gfwleak/pangu-mesa-plug
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加安装配置文件

Browse Source
This commit is contained in:
liuxueli
2019-07-04 09:56:10 +08:00
parent 2d4de570b6
commit f1efb711cf
29 changed files with 1949 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
CMakeLists.txt
View File

@@ -15,6 +15,7 @@ if(ENABLE_NTC_SWITCH)
project(mesa_ntc_plug)
endif()
add_definitions(-DNTC_SWITCH=1)
set(config_path ntcconf/)
else()
if(ENABLE_T1_SWITCH)
project(mesa_soq_t1_plug)
@@ -25,6 +26,7 @@ else()
if(ENABLE_T1_SWITCH AND ENABLE_T2_SWITCH)
project(mesa_soq_plug)
endif()
set(config_path soqconf/)
endif()
@@ -44,6 +46,8 @@ set(ALLOW_DUPLICATE_CUSTOM_TARGETS TRUE)
set(CPACK_RPM_DEBUGINFO_PACKAGE ON)
if(ENABLE_T1_SWITCH)
set(config_filepath t1conf)
set(conflist_filename t1_conflist_business.inf)
set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp)
add_subdirectory(src/ntc_app_plug)
@@ -56,9 +60,19 @@ if(ENABLE_T1_SWITCH)
endif()
if(ENABLE_T2_SWITCH)
set(config_filepath t2conf)
set(conflist_filename t2_conflist_business.inf)
set(CMAKE_INSTALL_PREFIX /home/mesasoft/maskey2.0)
add_subdirectory(src/T2_HTTP_MAIL_BIZ)
endif()
if(ENABLE_NTC_SWITCH)
install(DIRECTORY ntcconf/${config_filepath} DESTINATION ${CMAKE_INSTALL_PREFIX}/${config_filepath} COMPONENT devel)
install(FILES ntcconf/${conflist_filename} DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/business COMPONENT devel RENAME conflist_business.inf)
else()
install(DIRECTORY soqconf/${config_filepath} DESTINATION ${CMAKE_INSTALL_PREFIX}/${config_filepath} COMPONENT devel)
install(FILES soqconf/${conflist_filename} DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/business COMPONENT devel RENAME conflist_business.inf)
endif()
include(Package)

8
ntcconf/t1_conflist_business.inf Normal file
View File

@@ -0,0 +1,8 @@
./plug/business/ntc_bgp_plug/ntc_bgp_plug.inf
./plug/business/soq_dns_plug/soq_dns_plug.inf
./plug/business/pg_seven_knights/pg_seven_knights.inf
./plug/business/T1_HTTP_MAIL_BIZ/T1_HTTP_MAIL_BIZ.inf
./plug/business/ntc_app_plug/ntc_app_plug.inf
./plug/business/ntc_ssl_collect/ntc_ssl_collect.inf
./plug/business/ntc_ip_comm/ntc_ip_comm.inf
./plug/business/ntc_http_collect/ntc_http_collect.inf

3
ntcconf/t1conf/asn_tableinfo.conf Normal file
View File

@@ -0,0 +1,3 @@
0 ASN_IP_COMPILE compile UTF8 UTF8 no 0
1 ASN_IP_GROUP group UTF8 UTF8 no 0
2 ASN_IP_REGION ip UTF8 UTF8 no

49
ntcconf/t1conf/ddp.conf Normal file
View File

@@ -0,0 +1,49 @@
[WIRED_INFO]
APP_NAME=ddp
SELF_IP=10.4.4.1
REMOTE_DIR=ASTANA
KEY_CNT=31
RAWFILE_CNT=0
WIRED_TIME=2019-02-20T15:29:33
[FTP]
data_type=APP
iplist=127.0.0.1;
max_cache_size=1000
override=1
port_num=1
proto_id=7
start_port=60000
[HTTP]
data_type=APP
iplist=127.0.0.1;
max_cache_size=0
override=1
port_num=1
proto_id=4
start_port=60000
[LOG_INFO]
log_level=30
log_path=./t1log/ddp_log
[MAIL]
data_type=APP
iplist=127.0.0.1;
max_cache_size=0
override=1
port_num=1
proto_id=5
start_port=60000
[TRANS_INFO]
MESA_MTU=2000
#"0:debug; 1:socket udp; 2:unix domain socket; 3:masrio3, 4:marsio4"
ddp_mode=1
is_bigblock=1
is_stream=1
protolist=HTTP;MAIL;FTP;
rely_call=0
wlb_group_name=ASTANA
wlb_health_port=30000

