📃 docs(upgrade readme):

1 files changed, 31 insertions, 55 deletions

diff --git a/readme.md b/readme.md
index 0ebf2b9..439bbbd 100644
--- a/readme.md
+++ b/readme.md
@@ -4,24 +4,27 @@ A stateful network function could be a firewall, a load balancer, or an IDS.
 
 ## Concept
 
-**Pakcet** is 
+**Pakcet** In Stellar, a "Packet" is an abstraction of a network packet, primarily focusing on the parsed data from its encapsulation layers.
 
 **Session** is defined as a sequence of packets that share the same traffic attributes, such as TCP or UDP sessions.
 
 * Each session has a message queue, which facilitates the exchange of messages among plugins. The message delivery is in the session scope.
 * EXdata (Extra Data) is attached to a session for plugin context management.
 
-**Plugin** is a per-session actor for fast network function development, which built on the concepts of sessions and messages. plugins are decoupled through the publish-subscribe mechanism.
+**Plugin** is a modular component for fast network function development, operating at either packet or session level.
+
+* **Session-Level Plugin** operate as a per-session actor, built on the concepts of sessions and messages. plugins are decoupled through the publish-subscribe mechanism. Additionally, each plugin employs EXdata for the sharing and management of persistent session-specific data.
+* **Packet-Level Plugin** functions as a callback process filtered by IP protocol, specifically tailored for processing and responding to individual packets at the packet level..
 
 ## Architecture
 
 The stellar components are:
 
 - **Packet IO** built an abstraction of network IO devices.
-- **Packet Parser** 
-- **Session Manager** has a hash table for tracking sessions. The caller feeds packets to the session manager and may return triggered session events.
-- **Plugin Manager** loads C/Lua plugins and manages per-plugin, per-session context. When the caller feeds an event to the plugin manager, it invokes plugin callbacks.
-- **Protocol Decoders** are plugins that parse and extract information from session.
+- **Packet Parser** transforms raw network packets into structured encapsulation layers.
+- **Session Manager** has a hash table for tracking sessions. The caller feeds packets to the session manager and may return relevant session.
+- **Plugin Manager** loads C plugins and manages per-plugin, per-session context. When the caller update a session to the plugin manager, it may invokes plugin start, stop,or running.
+- **Protocol Decoders** are plugins that parse and extract information from session, then publish messages to relevant topic.
 
 ![stellar-high-level-design](./docs/imgs/stellar-high-level-design.svg)
 
@@ -29,7 +32,7 @@ The stellar components are:
 
 All session has three states for plugin view, which are Opening, Active, Closing.
 
-![stellar-session-life-cycle](./docs/images/firewall-session-lifecycle.png)
+![stellar-session-life-cycle](./docs/imgs/session-lifecycle.png)
 
 ## Worker Thread
 
@@ -37,69 +40,42 @@ All session has three states for plugin view, which are Opening, Active, Closing
 struct packet;
 struct session;
 
-packet_io_loop()
+struct packet_parser *parser;
+struct session_manager *sess_mgr;
+struct plugin_manager *plug_mgr;
+
+worker_thread_loop()
 {
-  packet_io_device_rx(&rx_pkt)
-  //ingress processing: Tunnel decoding, IP defragmentation
-  session_manager();
-  plugin_manager();
-  //egress processing: AMQ
-  rl_group_id=pkt_get_group_id(rx_pkt);
-  void *raw_pkt=pkt_get_raw(rx_pkt);
-  AMQ_enqueue(group_id[], raw_pkt, pkt_sz);
 
-}
-```
+  struct mariso_buff *raw_pkt=marsio_rx();
 
-## Plugin Manager
+//ingress processing: encap decoding, IP defragmentation
+  struct packet *pkt=parse_pkt(parser ,raw_pkt);
 
-Plugin Management APIs
+  plugin_mgr_on_packet(plug_mgr ,pkt);
 
-```
-/*
- * The pm_session_dettach_me just sets the flag to disable this plugin and no longer call this event callback.
- * Before calling pm_session_dettach_me, the current plugin must release related resources for the current session.
- */
-pm_session_dettach_me(session);
-
-/*
- * The current plugin(cb2) takes over the current session, the pm_session_take_over setting flag disables other plugins,
- * and the current session does not call other plugins except for the SESSION_EVENT_CLOSING event.
- *
- *                               +-----+   +-----+   +-----+   +-----+
- * Plugin runtime callback list: | cb1 |-->| cb2 |-->| cb3 |-->| cb4 |
- *                               +-----+   +-----+   +-----+   +-----+
- *                                           /|\
- *                                            |
- *                         plugin cb2 run pm_session_take_over
- * 
- * A plugin(cb1/cb3/cb4) that is taken over, if the plugin was called before being taken over and has a registered SESSION_EVENT_CLOSING event,
- * it will be called again when the SESSION_EVENT_CLOSING event comes. Otherwise, the plugin will not be called.
- */
-pm_session_take_over(session);
+  struct session *sess=session_mgr_update(sess_mgr,pkt);
+
+  plugin_mgr_on_session_update(plug_mgr, sess, pkt);
+
+//egress processing
+  marsio_tx(raw_pkt);
+}
 ```
 
 ## Plugin Example
 
 ```
-plugin_entry(session, ctx)
+plugin_on_tcp_msg(session, msg, ctx)// topic TCP
 {
-  session_get_metadata(session, "fw_action", value);
-  if(value==INTERCEPT)
-  {
-    //pm_session_dettach_me(session);
-    return;
-  }
   ret=check_security_policy(session);
-  if(ret==INTERCEPT)
+  if(ret==SHUNT)
   {
-    pm_session_take_over(session);
+    plugin_detach_session(session);
   }
-  else if(ret==RATE_LIMIT)
+  else if(ret==DENY)
   {
-    group_id=security_policy_id;
-    amq_group_create(group_id, CIR, CBS);
-    session_set_ratelimit_group(session, group_id);
+    //;
   }
 }
 ```