将rulescan.h的编码由GBK转为utf8

src/inc_internal/view_only/rulescan.h

@@ -1,4 +1,4 @@
-/*
+/*
  *
  * Copyright (c) 2014
  * String Algorithms Research Group
@@ -23,294 +23,294 @@ extern "C"
 {
 #endif
 
-	/* rulescan_set_param<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õIJ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* rulescan_set_param函数可设置的参数类型 */
 	enum RULESCAN_PARA_NAME
 	{
-		RULESCAN_DETAIL_RESULT=1,		/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>־λ<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD>Ϣ, optval<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>Ϊ0<EFBFBD><EFBFBD>Ĭ<EFBFBD>ϲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><EFBFBD>Ϣ*/
-		RULESCAN_REGEX_GROUP  =2,		/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>־λ<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽƥ<EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֶΣ<EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>RULESCAN_DETAIL_RESULT<EFBFBD><EFBFBD>־λ,optval<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>Ϊ0<EFBFBD><EFBFBD>Ĭ<EFBFBD>ϲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ط<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ */
-		RULEACAN_ERRLOG_CLOSE,			/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>־λ<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>ر<EFBFBD>Rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>optval<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>Ϊ0<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õĻ<EFBFBD>Ĭ<EFBFBD>ϴ<EFBFBD><EFBFBD><EFBFBD>Rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		RULESCAN_ERRLOG_FILE_PATH,		/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>룬optval<EFBFBD><EFBFBD>ֵΪ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־·<EFBFBD><EFBFBD><EFBFBD><EFBFBD>optlenΪ·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD>趨<EFBFBD><EFBFBD>
-										<EFBFBD><EFBFBD><EFBFBD><EFBFBD>־Ĭ<EFBFBD>ϴ洢<EFBFBD>ڿ<EFBFBD>ִ<EFBFBD>г<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰĿ¼<EFBFBD>µ<EFBFBD>rulescan_tmp<EFBFBD><EFBFBD> */
+		RULESCAN_DETAIL_RESULT=1,		/* 本标志位表示：返回详细命中位置等信息, optval设为NULL，optlen设为0。默认不返回详细信息*/
+		RULESCAN_REGEX_GROUP  =2,		/* 本标志位表示：返回正则表达式匹配的分组信息；开启本字段，需要先设置RULESCAN_DETAIL_RESULT标志位,optval设为NULL，optlen设为0。默认不返回分组信息 */
+		RULEACAN_ERRLOG_CLOSE,			/* 本标志位表示：关闭Rulescan错误日志输出，optval设为NULL，optlen设为0。不设置的话默认打开Rulescan错误日志输出 */
+		RULESCAN_ERRLOG_FILE_PATH,		/* 设置Rulescan错误日志的路径名（包含文件名），由用户传入，optval的值为包含文件名的日志路径，optlen为路径长度。如果没有设定，
+										则日志默认存储在可执行程序当前目录下的rulescan_tmp中 */
 	};
 
-	#define MAX_REGEX_GROUP_NUM 5		 /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĸ<EFBFBD><EFBFBD><EFBFBD> */	
+	#define MAX_REGEX_GROUP_NUM 5		 /* 对于正则表达式，所支持的最大分组的个数 */	
 
-	#define MAX_EXPR_ITEM_NUM  (1U<<3)   /* ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>MAX_EXPR_ITEM_NUM<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-	#define MAX_MATCH_POS_NUM  1024      /* ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>õĸ<EFBFBD><EFBFBD><EFBFBD> */
-	#define MATCH_POS_NUM_INC  64		 /* ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>õĸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ */
+	#define MAX_EXPR_ITEM_NUM  (1U<<3)   /* 每条与表达式最多由MAX_EXPR_ITEM_NUM个规则组成 */
+	#define MAX_MATCH_POS_NUM  1024      /* 每条规则最多允许返回的命中位置的个数 */
+	#define MATCH_POS_NUM_INC  64		 /* 每条规则允许返回的命中位置的个数初始值与增量值 */
 
-	/* <EFBFBD><EFBFBD><EFBFBD>岻ͬ<EFBFBD>Ĺ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>  */
-	const unsigned int RULETYPE_STR  = 0; /* <EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƹ<EFBFBD><EFBFBD><EFBFBD> */
-	const unsigned int RULETYPE_REG  = 1; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-	const unsigned int RULETYPE_INT  = 2; /* <EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-	const unsigned int RULETYPE_IPv4 = 3; /* IPv4<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-	const unsigned int RULETYPE_IPv6 = 4; /* IPv6<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* 定义不同的规则类型  */
+	const unsigned int RULETYPE_STR  = 0; /* 字符串或二进制规则 */
+	const unsigned int RULETYPE_REG  = 1; /* 正则表达式规则 */
+	const unsigned int RULETYPE_INT  = 2; /* 数值区间规则 */
+	const unsigned int RULETYPE_IPv4 = 3; /* IPv4规则 */
+	const unsigned int RULETYPE_IPv6 = 4; /* IPv6规则 */
 