126
ntcconf/t1conf/http_url_filter.conf Normal file
View File

@@ -0,0 +1,126 @@
.jpg
.jpeg
.gif
.bmp
.png
.tiff
.tif
.raw
.ico
.psd
.pcd
.cad
.ttf
.txt
.exe
.cab
.ini
.inf
.dll
.lib
.chm
.bin
.cur
.c++
.cc
.cxx
.c
.cpp
.hpp
.hxx
.h++
.h
.asm
.inc
.java
.mak
.obj
.pl
.gzip
.deb
.zip
.rar
.msu
.jar
.imp
.docm
.docx
.doc
.pdf
.mdb
.xlsx
.xls
.pptx
.ppt
.vsd
.csv
.caj
.nh
.kdh
.pdf
.jse
.js
.css
.xml
.xsl
.asmx
.cgi
.wml
.dwr
.ashx
.dtd
.do
.shtml
.shtm
.html
.htm
.aspx
.asp
.jsp
.php
.net
.edu
.biz
.com
.edu
.biz
.com
.name
.info
.mobi
.pro
.ws
.travel
.tv
.fm
.museum
.int
.areo
.post
.rec
.asia
.cn
.net/
.edu/
.biz/
.com/
.edu/
.biz/
.com/
.name/
.info/
.mobi/
.pro/
.ws/
.travel/
.tv/
.fm/
.museum/
.int/
.areo/
.post/
.rec/
.asia/
.cn/
.crl
.psf

4
ntcconf/t1conf/ipd_dyn_tableinfo.conf Normal file
View File

@@ -0,0 +1,4 @@
0 IPD_DYN_COMPILE compile UTF8 UTF8 no 0
1 IPD_DYN_GROUP group UTF8 UTF8 no 0
2 IPD_RELATED_DOMAIN expr UTF8 UTF8 yes
3 IPD_DYN_SUBSCRIBE_IP plugin {"key":4,"valid":9,"tag":5,"estimate_size":1048576} --

13
ntcconf/t1conf/ipd_static_tableinfo.conf Normal file
View File

@@ -0,0 +1,13 @@
0 APP_COMPILE compile UTF8 UTF8 no 0
0 LIMIT_COMPILE compile UTF8 UTF8 no 0
0 PXY_INTERCEPT_COMPILE compile UTF8 UTF8 no 0
0 WHITE_LIST_COMPILE compile UTF8 UTF8 no 0
1 WHITE_LIST_GROUP group UTF8 UTF8 no 0
1 APP_GROUP group UTF8 UTF8 no 0
1 APP_GROUP group UTF8 UTF8 no 0
1 LIMIT_GROUP group UTF8 UTF8 no 0
1 PXY_INTERCEPT_GROUP group UTF8 UTF8 no 0
2 APP_DOMAIN expr UTF8 UTF8 yes
2 LIMIT_DOMAIN expr UTF8 UTF8 yes
2 PXY_INTERCEPT_DOMAIN expr UTF8 UTF8 yes
2 WHITE_LIST_DOMAIN expr UTF8 UTF8 yes 0 quickoff

