */
-		unsigned short int dport; /* 目的端口 */
-		unsigned short int proto; /* 传输层协议，6表示TCP，17表示UDP */
-	}ipv4_data_t;
-
-	/* 待扫描的IPv6元组 */
-	typedef struct _ipv6_data_t
-	{
-		unsigned int       saddr[4]; /* 源IP地址 */
-		unsigned int       daddr[4]; /* 目的IP地址 */
-		unsigned short int sport;    /* 源端口 */
-		unsigned short int dport;    /* 目的端口 */
-		unsigned short int proto;    /* 传输层协议，6表示TCP，17表示UDP */
-	}ipv6_data_t;
-
-	/* 通用的待扫描数据类型 */
-	typedef struct _scan_data_t
-	{
-		unsigned int rule_type;     /* 规则类型，必须为上述枚举规则类型之一 */
-		unsigned int sub_type;      /* 子类类型，用户自定义，但子类型个数不允许超过MAX_SUB_RULETYPE（见前文定义） */
-		union                       /* 根据rule_type决定数据负载是字符串、数值、还是IP元组 */
-		{
-			text_data_t  text_data; /* 待扫描文本数据（可匹配字符串、二进制、正则表达式） */
-			unsigned int int_data;  /* 整数数值（可匹配数值区间） */
-			ipv4_data_t  ipv4_data; /* 待扫描的IPv4元组 */
-			ipv6_data_t  ipv6_data; /* 待扫描的IPv6元组 */
-		};
-	}scan_data_t;
-
-	/*
-	   扫描结果类型scan_result_t和rule_result_t说明：
-	1、对于命中的每个布尔表达式，一条表达式对应一条scan_result_t结果，该布尔表达式包含rnum个规则，每个规则均对应于一个结果scan_result_t::result[k]（0<=k<rnum）。
-
-	2、对于精确字符串，结果数组position和length释义如下：
-	命中的精确字符串包含result_num个匹配结果，第i（0<=i<result_num）个匹配结果的起始位置和长度分别是：
-	   (position[i], length[i])
-
-	3、对于正则表达式，结果数组position和length释义如下：
-	命中的正则表达式包含result_num个匹配结果，每个匹配结果包含group_num+1个数组元素。对于第i（0<=i<result_num）个匹配结果：
-	（a）整条正则表达式匹配的起始位置和长度分别是：
-	   (position[(group_num+1)*i],     length[(group_num+1)*i])
-	（b）第j（0<=j<group_num）个分组的起始位置和长度分别是：
-	   (position[(group_num+1)*i+j+1], length[(group_num+1)*i+j+1])
-	*/
-
-	/* 规则的扫描结果类型 */
-	typedef struct _rule_result_t
-	{
-		unsigned int rule_type;                   /* 规则的类型，必须为上述枚举规则类型之一 */
-		unsigned int group_num;                   /* 对于正则表达式类型规则，本字段表示捕获分组（capturing group）的个数；否则设置为0 */
-		unsigned int result_num;                  /* 该规则所有命中结果的个数 */
-		unsigned int position[MAX_MATCH_POS_NUM]; /* 该规则所有命中结果的起始位置 */
-		unsigned int length[MAX_MATCH_POS_NUM];   /* 该规则所有命中结果的长度；如果该命中结果是在以前的数据包中命中的，则设置对应的length=0, 对于整数区间与IP类，长度置为0*/
-	}rule_result_t;
-
-	/* 布尔表达式的扫描结果类型 */
-	typedef struct _scan_result_t
-	{
-		unsigned int  expr_id;                     /* 与表达式的ID */
-		unsigned int  rnum;                        /* 该与表达式包含多少个规则 */
-		rule_result_t result[MAX_EXPR_ITEM_NUM];  /* 布尔表达式中每个规则对应的扫描结果 */
-		void *        tag;                         /* 用户自定义数据，命中时随匹配结果返回 */
-	}scan_result_t;
-
-	/*
-	功能：扫描器初始化，生成扫描器对象。
-	参数：
-		max_thread_num [in]: 扫描器可并行执行的线程数。
-	返回值：
-		扫描器句柄；返回值为NULL时，表示初始化失败。
-	*/
-	void * rulescan_initialize(unsigned int max_thread_num);
-
-	/*
-	功能：
-		设置扫描参数，本函数在rulescan_update之前可多次调用，每次设置一种扫描类型。Rulescan中默认不返回命中位置等详细信息
-	参数：
-		instance[in]:			扫描器对象指针；
-		optname [in]:           参数类型；
-		optval [in]:            optval和optlen表示参数的具体内容；
-		optlen [in]:            optval和optlen表示参数的具体内容。
-	返回值：
-		1：正确设置，-1：设置失败。
-	*/
-	int rulescan_set_param(void * instance, enum RULESCAN_PARA_NAME optname, const void * optval, unsigned int optlen);
-
-	/*
-	功能：动态注册一组与表达式，更新扫描器对象。对于同一个instance句柄，不允许同时有多个更新线程。
-	参数：
-		instance[in]:		扫描器对象指针；
-		expr_array[in]:		一组与表达式；