-	const unsigned int MAX_RULETYPE     = 5;          /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-	const unsigned int MAX_SUB_RULETYPE = 4096;       /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	const unsigned int MAX_RULETYPE     = 5;          /* 规则类型数量 */
+	const unsigned int MAX_SUB_RULETYPE = 4096;       /* 规则子类型数量 */
 
-	/* <EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͹<EFBFBD><EFBFBD>򣨿ɱ<EFBFBD>ʾ<EFBFBD>ı<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD> */
+	/* 字符串类型规则（可表示文本字符串、二进制字符串、正则表达式） */
 	typedef struct _string_rule_t
 	{
-		char *        str;            /* <EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'\0'<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɲ<EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		unsigned int  len;            /* <EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		unsigned char case_sensitive; /* <EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD>Сд<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƥ<EFBFBD>䣨1<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD>0<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD> */
-		unsigned char match_mode;     /* ƥ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD><EFBFBD>Ӵ<EFBFBD>ƥ<EFBFBD>䣨0<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƥ<EFBFBD>䣨1<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ծ<EFBFBD>ȷ<EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч */
-		int  l_offset;                /* <EFBFBD><EFBFBD>ʾģʽ<EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD>Χ[l_offset, r_offset]<EFBFBD>г<EFBFBD><EFBFBD>֣<EFBFBD>-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,-2<><32>ʾ<EFBFBD><CABE>ƥ<EFBFBD>䣻<EFBFBD><E4A3BB><EFBFBD>Ծ<EFBFBD>ȷ<EFBFBD><C8B7>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD>Ч */
-		int  r_offset;                /* <EFBFBD><EFBFBD>ʾģʽ<EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD>Χ[l_offset, r_offset]<EFBFBD>г<EFBFBD><EFBFBD>֣<EFBFBD>-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,-2<><32>ʾ<EFBFBD><CABE>ƥ<EFBFBD>䣻<EFBFBD><E4A3BB><EFBFBD>Ծ<EFBFBD>ȷ<EFBFBD><C8B7>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD>Ч */
+		char *        str;            /* 字符串内容；如果是正则表达式，须以'\0'结束，可不指定长度 */
+		unsigned int  len;            /* 字符串长度 */
+		unsigned char case_sensitive; /* 是否大小写敏感匹配（1：敏感；0：不敏感） */
+		unsigned char match_mode;     /* 匹配模式：子串匹配（0），完整匹配（1）；仅对精确串匹配有效 */
+		int  l_offset;                /* 表示模式串只能在文本范围[l_offset, r_offset]中出现，-1表示无限制,-2表示左匹配；仅对精确串匹配有效 */
+		int  r_offset;                /* 表示模式串只能在文本范围[l_offset, r_offset]中出现，-1表示无限制,-2表示右匹配；仅对精确串匹配有效 */
 	}string_rule_t;
 
-	/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>򣬱<EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>[lb, ub] */
+	/* 整数数值区间规则，表示整数区间[lb, ub] */
 	typedef struct _interval_rule_t
 	{
-		unsigned int lb; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½磨<EFBFBD><EFBFBD><EFBFBD><EFBFBD>lb<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><EFBFBD>Ϊ0 */
-		unsigned int ub; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½磨<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ub<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><EFBFBD>Ϊ0 */
+		unsigned int lb; /* 数据区间的下界（包含lb），无限制默认为0 */
+		unsigned int ub; /* 数据区间的下界（包含ub），无限制默认为0 */
 	}interval_rule_t;
 