87
ntcconf/t1conf/maat_test.json Normal file
View File

@@ -0,0 +1,87 @@
{
"compile_table": "NTC_COMPILE",
"group_table": "NTC_GROUP",
"rules": [
{
"compile_id": 6,
"service": 12,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_7",
"regions": [
{
"table_name": "NTC_UNIVERSAL_PROTO_TYPE",
"table_type": "intval",
"table_content": {
"low_boundary": 10,
"up_boundary": 10
}
}
]
},
{
"group_name": "group_6",
"regions": [
{
"table_name": "NTC_UNIVERSAL_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "211.144.24.29",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
# {
# "group_name": "group_8",
# "regions": [
# {
# "table_name": "DJ_SSL_REGION",
# "table_type": "expr_plus",
# "table_content": {
# "district": "SAN",
# "keywords": "jd.com",
# "expr_type": "and",
# "match_method": "sub",
# "format": "uncase plain"
# }
# }
# ]
# }
]
}
],
"plugin_table": [
{
"table_name": "DNS_RESPONSE_STRATEGY",
"table_content": [
"1\t192.168.0.1\t101",
"2\t192.168.0.2\t101",
"3\t192.168.1.1\t102"
]
},
{
"table_name": "DNS_GROUP_TYPE",
"table_content": [
"1\t3388\t99\t1",
"2\t3355\t66\t1",
"3\tcccc\t11\t1"
]
}
]
}