-		epxr_num[in]:		与表达式的个数；
-		failed_ids[out]:	非法规则的id；failed_ids[0]表示非法id的个数，failed_ids[1...failed_ids[0]]记录非法id，目前只对含一个正则规则的这类布尔表达式有效；
-		failed_size[in]:	failed_ids数组的大小。
-	返回值：
-		返回值为1时，表示注册成功；返回值为-1时，表示出错。
-	*/
-	int rulescan_update(void * instance, boolean_expr_t * expr_array, unsigned int expr_num, unsigned int * failed_ids, unsigned int failed_size);
-
-	/*
-	功能：释放扫描器对象；本函数仅调用一次。
-	参数：
-		instance [in]: 扫描器指针。
-	返回值：
-		无。
-	*/
-	void rulescan_destroy(void * instance);
-
-	/*
-	功能：启动一次流式扫描，申请保存流状态的参数。
-	参数：
-		instance [in]:  扫描器指针；
-		thread_id [in]: 当前执行扫描的线程id，必须在范围[0, max_thread_num-1]之内。
-	返回值：
-		返回保存流状态的参数；返回值为NULL时，表示失败。
-	*/
-	void * rulescan_startstream(void * instance, unsigned int thread_id);
-
-	/*
-	功能：流式扫描接口，扫描一段数据scan_data，并将中间扫描结果保存在流状态stream_param中；
-		本函数支持两种扫描模式：
-		（1）presults不为NULL：本段流数据扫描结束后立即通过*presults返回一组此次的命中结果；
-		（2）presults为NULL  ：完全扫描模式，表示等待整个流扫描结束后，再计算并返回整个流的全部命中结果，
-			 详见rulescan_computeresult函数。
-	参数：
-		stream_param [in]: 保存流状态的参数；
-		scan_data [in]:    待扫描数据；
-		presults [out]:    如果presults不为NULL，则存的是本次命中的一组扫描结果；
-		size [in]:		   结果数组presults的大小。
-	返回值：
-		如果是流式的完全扫描（presults为NULL），则返回值为本次扫描命中的关键词（数值区间、IP规则等）的个数；
-		如果presult不为NULL，则返回值为本次扫描命中的与表达式的个数，-1表示出错。
-	*/
-	int rulescan_searchstream(void * stream_param,  scan_data_t * scan_data, scan_result_t * presults, unsigned int size);
-
-	/*
-	功能：数据流扫描结束后，计算扫描结果。
-	参数：
-		stream_param [in]: 保存流状态的指针；
-		presults [out]:    结果数组，保存所有命中的与表达式规则id；
-		size [in]:         结果数组presults的大小。
-	返回值：
-		命中与表达式规则的数量（<=size）；返回值为-1表示出错。
-	*/
-	int rulescan_computeresult(void * stream_param, scan_result_t * presults, unsigned int size);
-
-	/*
-	功能：结束流式扫描，释放流参数。正常流程情况下调用该接口释放流参数，正常流程指在结束流扫描之前还没有调用
-		  rulescan_destroy销毁rulescan句柄。
-	参数：
-		stream_param [in]: 流参数指针。
-	返回值：
-		无。
-	*/ 
-	void rulescan_endstream(void * stream_param);
-
-	/*
-	功能：结束流式扫描，释放流参数。对于先调用rulescan_destroy销毁了rulescan句柄之后再结束流扫描的情况，
-		  需要调用rulescan_endstream_simple来释放流参数，仅限于这种情况下才调用该接口。
-	参数：
-		stream_param [in]: 流参数指针。
-	返回值：
-		无。
-	*/ 
-	void rulescan_endstream_simple(void * stream_param);
-
-	/*
-	功能：非流式扫描接口，扫描结束后返回所有命中结果。
-	参数：
-		instance [in]:	   扫描器指针；
-		thread_id [in]:	   当前执行扫描的线程id，必须在范围[0, max_thread_num-1]之内；
-		scan_data [in]:    待扫描数据；
-		presults [out]:    结果数组，保存所有命中的与表达式规则id；
-		size [in]:         结果数组presults的大小。
-	返回值：
-		命中与表达式规则的数量（<=size）；返回值为-1表示出错。
-	*/
-	int rulescan_search(void * instance, unsigned int thread_id, scan_data_t * scan_data, scan_result_t * presults, unsigned int size);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !defined(H_RULE_SCAN_H) */
-
diff --git a/roles/framework/tasks/main.yml b/roles/framework/tasks/main.yml
index d29f490..02fbb6c 100644
--- a/roles/framework/tasks/main.yml
+++ b/roles/framework/tasks/main.yml
@@ -11,32 +11,34 @@
   vars:
     packages:
       - /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm
-      - /tmp/ansible_deploy/framework/framework-2.0.9.f583d06-1.el7.centos.x86_64.rpm
+      - /tmp/ansible_deploy/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
 