-	/* IPv4<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* IPv4规则 */
 	typedef struct _ipv4_rule_t
 	{
-		unsigned int	min_saddr; /* Դ<EFBFBD><EFBFBD>ַ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */     
-		unsigned int	max_saddr; /* Դ<EFBFBD><EFBFBD>ַ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */    
-		unsigned int    min_daddr; /* Ŀ<EFBFBD>ĵ<EFBFBD>ַ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */      
-		unsigned int    max_daddr; /* Ŀ<EFBFBD>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */ 
-		unsigned short	min_sport; /* Դ<EFBFBD>˿ڷ<EFBFBD>Χ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
-		unsigned short	max_sport; /* Դ<EFBFBD>˿ڷ<EFBFBD>Χ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD><EFBFBD>˿<EFBFBD>=min_sport */
-		unsigned short	min_dport; /* Ŀ<EFBFBD>Ķ˿ڷ<EFBFBD>Χ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
-		unsigned short	max_dport; /* Ŀ<EFBFBD>Ķ˿ڷ<EFBFBD>Χ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD><EFBFBD>˿<EFBFBD>=min_dport */
-		unsigned short	proto;     /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<EFBFBD><EFBFBD>ʾTCP<EFBFBD><EFBFBD>17<EFBFBD><EFBFBD>ʾUDP<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
-		unsigned short	direction; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ˫<EFBFBD><EFBFBD><EFBFBD><EFBFBD>1<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+		unsigned int	min_saddr; /* 源地址下界；0表示忽略本字段 */     
+		unsigned int	max_saddr; /* 源地址上界；0表示固定IP=min_saddr */    
+		unsigned int    min_daddr; /* 目的地址下界；0表示忽略本字段 */      
+		unsigned int    max_daddr; /* 目的地址上界；0表示固定IP=min_daddr */ 
+		unsigned short	min_sport; /* 源端口范围下界；0表示忽略本字段 */
+		unsigned short	max_sport; /* 源端口范围上界；0表示固定端口=min_sport */
+		unsigned short	min_dport; /* 目的端口范围下界；0表示忽略本字段 */
+		unsigned short	max_dport; /* 目的端口范围上界；0表示固定端口=min_dport */
+		unsigned short	proto;     /* 传输层协议，6表示TCP，17表示UDP；0表示忽略本字段 */
+		unsigned short	direction; /* 方向，0表示双向，1表示单向 */
 	}ipv4_rule_t;
 
-	/* IPv6<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* IPv6规则 */
 	typedef struct _ipv6_rule_t
 	{
-		unsigned int	min_saddr[4]; /* Դ<EFBFBD><EFBFBD>ַ<EFBFBD>½磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */     
-		unsigned int	max_saddr[4]; /* Դ<EFBFBD><EFBFBD>ַ<EFBFBD>Ͻ磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */
-		unsigned int	min_daddr[4]; /* Ŀ<EFBFBD>ĵ<EFBFBD>ַ<EFBFBD>½磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */      
-		unsigned int	max_daddr[4]; /* Ŀ<EFBFBD>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */ 
-		unsigned short	min_sport;    /* Դ<EFBFBD>˿ڷ<EFBFBD>Χ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
-		unsigned short	max_sport;    /* Դ<EFBFBD>˿ڷ<EFBFBD>Χ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD><EFBFBD>˿<EFBFBD>=min_sport */
-		unsigned short	min_dport;    /* Ŀ<EFBFBD>Ķ˿ڷ<EFBFBD>Χ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
-		unsigned short	max_dport;    /* Ŀ<EFBFBD>Ķ˿ڷ<EFBFBD>Χ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD><EFBFBD>˿<EFBFBD>=min_dport */
-		unsigned short	proto;        /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<EFBFBD><EFBFBD>ʾTCP<EFBFBD><EFBFBD>17<EFBFBD><EFBFBD>ʾUDP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><EFBFBD>Ϊ0 */
-		unsigned short	direction;    /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ˫<EFBFBD><EFBFBD><EFBFBD><EFBFBD>1<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+		unsigned int	min_saddr[4]; /* 源地址下界；全0表示忽略本字段 */     
+		unsigned int	max_saddr[4]; /* 源地址上界；全0表示固定IP=min_saddr */
+		unsigned int	min_daddr[4]; /* 目的地址下界；全0表示忽略本字段 */      
+		unsigned int	max_daddr[4]; /* 目的地址上界；全0表示固定IP=min_daddr */ 
+		unsigned short	min_sport;    /* 源端口范围下界；0表示忽略本字段 */
+		unsigned short	max_sport;    /* 源端口范围上界；0表示固定端口=min_sport */
+		unsigned short	min_dport;    /* 目的端口范围下界；0表示忽略本字段 */
+		unsigned short	max_dport;    /* 目的端口范围上界；0表示固定端口=min_dport */
+		unsigned short	proto;        /* 传输层协议，6表示TCP，17表示UDP，无限制默认为0 */
+		unsigned short	direction;    /* 方向，0表示双向，1表示单向 */
 	}ipv6_rule_t;
 