233
ntcconf/t1conf/main.conf Normal file
View File

@@ -0,0 +1,233 @@
[WIRED_INFO]
APP_NAME=T1
SELF_IP=10.4.4.1
REMOTE_DIR=ASTANA/KAZAKHTELECOM/
KEY_CNT=171
RAWFILE_CNT=0
WIRED_TIME=2019-01-30T16:38:46
[APP_PLUG]
DKPT_PROJECT=PPROJECT_PRO_V2
#1:GRE; 2:SSL; 4:SSH_VPN; 8:STATIS
FEEDBACK_SWITCH=8
LOG_LEVAL=30
MAX_FS2_LINE_NUM=40960
SSL_PROJECT=SSL_LABEL
STAT_CYCLE=3
TELEGRAF_IP=127.0.0.1
TELEGRAF_PORT=8100
[ASN_MAAT]
EFFECT_INTERVAL_S=1
FULL_CFG_DIR=./asnrule/full/index/
INC_CFG_DIR=./asnrule/inc/index/
JSON_CFG_FILE=./t1conf/asn_test.json
MAAT_JSON_SWITCH=0
PERF_SWITCH=1
REDIS_INDEX=2
REDIS_IP=10.0.8.17
REDIS_PORT=9001
REDIS_PORT_NUM=1
STAT_FILE=./asn_maat.staus
STAT_SWITCH=1
TABLE_INFO=./t1conf/asn_tableinfo.conf
[BGP_PLUG]
LOG_LEVEL=30
LOG_PATH=./t1log/ntc_bgp_plug/ntc_bgp_plug
[CACHE]
CONFIG_FILE=./t1conf/main.conf
FILEPATH_PREFIX=ASTANA/
LOG_LEVEL=30
LOG_PATH=t1log/cache/cache
SWITCH=1
[DNS_PLUG]
CONVERT_4TO6=0
HASH_SLOT_SIZE=1048576
LOG_LEVEL=30
LOG_PATH=./t1log/soq_dns_plug/soq_dns_plug
NO_STRATE_MAX_TTL=900
NO_STRATE_MIN_TTL=60
DNS_COLLECT_SWITCH=1
DNS_COLLECT_SERVICE_ID=171
[HTTP_BIZ]
DEBUG_MODE=0
MAX_SCAN=1024
RUN_LOG_PATH=./t1log/t1_http_mail_biz.log
#----- DEBUG:10; INFO:20; FATAL:30 ----
RUN_RLOG_LV=30
[IPD_DYN_MAAT]
EFFECT_INTERVAL_S=1
FULL_CFG_DIR=./ipd_dynrule/full/index/
INC_CFG_DIR=./ipd_dynrule/inc/index/
JSON_CFG_FILE=./t1conf/ipd_dyn_maat_test.json
MAAT_JSON_SWITCH=0
PERF_SWITCH=1
REDIS_IP=10.4.20.151
REDIS_PORT=6380
REDIS_PORT_NUM=10
STAT_FILE=./ipd_dyn_maat.staus
STAT_SWITCH=1
TABLE_INFO=./t1conf/ipd_dyn_tableinfo.conf
[IPD_STATIC_MAAT]
EFFECT_INTERVAL_S=1
FULL_CFG_DIR=./ipd_staticrule/full/index/
INC_CFG_DIR=./ipd_staticrule/inc/index/
JSON_CFG_FILE=./t1conf/ipd_static_maat_test.json
MAAT_JSON_SWITCH=0
PERF_SWITCH=1
STAT_FILE=./ipd_static_maat.staus
STAT_SWITCH=1
TABLE_INFO=./t1conf/ipd_static_tableinfo.conf
[MAIL_LOG_CACHE]
minio_ip_list=192.168.10.180;
minio_listen_port=9000
minio_proxy_port=9100
cache_bucket_name=ntcbucket
cache_bucket_num=32
max_used_memory_size_mb=5120
cache_upload_losf_size=4194304
#cache_upload_losf_timeout_s=10
cache_default_ttl_second=31104000
cache_object_key_hash_switch=0
cache_store_object_way=1
#max_redis_session_num=800
redis_cluster_ip_list=192.168.10.180;
redis_cluster_port_range=9001-9004;
#wiredlb_override=1
#wiredlb_topic=MinioFileLog
#wiredlb_datacenter=k18consul-tse
wiredlb_health_port=32210
#wiredlb_group=FileLog
log_fsstat_appname=MAIL_CACHE
log_fsstat_filepath=./t1log/cache/mail_cache_fs2.log
log_fsstat_interval=10
log_fsstat_trig=1
log_fsstat_dst_ip=10.4.20.202
log_fsstat_dst_port=8125
[NTC_CACHE]
minio_ip_list=192.168.10.180;
minio_listen_port=9000
minio_proxy_port=9100