 - name: "install framework ld.conf"
   synchronize:
     src: "{{ role_path }}/files/framework/framework.conf"
     dest: /etc/ld.so.conf.d/framework.conf
 
-- name: "install/update rulescan header files"
-  synchronize:
-    src: "{{ role_path }}/files/rulescan/rulescan.h"
-    dest: /opt/MESA/include/MESA/rulescan.h
-
 - name: "install/update rulescan library"
   synchronize:
     src: "{{ role_path }}/files/rulescan/librulescan.so"
     dest: /opt/MESA/lib/librulescan.so
 
-- name: "install/update maat header files"
-  synchronize:
-    src: "{{ role_path }}/files/maat/include/"
-    dest: /opt/MESA/include/MESA/
-
 - name: "install/update maat library files"
   synchronize:
     src: "{{ role_path }}/files/maat/lib/"
     dest: /opt/MESA/lib/
 
+- name: "create maat library symbol links - A"
+  file:
+    src: "libmaatframe.so.2.8"
+    path: /opt/MESA/lib/libmaatframe.so.2
+    state: link
+
+- name: "create maat library symbol links - B"
+  file:
+    src: "libmaatframe.so.2"
+    path: /opt/MESA/lib/libmaatframe.so
+    state: link
+
 - name: "update ld"
   command: ldconfig
diff --git a/roles/tfe/files/tfe b/roles/tfe/files/tfe
deleted file mode 100644
index 83118ca..0000000
Binary files a/roles/tfe/files/tfe and /dev/null differ
diff --git a/roles/tfe/files/tfe-4.0.5.348afbc-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.0.5.348afbc-1.el7.x86_64.rpm
deleted file mode 100644
index b3c2b3c..0000000
Binary files a/roles/tfe/files/tfe-4.0.5.348afbc-1.el7.x86_64.rpm and /dev/null differ
diff --git a/roles/tfe/files/tfe-4.1.0.d94c397-1.el7.x86_64.rpm b/roles/tfe/files/tfe-4.1.0.d94c397-1.el7.x86_64.rpm
new file mode 100644
index 0000000..23618cd
Binary files /dev/null and b/roles/tfe/files/tfe-4.1.0.d94c397-1.el7.x86_64.rpm differ
diff --git a/roles/tfe/files/tfe-kmod-6ed8c79-1dkms.noarch.rpm b/roles/tfe/files/tfe-kmod-6ed8c79-1dkms.noarch.rpm
deleted file mode 100644
index 0fb5ae5..0000000
Binary files a/roles/tfe/files/tfe-kmod-6ed8c79-1dkms.noarch.rpm and /dev/null differ
diff --git a/roles/tfe/files/tfe-kmod-c498d30-1dkms.noarch.rpm b/roles/tfe/files/tfe-kmod-c498d30-1dkms.noarch.rpm
deleted file mode 100644
index 76fb5b9..0000000
Binary files a/roles/tfe/files/tfe-kmod-c498d30-1dkms.noarch.rpm and /dev/null differ
diff --git a/roles/tfe/files/tfe-kmod-v1.0.3.20190828-1dkms.noarch.rpm b/roles/tfe/files/tfe-kmod-v1.0.3.20190828-1dkms.noarch.rpm