-	/* ͨ<EFBFBD>õĹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* 通用的规则类型 */
 	typedef struct _scan_rule_t
 	{
-		unsigned int rule_type;              /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD>ٹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮һ */
-		unsigned int sub_type;               /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><EFBFBD>û<EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD>壬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͸<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>MAX_SUB_RULETYPE<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰ<EFBFBD>Ķ<EFBFBD><EFBFBD>壩 */
-		union                                /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>rule_type<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD>䡢<EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+		unsigned int rule_type;              /* 规则类型，必须为上述枚举规则类型之一 */
+		unsigned int sub_type;               /* 子类类型，用户自定义，但子类型个数不允许超过MAX_SUB_RULETYPE（见前文定义） */
+		union                                /* 根据rule_type决定规则是字符串、数值区间、还是IP规则 */
 		{
-			string_rule_t    string_rule;    /* <EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ơ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD> */
-			interval_rule_t  interval_rule;  /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-			ipv4_rule_t      ipv4_rule;      /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv4<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-			ipv6_rule_t      ipv6_rule;      /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv6<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+			string_rule_t    string_rule;    /* 字符串规则（字符串、二进制、正则表达式） */
+			interval_rule_t  interval_rule;  /* 整数数值区间规则 */
+			ipv4_rule_t      ipv4_rule;      /* 带掩码的IPv4规则 */
+			ipv6_rule_t      ipv6_rule;      /* 带掩码的IPv6规则 */
 		};
 	}scan_rule_t;
 
-	/* һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* 一条与表达式规则 */
 	typedef struct _boolean_expr_t
 	{
-		unsigned int  expr_id;   /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>ID */
-		unsigned int  operation; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽִ<EFBFBD>еIJ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>ӣ<EFBFBD>1<EFBFBD><EFBFBD>ʾɾ<EFBFBD><EFBFBD> */
-		unsigned int  rnum;      /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ٸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>operation=1<EFBFBD><EFBFBD><EFBFBD><EFBFBD>rnum=0<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		scan_rule_t * rules;     /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>operation=1<EFBFBD><EFBFBD><EFBFBD><EFBFBD>rules=NULL<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		void *        tag;       /* <EFBFBD>û<EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+		unsigned int  expr_id;   /* 与表达式的ID */
+		unsigned int  operation; /* 对与表达式执行的操作：0表示增加，1表示删除 */
+		unsigned int  rnum;      /* 该与表达式包含多少个项；如果operation=1，置rnum=0即可 */
+		scan_rule_t * rules;     /* 组成与表达式的项；如果operation=1，置rules=NULL即可 */
+		void *        tag;       /* 用户自定义数据，命中时随匹配结果返回 */
 	}boolean_expr_t;
 
 
-	/* <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* 待扫描的文本数据类型 */
 	typedef struct _text_data_t
 	{
-		const char * text;   /* <EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		unsigned int tlen;   /* <EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݳ<EFBFBD><EFBFBD><EFBFBD> */
-		int			 toffset;/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ƫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>룬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0) */  
+		const char * text;   /* 文本数据内容 */
+		unsigned int tlen;   /* 文本数据长度 */
+		int			 toffset;/* 本段文本数据在整个流数据中的偏移量，流式扫描情况下有效，由用户传入，其它情况置为0(这个必须置为0) */  
 	}text_data_t;
 
-	/* <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv4Ԫ<EFBFBD><EFBFBD> */
+	/* 待扫描的IPv4元组 */
 	typedef struct _ipv4_data_t
 	{
-		unsigned int       saddr; /* ԴIP<EFBFBD><EFBFBD>ַ */
-		unsigned int       daddr; /* Ŀ<EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD>ַ */
-		unsigned short int sport; /* Դ<EFBFBD>˿<EFBFBD> */
-		unsigned short int dport; /* Ŀ<EFBFBD>Ķ˿<EFBFBD> */
-		unsigned short int proto; /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<EFBFBD><EFBFBD>ʾTCP<EFBFBD><EFBFBD>17<EFBFBD><EFBFBD>ʾUDP */
+		unsigned int       saddr; /* 源IP地址 */
+		unsigned int       daddr; /* 目的IP地址 */
+		unsigned short int sport; /* 源端口 */
+		unsigned short int dport; /* 目的端口 */
+		unsigned short int proto; /* 传输层协议，6表示TCP，17表示UDP */
 	}ipv4_data_t;
 