cache_bucket_name=ntcbucket
cache_bucket_num=32
max_used_memory_size_mb=5120
cache_upload_losf_size=4194304
cache_default_ttl_second=31104000
cache_object_key_hash_switch=0
cache_store_object_way=1
redis_cache_object_size=512000
redis_cluster_ip_list=192.168.10.180;
redis_cluster_port_range=9001-9004;
#wiredlb_override=1
#wiredlb_topic=MinioFileLog
#wiredlb_datacenter=k18consul-tse
wiredlb_health_port=32110
#wiredlb_group=FileLog
log_fsstat_appname=NTC_CACHE
log_fsstat_filepath=./t1log/cache/ntc_cache_fs2.log
log_fsstat_interval=10
log_fsstat_trig=1
log_fsstat_dst_ip=10.4.20.202
log_fsstat_dst_port=8125
[NTC_HTTP_COLLECT]
enable_double=1
enable_filter=0
enable_lostlen=0
enable_stat=1
kafka_handle_name=g_soq_kafka_handle
#kafka_topic=NTC-HTTP-COLLECT-LOG
kafka_handle_provide_path=./plug/platform/t1_master/t1_master.so
kafka_mode=1
kafka_topic=NTC-COLLECT-HTTP-LOG
log_level=30
log_path=./t1log/ntc_http_collect_log
stat_interval=3
stat_path=./t1log/http_collect.stat
stat_server_ip=10.4.20.202
stat_server_port=8125
[NTC_IP_COMM]
comm_log_mode=4
dpkt_label=PPROJECT_PRO_V2
kafka_brokelist=10.4.34.10:9092,10.4.34.11:9092,10.4.34.12:9092,10.4.34.13:9092,10.4.34.14:9092,10.4.34.15:9092,10.4.34.16:9092,10.4.34.17:9092,10.4.34.18:9092,10.4.34.19:9092
kafka_handle_name=g_soq_kafka_handle
kafka_handle_provide_path=./plug/platform/t1_master/t1_master.so
kafka_topic=NTC-CONN-RECORD-LOG
min_bytes=5
min_pkts=3
service=160
[NTC_MAAT]
EFFECTIVE_FLAG={"tags":[{"tag":"location","value":"Astana"},{"tag":"isp","value":"Tanstelecom"}]}
EFFECT_INTERVAL_S=1
FULL_CFG_DIR=./ntcrule/full/index/
INC_CFG_DIR=./ntcrule/inc/index/
JSON_CFG_FILE=./t1conf/maat_test.json
MAAT_JSON_SWITCH=0
PERF_SWITCH=1
REDIS_INDEX=2
REDIS_IP=10.0.8.17
REDIS_PORT=9001
REDIS_PORT_NUM=1
STAT_FILE=./t1_maat.staus
STAT_SWITCH=1
TABLE_INFO=./t1conf/t1_tableinfo.conf
[NTC_SSL_COLLECT]
kafka_handle_name=g_soq_kafka_handle
kafka_handle_provide_path=./plug/platform/t1_master/t1_master.so
kafka_mode=1
kafka_topic=NTC-COLLECT-SSL-LOG
collect_all_sw=1
collect_san_sw=1
[P2P]
bt_dht_switch=1
bt_utp_block=0
bt_utp_switch=1
emule_kad_switch=1
emule_normal_switch=1
field_stat_logpath=./t1log/p2p_field_stat.log
logger_filepath=./t1log/p2p.log
logger_level=30
p2p_local_log_switch=1
[PG_SEVEN]
log_level=30
log_path=./t1log/pg_seven_knights_log
[SYSTEM]
ASMIS_LOG=0
DDP_PROFILE=./t1conf/ddp.conf
DYN_BLACKLIST_OPEN=1
DYN_BLACKLIST_TIMEOUT=180
ENTRANCE_ID=1
FS_SERVER_IP=10.4.20.202
FS_SERVER_PORT=8125
KAFKA_BROKERLIST=192.168.10.10:9092
LOG_LEVEL=30
NIC_NAME=enp131s0f2
#0:DOUBLE;1:KAFKA;2:MAGELLAN
SENDLOG_MODE=1
SEND_INJECT_PKT=0
SOQLOG_LOCAL_LEVEL=30
SOQLOG_LOCAL_PATH=./t1log/soqlog_local.log
SUBSCRIBE_ID_SWITCH=1
SYNACK_OR_RST=1