new file mode 100644
index 0000000..4fadd64
Binary files /dev/null and b/roles/tfe/files/tfe-kmod-v1.0.3.20190828-1dkms.noarch.rpm differ
diff --git a/roles/tfe/tasks/main.yml b/roles/tfe/tasks/main.yml
index 0f1ef4e..c1b7c85 100644
--- a/roles/tfe/tasks/main.yml
+++ b/roles/tfe/tasks/main.yml
@@ -8,24 +8,10 @@
   yum:
     name: "{{ packages }}"
     state: present
-    allow_downgrade: yes
   vars:
     packages:
-      - /tmp/ansible_deploy/tfe-4.0.5.348afbc-1.el7.x86_64.rpm
-
-- name: "hotfix tfe program"
-  synchronize:
-    src: "{{ role_path }}/files/tfe"
-    dest: /home/tsg/tfe/bin/tfe
-
-#- name: "remove the old tfe-kmod"
-#  command: rpm -e tfe-kmod
-
-#- name: "delete the tfe_kmod.ko"
-#  command: rm -f /lib/modules/5.1.8-1.el7.elrepo.x86_64/extra/tfe_kmod.ko
-
-#- name: "reinstall the tfe-kmod"
-#  command: rpm -i /tmp/ansible_deploy/tfe-kmod-c498d30-1dkms.noarch.rpm --force
+      - /tmp/ansible_deploy/tfe-kmod-v1.0.3.20190828-1dkms.noarch.rpm
+      - /tmp/ansible_deploy/tfe-4.1.0.d94c397-1.el7.x86_64.rpm
 
 - name: "template tfe-env config"
   template:
@@ -42,11 +28,6 @@
     src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
     dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf
 
-- name: "deploy qaznet cert"
-  copy:
-    src: "{{ role_path }}/files/qaznet_intermedia.pem"
-    dest: "/home/tsg/tfe/resource/tfe/qaznet_intermedia.pem"
-
 - name: "start tfe-kmod"
   modprobe:
     name: tfe_kmod
@@ -57,17 +38,3 @@
     name: tfe-env
     enabled: yes
     daemon_reload: yes
-    state: restarted
-
-- name: "add tfe-kmod to boot"
-  template:
-    src: "{{ role_path }}/templates/tfe_kmod.conf.j2"
-    dest: /etc/modules-load.d/tfe_kmod.conf
-
-- name: "bootup tfe"
-  blockinfile:
-    path: /etc/rc.d/rc.local
-    marker: "## {mark} bootstrap tfe"
-    block: |
-        systemctl start tfe-env
-        cd /home/tsg/tfe; ./r2_tfe
diff --git a/roles/tfe/templates/tfe.conf.j2 b/roles/tfe/templates/tfe.conf.j2
index 5816ef7..0c68ba7 100644
--- a/roles/tfe/templates/tfe.conf.j2
+++ b/roles/tfe/templates/tfe.conf.j2
@@ -29,7 +29,7 @@ mode= {{ tfe.keykeeper.mode }}
 no_cache=0
 cert_store_host= {{ cert_store_server.address }}
 cert_store_port= {{ cert_store_server.port }}
-ca_path=resource/tfe/qaznet_intermedia.pem
+ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
 untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
 
 [debug]