-	/* <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv6Ԫ<EFBFBD><EFBFBD> */
+	/* 待扫描的IPv6元组 */
 	typedef struct _ipv6_data_t
 	{
-		unsigned int       saddr[4]; /* ԴIP<EFBFBD><EFBFBD>ַ */
-		unsigned int       daddr[4]; /* Ŀ<EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD>ַ */
-		unsigned short int sport;    /* Դ<EFBFBD>˿<EFBFBD> */
-		unsigned short int dport;    /* Ŀ<EFBFBD>Ķ˿<EFBFBD> */
-		unsigned short int proto;    /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<EFBFBD><EFBFBD>ʾTCP<EFBFBD><EFBFBD>17<EFBFBD><EFBFBD>ʾUDP */
+		unsigned int       saddr[4]; /* 源IP地址 */
+		unsigned int       daddr[4]; /* 目的IP地址 */
+		unsigned short int sport;    /* 源端口 */
+		unsigned short int dport;    /* 目的端口 */
+		unsigned short int proto;    /* 传输层协议，6表示TCP，17表示UDP */
 	}ipv6_data_t;
 
-	/* ͨ<EFBFBD>õĴ<EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* 通用的待扫描数据类型 */
 	typedef struct _scan_data_t
 	{
-		unsigned int rule_type;     /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD>ٹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮һ */
-		unsigned int sub_type;      /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><EFBFBD>û<EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD>壬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͸<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>MAX_SUB_RULETYPE<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰ<EFBFBD>Ķ<EFBFBD><EFBFBD>壩 */
-		union                       /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>rule_type<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPԪ<EFBFBD><EFBFBD> */
+		unsigned int rule_type;     /* 规则类型，必须为上述枚举规则类型之一 */
+		unsigned int sub_type;      /* 子类类型，用户自定义，但子类型个数不允许超过MAX_SUB_RULETYPE（见前文定义） */
+		union                       /* 根据rule_type决定数据负载是字符串、数值、还是IP元组 */
 		{
-			text_data_t  text_data; /* <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ơ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD> */
-			unsigned int int_data;  /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD>䣩 */
-			ipv4_data_t  ipv4_data; /* <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv4Ԫ<EFBFBD><EFBFBD> */
-			ipv6_data_t  ipv6_data; /* <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv6Ԫ<EFBFBD><EFBFBD> */
+			text_data_t  text_data; /* 待扫描文本数据（可匹配字符串、二进制、正则表达式） */
+			unsigned int int_data;  /* 整数数值（可匹配数值区间） */
+			ipv4_data_t  ipv4_data; /* 待扫描的IPv4元组 */
+			ipv6_data_t  ipv6_data; /* 待扫描的IPv6元组 */
 		};
 	}scan_data_t;
 
 	/*
-	   ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>scan_result_t<EFBFBD><EFBFBD>rule_result_t˵<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	1<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>Ӧһ<EFBFBD><EFBFBD>scan_result_t<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ò<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>rnum<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>scan_result_t::result[k]<EFBFBD><EFBFBD>0<=k<rnum<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	   扫描结果类型scan_result_t和rule_result_t说明：
+	1、对于命中的每个布尔表达式，一条表达式对应一条scan_result_t结果，该布尔表达式包含rnum个规则，每个规则均对应于一个结果scan_result_t::result[k]（0<=k<rnum）。
 
-	2<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ھ<EFBFBD>ȷ<EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>position<EFBFBD><EFBFBD>length<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD>еľ<EFBFBD>ȷ<EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>result_num<EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>i<EFBFBD><EFBFBD>0<=i<result_num<75><6D><EFBFBD><EFBFBD>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<CABC>úͳ<C3BA><CDB3>ȷֱ<C8B7><D6B1>ǣ<EFBFBD>
+	2、对于精确字符串，结果数组position和length释义如下：
+	命中的精确字符串包含result_num个匹配结果，第i（0<=i<result_num）个匹配结果的起始位置和长度分别是：
 	   (position[i], length[i])
 
-	3<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>position<EFBFBD><EFBFBD>length<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>result_num<EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>group_num+1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ԫ<EFBFBD>ء<EFBFBD><D8A1><EFBFBD><EFBFBD>ڵ<EFBFBD>i<EFBFBD><69>0<=i<result_num<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD>a<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<EFBFBD>úͳ<EFBFBD><EFBFBD>ȷֱ<EFBFBD><EFBFBD>ǣ<EFBFBD>
+	3、对于正则表达式，结果数组position和length释义如下：
+	命中的正则表达式包含result_num个匹配结果，每个匹配结果包含group_num+1个数组元素。对于第i（0<=i<result_num）个匹配结果：
+	（a）整条正则表达式匹配的起始位置和长度分别是：
 	   (position[(group_num+1)*i],     length[(group_num+1)*i])
-	<EFBFBD><EFBFBD>b<EFBFBD><EFBFBD><EFBFBD><EFBFBD>j<EFBFBD><EFBFBD>0<=j<group_num<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<EFBFBD>úͳ<EFBFBD><EFBFBD>ȷֱ<EFBFBD><EFBFBD>ǣ<EFBFBD>
+	（b）第j（0<=j<group_num）个分组的起始位置和长度分别是：
 	   (position[(group_num+1)*i+j+1], length[(group_num+1)*i+j+1])
 	*/
 