26
ntcconf/t1conf/ntc_cache.conf Normal file
View File

@@ -0,0 +1,26 @@
[NTC_CACHE]
#MINIO IP地址目前只支持一个
MINIO_IP_LIST=10.4.35.41-48;
MINIO_LISTEN_PORT=9000
#每个域名最多开启的链接数
MAX_CONNECTION_PER_HOST=10
#bucket的名称
CACHE_BUCKET_NAME=ntcbucket
#缓存最大占用的内存空间大小,超出空间时上传失败
MAX_USED_MEMORY_SIZE_MB=5120
#上传时Expires头部的过期时间单位秒最小601分钟
CACHE_DEFAULT_TTL_SECOND=3600
#是否对对象的名称进行哈希,开启哈希有助于提高上传下载的速率
CACHE_OBJECT_KEY_HASH_SWITCH=0
#WIRED LOAD BALANCER配置
#WIREDLB_OVERRIDE=0
#WIREDLB_TOPIC=
#WIREDLB_GROUP=
#WIREDLB_DATACENTER=
WIREDLB_HEALTH_PORT=49000

51
ntcconf/t1conf/t1_tableinfo.conf Normal file
View File

@@ -0,0 +1,51 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 NTC_COMPILE compile UTF8 UTF8 no 0
0 WHITE_LIST_COMPILE compile UTF8 UTF8 no 0
0 APP_COMPILE compile UTF8 UTF8 no 0
1 NTC_GROUP group UTF8 UTF8 no 0
1 WHITE_LIST_GROUP group UTF8 UTF8 no 0
1 APP_GROUP group UTF8 UTF8 no 0
2 NTC_UNIVERSAL_IP ip UTF8 UTF8 no 0
3 NTC_UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0
4 NTC_IP ip UTF8 UTF8 no 0
4 NTC_ASN_IP ip UTF8 UTF8 no 0
4 WHITE_LIST_IP ip UTF8 UTF8 no 0
5 NTC_IP_RANGE ip UTF8 UTF8 no 0
6 NTC_DNS_REGION expr_plus UTF8 UTF8 yes 0
7 NTC_HTTP_URL expr UTF8 UTF8 yes 0 quickoff
7 WHITE_LIST_DOMAIN expr UTF8 UTF8 yes 0 quickoff
8 NTC_HTTP_REQ_HDR expr_plus UTF8 UTF8 yes 0 quickoff
8 NTC_HTTP_RES_HDR expr_plus UTF8 UTF8 yes 0 quickoff
9 NTC_HTTP_REQ_BODY expr UTF8 UTF8/GBK yes 0 quickoff
9 NTC_HTTP_RES_BODY expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff
10 NTC_SSL_SNI expr UTF8 UTF8 yes 0 quickoff
11 NTC_MAIL_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
12 NTC_MAIL_BODY expr_plus UTF8 UTF8/GBK yes 0 quickoff
13 NTC_FTP_URL expr UTF8 UTF8 yes 0 quickoff
14 NTC_FTP_CONTENT expr UTF8 UTF8 yes 0 quickoff
15 NTC_FILE_DIGEST digest UTF8 UTF8 yes 0 quickoff
16 NTC_BGP_AS expr UTF8 UTF8 yes 0 quickoff
17 NTC_DNS_RES_STRATEGY plugin GBK GBK no 0
18 NTC_DNS_FAKE_IP_CB plugin GBK GBK no 0
19 NTC_SSL_SAN expr UTF8 UTF8 yes 0 quickoff
20 NTC_SSL_CN expr UTF8 UTF8 yes 0 quickoff
21 APP_POLICY expr UTF8 UTF8 yes 0 quickoff
22 WHITE_LIST_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff
23 APP_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff
23 NTC_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff
24 NTC_ASN_NUMBER expr UTF8 UTF8 yes 0 quickoff
25 NTC_P2P_IP ip UTF8 UTF8 no 0
26 NTC_P2P_HASH_BIN expr GBK GBK yes 0
27 NTC_P2P_KEYWORDS expr GBK GBK no 0
28 NTC_BGP_AS expr GBK GBK no 0
29 NTC_VOIP_ACCOUNT expr GBK GBK yes 0
30 NTC_STREAMING_MEDIA_URL expr GBK GBK yes 0

1
ntcconf/t2_conflist_business.inf Normal file
View File

@@ -0,0 +1 @@
./plug/business/T2_HTTP_MAIL_BIZ/T2_HTTP_MAIL_BIZ.inf

3
ntcconf/t2conf/asn_tableinfo.conf Normal file
View File

@@ -0,0 +1,3 @@
0 ASN_IP_COMPILE compile UTF8 UTF8 no 0
1 ASN_IP_GROUP group UTF8 UTF8 no 0
2 ASN_IP_REGION ip UTF8 UTF8 no

4
ntcconf/t2conf/ipd_dyn_tableinfo.conf Normal file
View File

@@ -0,0 +1,4 @@
0 IPD_DYN_COMPILE compile UTF8 UTF8 no 0
1 IPD_DYN_GROUP group UTF8 UTF8 no 0
2 IPD_RELATED_DOMAIN expr UTF8 UTF8 yes
3 IPD_DYN_SUBSCRIBE_IP plugin {"key":4,"valid":9,"tag":5,"estimate_size":1048576} --