-	/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* 规则的扫描结果类型 */
 	typedef struct _rule_result_t
 	{
-		unsigned int rule_type;                   /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD>ٹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮һ */
-		unsigned int group_num;                   /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD>͹<EFBFBD><EFBFBD>򣬱<EFBFBD><EFBFBD>ֶα<EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>飨capturing group<75><70><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0 */
-		unsigned int result_num;                  /* <EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĸ<EFBFBD><EFBFBD><EFBFBD> */
-		unsigned int position[MAX_MATCH_POS_NUM]; /* <EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<EFBFBD><EFBFBD> */
-		unsigned int length[MAX_MATCH_POS_NUM];   /* <EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ij<EFBFBD><EFBFBD>ȣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еģ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD>Ӧ<EFBFBD><EFBFBD>length=0, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<49>࣬<EFBFBD><E0A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0*/
+		unsigned int rule_type;                   /* 规则的类型，必须为上述枚举规则类型之一 */
+		unsigned int group_num;                   /* 对于正则表达式类型规则，本字段表示捕获分组（capturing group）的个数；否则设置为0 */
+		unsigned int result_num;                  /* 该规则所有命中结果的个数 */
+		unsigned int position[MAX_MATCH_POS_NUM]; /* 该规则所有命中结果的起始位置 */
+		unsigned int length[MAX_MATCH_POS_NUM];   /* 该规则所有命中结果的长度；如果该命中结果是在以前的数据包中命中的，则设置对应的length=0, 对于整数区间与IP类，长度置为0*/
 	}rule_result_t;
 
-	/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+	/* 布尔表达式的扫描结果类型 */
 	typedef struct _scan_result_t
 	{
-		unsigned int  expr_id;                     /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>ID */
-		unsigned int  rnum;                        /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ٸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		rule_result_t result[MAX_EXPR_ITEM_NUM];  /* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-		void *        tag;                         /* <EFBFBD>û<EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>ƥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+		unsigned int  expr_id;                     /* 与表达式的ID */
+		unsigned int  rnum;                        /* 该与表达式包含多少个规则 */
+		rule_result_t result[MAX_EXPR_ITEM_NUM];  /* 布尔表达式中每个规则对应的扫描结果 */
+		void *        tag;                         /* 用户自定义数据，命中时随匹配结果返回 */
 	}scan_result_t;
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		max_thread_num [in]: ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɲ<EFBFBD><EFBFBD><EFBFBD>ִ<EFBFBD>е<EFBFBD><EFBFBD>߳<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪNULLʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD>ʧ<EFBFBD>ܡ<EFBFBD>
+	功能：扫描器初始化，生成扫描器对象。
+	参数：
+		max_thread_num [in]: 扫描器可并行执行的线程数。
+	返回值：
+		扫描器句柄；返回值为NULL时，表示初始化失败。
 	*/
 	void * rulescan_initialize(unsigned int max_thread_num);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>rulescan_update֮ǰ<EFBFBD>ɶ<EFBFBD><EFBFBD>ε<EFBFBD><EFBFBD>ã<EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͡<EFBFBD>Rulescan<EFBFBD><EFBFBD>Ĭ<EFBFBD>ϲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><EFBFBD>Ϣ
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		instance[in]:			ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>룻
-		optname [in]:           <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD>
-		optval [in]:            optval<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ľ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>
-		optlen [in]:            optval<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ľ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݡ<EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		1<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD><EFBFBD>ã<EFBFBD>-1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD>ܡ<EFBFBD>
+	功能：
+		设置扫描参数，本函数在rulescan_update之前可多次调用，每次设置一种扫描类型。Rulescan中默认不返回命中位置等详细信息
+	参数：
+		instance[in]:			扫描器对象指针；
+		optname [in]:           参数类型；
+		optval [in]:            optval和optlen表示参数的具体内容；
+		optlen [in]:            optval和optlen表示参数的具体内容。
+	返回值：
+		1：正确设置，-1：设置失败。
 	*/
 	int rulescan_set_param(void * instance, enum RULESCAN_PARA_NAME optname, const void * optval, unsigned int optlen);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD>̬ע<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>󡣶<EFBFBD><EFBFBD><EFBFBD>ͬһ<EFBFBD><EFBFBD>instance<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬʱ<EFBFBD>ж<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̡߳<EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		instance[in]:		ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>룻
-		expr_array[in]:		һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD>
-		epxr_num[in]:		<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD>ĸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		failed_ids[out]:	<EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>id<EFBFBD><EFBFBD>failed_ids[0]<5D><>ʾ<EFBFBD>Ƿ<EFBFBD>id<69>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD><EFBFBD>failed_ids[1...failed_ids[0]]<5D><>¼<EFBFBD>Ƿ<EFBFBD>id<69><64>Ŀǰֻ<C7B0>Ժ<EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>಼<EFBFBD><E0B2BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>Ч<EFBFBD><D0A7>
-		failed_size[in]:	failed_ids<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD>С<EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ1ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾע<EFBFBD><EFBFBD><EFBFBD>ɹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ-1ʱ<31><CAB1><EFBFBD><EFBFBD>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	功能：动态注册一组与表达式，更新扫描器对象。对于同一个instance句柄，不允许同时有多个更新线程。
+	参数：
+		instance[in]:		扫描器对象指针；
+		expr_array[in]:		一组与表达式；
+		epxr_num[in]:		与表达式的个数；
+		failed_ids[out]:	非法规则的id；failed_ids[0]表示非法id的个数，failed_ids[1...failed_ids[0]]记录非法id，目前只对含一个正则规则的这类布尔表达式有效；
+		failed_size[in]:	failed_ids数组的大小。
+	返回值：
+		返回值为1时，表示注册成功；返回值为-1时，表示出错。
 	*/
 	int rulescan_update(void * instance, boolean_expr_t * expr_array, unsigned int expr_num, unsigned int * failed_ids, unsigned int failed_size);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD>ͷ<EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>󣻱<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD>Ρ<EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		instance [in]: ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>롣
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD>ޡ<EFBFBD>
+	功能：释放扫描器对象；本函数仅调用一次。
+	参数：
+		instance [in]: 扫描器指针。
+	返回值：
+		无。
 	*/
 	void rulescan_destroy(void * instance);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<EFBFBD>裬<EFBFBD><EFBFBD><EFBFBD>뱣<EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD>IJ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		instance [in]:  ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>룻
-		thread_id [in]: <EFBFBD><EFBFBD>ǰִ<EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>id<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD>Χ[0, max_thread_num-1]֮<EFBFBD>ڡ<EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD>ر<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD>IJ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪNULLʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾʧ<EFBFBD>ܡ<EFBFBD>
+	功能：启动一次流式扫描，申请保存流状态的参数。
+	参数：
+		instance [in]:  扫描器指针；
+		thread_id [in]: 当前执行扫描的线程id，必须在范围[0, max_thread_num-1]之内。
+	返回值：
+		返回保存流状态的参数；返回值为NULL时，表示失败。
 	*/
 	void * rulescan_startstream(void * instance, unsigned int thread_id);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD>ʽɨ<EFBFBD><EFBFBD><EFBFBD>ӿڣ<EFBFBD>ɨ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>scan_data<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬stream_param<EFBFBD>У<EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD>1<EFBFBD><EFBFBD>presults<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD>*presults<74><73><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD>˴ε<CBB4><CEB5><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD>2<EFBFBD><EFBFBD>presultsΪNULL  <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫɨ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD>ȴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ټ<EFBFBD><EFBFBD>㲢<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-			 <EFBFBD><EFBFBD><EFBFBD><EFBFBD>rulescan_computeresult<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		stream_param [in]: <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD>IJ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		scan_data [in]:    <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>
-		presults [out]:    <EFBFBD><EFBFBD><EFBFBD><EFBFBD>presults<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DZ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>һ<EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		size [in]:		   <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>presults<EFBFBD>Ĵ<EFBFBD>С<EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫɨ<EFBFBD>裨presultsΪNULL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>򷵻<EFBFBD>ֵΪ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еĹؼ<EFBFBD><EFBFBD>ʣ<EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD><EFBFBD>䡢IP<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȣ<EFBFBD><EFBFBD>ĸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD><EFBFBD>presult<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD><EFBFBD>򷵻<EFBFBD>ֵΪ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD>ĸ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	功能：流式扫描接口，扫描一段数据scan_data，并将中间扫描结果保存在流状态stream_param中；
+		本函数支持两种扫描模式：
+		（1）presults不为NULL：本段流数据扫描结束后立即通过*presults返回一组此次的命中结果；
+		（2）presults为NULL  ：完全扫描模式，表示等待整个流扫描结束后，再计算并返回整个流的全部命中结果，
+			 详见rulescan_computeresult函数。
+	参数：
+		stream_param [in]: 保存流状态的参数；
+		scan_data [in]:    待扫描数据；
+		presults [out]:    如果presults不为NULL，则存的是本次命中的一组扫描结果；
+		size [in]:		   结果数组presults的大小。
+	返回值：
+		如果是流式的完全扫描（presults为NULL），则返回值为本次扫描命中的关键词（数值区间、IP规则等）的个数；
+		如果presult不为NULL，则返回值为本次扫描命中的与表达式的个数，-1表示出错。
 	*/
 	int rulescan_searchstream(void * stream_param,  scan_data_t * scan_data, scan_result_t * presults, unsigned int size);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>󣬼<EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		stream_param [in]: <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<EFBFBD><EFBFBD>ָ<EFBFBD>룻
-		presults [out]:    <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>飬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>id<EFBFBD><EFBFBD>
-		size [in]:         <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>presults<EFBFBD>Ĵ<EFBFBD>С<EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><=size<7A><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	功能：数据流扫描结束后，计算扫描结果。
+	参数：
+		stream_param [in]: 保存流状态的指针；
+		presults [out]:    结果数组，保存所有命中的与表达式规则id；
+		size [in]:         结果数组presults的大小。
+	返回值：
+		命中与表达式规则的数量（<=size）；返回值为-1表示出错。
 	*/
 	int rulescan_computeresult(void * stream_param, scan_result_t * presults, unsigned int size);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<EFBFBD>裬<EFBFBD>ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>µ<EFBFBD><EFBFBD>øýӿ<EFBFBD><EFBFBD>ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>ڽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD>֮ǰ<EFBFBD><EFBFBD>û<EFBFBD>е<EFBFBD><EFBFBD><EFBFBD>
-		  rulescan_destroy<EFBFBD><EFBFBD><EFBFBD><EFBFBD>rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		stream_param [in]: <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>롣
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD>ޡ<EFBFBD>
+	功能：结束流式扫描，释放流参数。正常流程情况下调用该接口释放流参数，正常流程指在结束流扫描之前还没有调用
+		  rulescan_destroy销毁rulescan句柄。
+	参数：
+		stream_param [in]: 流参数指针。
+	返回值：
+		无。
 	*/ 
 	void rulescan_endstream(void * stream_param);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<EFBFBD>裬<EFBFBD>ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȵ<EFBFBD><EFBFBD><EFBFBD>rulescan_destroy<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮<EFBFBD><EFBFBD><EFBFBD>ٽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		  <EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>rulescan_endstream_simple<EFBFBD><EFBFBD><EFBFBD>ͷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>²ŵ<EFBFBD><EFBFBD>øýӿڡ<EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		stream_param [in]: <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>롣
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD>ޡ<EFBFBD>
+	功能：结束流式扫描，释放流参数。对于先调用rulescan_destroy销毁了rulescan句柄之后再结束流扫描的情况，
+		  需要调用rulescan_endstream_simple来释放流参数，仅限于这种情况下才调用该接口。
+	参数：
+		stream_param [in]: 流参数指针。
+	返回值：
+		无。
 	*/ 
 	void rulescan_endstream_simple(void * stream_param);
 
 	/*
-	<EFBFBD><EFBFBD><EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<EFBFBD><EFBFBD><EFBFBD>ӿڣ<EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>󷵻<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-		instance [in]:	   ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>룻
-		thread_id [in]:	   <EFBFBD><EFBFBD>ǰִ<EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>id<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD>Χ[0, max_thread_num-1]֮<EFBFBD>ڣ<EFBFBD>
-		scan_data [in]:    <EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>
-		presults [out]:    <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>飬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>id<EFBFBD><EFBFBD>
-		size [in]:         <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>presults<EFBFBD>Ĵ<EFBFBD>С<EFBFBD><EFBFBD>
-	<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><EFBFBD>
-		<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><=size<7A><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	功能：非流式扫描接口，扫描结束后返回所有命中结果。
+	参数：
+		instance [in]:	   扫描器指针；
+		thread_id [in]:	   当前执行扫描的线程id，必须在范围[0, max_thread_num-1]之内；
+		scan_data [in]:    待扫描数据；
+		presults [out]:    结果数组，保存所有命中的与表达式规则id；
+		size [in]:         结果数组presults的大小。
+	返回值：
+		命中与表达式规则的数量（<=size）；返回值为-1表示出错。
 	*/
 	int rulescan_search(void * instance, unsigned int thread_id, scan_data_t * scan_data, scan_result_t * presults, unsigned int size);