87
ntcconf/t2conf/maat_test.json Normal file
View File

@@ -0,0 +1,87 @@
{
"compile_table": "NTC_COMPILE",
"group_table": "NTC_GROUP",
"rules": [
{
"compile_id": 6,
"service": 12,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_7",
"regions": [
{
"table_name": "NTC_UNIVERSAL_PROTO_TYPE",
"table_type": "intval",
"table_content": {
"low_boundary": 10,
"up_boundary": 10
}
}
]
},
{
"group_name": "group_6",
"regions": [
{
"table_name": "NTC_UNIVERSAL_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "211.144.24.29",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
# {
# "group_name": "group_8",
# "regions": [
# {
# "table_name": "DJ_SSL_REGION",
# "table_type": "expr_plus",
# "table_content": {
# "district": "SAN",
# "keywords": "jd.com",
# "expr_type": "and",
# "match_method": "sub",
# "format": "uncase plain"
# }
# }
# ]
# }
]
}
],
"plugin_table": [
{
"table_name": "DNS_RESPONSE_STRATEGY",
"table_content": [
"1\t192.168.0.1\t101",
"2\t192.168.0.2\t101",
"3\t192.168.1.1\t102"
]
},
{
"table_name": "DNS_GROUP_TYPE",
"table_content": [
"1\t3388\t99\t1",
"2\t3355\t66\t1",
"3\tcccc\t11\t1"
]
}
]
}

152
ntcconf/t2conf/main.conf Normal file
View File

@@ -0,0 +1,152 @@
[WIRED_INFO]
APP_NAME=T2
SELF_IP=10.4.16.1
REMOTE_DIR=ASTANA/
KEY_CNT=106
RAWFILE_CNT=0
WIRED_TIME=2019-02-20T15:37:09
[ASN_MAAT]
EFFECT_INTERVAL_S=1
FULL_CFG_DIR=./asnrule/full/index/
INC_CFG_DIR=./asnrule/inc/index/
JSON_CFG_FILE=./t2conf/asn_test.json
MAAT_JSON_SWITCH=0
PERF_SWITCH=1
REDIS_INDEX=2
REDIS_IP=10.0.8.17
REDIS_PORT=9001
REDIS_PORT_NUM=1
STAT_FILE=./asn_maat.staus
STAT_SWITCH=1
TABLE_INFO=./t2conf/asn_tableinfo.conf
[CACHE]
CONFIG_FILE=./t2conf/main.conf
LOG_LEVEL=30
LOG_PATH=./t2log/cache/cache
SWITCH=1
[HTTP]
MAX_CACHE_SIZE=4096000
MAX_SAVE_SIZE=4096000
[HTTP_BIZ]
DEBUG_MODE=0
PDF_SWITCH=0
TEST_MODE=0
MAIL_COLLECT_SWITCH=1
HTTP_POST_COLLECT_SWITCH=1
COLLECT_TYPE=doc;docx;rtf;exe;pdf;xls;xlsx;ppt;pptx;txt;bin;
[IPD_DYN_MAAT]
EFFECT_INTERVAL_S=1
FULL_CFG_DIR=./ipd_dynrule/full/index/
INC_CFG_DIR=./ipd_dynrule/inc/index/
JSON_CFG_FILE=./t2conf/ipd_dyn_maat_test.json
MAAT_JSON_SWITCH=0
PERF_SWITCH=1
REDIS_IP=10.4.20.151
REDIS_PORT=6380
REDIS_PORT_NUM=10
STAT_FILE=./ipd_dyn_maat.staus
STAT_SWITCH=1
TABLE_INFO=./t2conf/ipd_dyn_tableinfo.conf
[IP]
MAX_CACHE_SIZE=4096
MAX_SAVE_SIZE=32768
[MAIL]
MAX_CACHE_SIZE=16384
MAX_SAVE_SIZE=20971520
[MAIL_LOG_CACHE]
minio_ip_list=192.168.10.180;
minio_listen_port=9000
minio_proxy_port=9100
cache_bucket_name=ntcbucket
cache_bucket_num=32
max_used_memory_size_mb=5120
cache_upload_losf_size=4194304
#cache_upload_losf_timeout_s=10
cache_default_ttl_second=31104000
cache_object_key_hash_switch=0
cache_store_object_way=1
redis_cluster_ip_list=192.168.10.180;
redis_cluster_port_range=9001-9004;
cache_upload_losf_timeout_s=20
#wiredlb_override=1
#wiredlb_topic=MinioFileLog
#wiredlb_datacenter=k18consul-tse
wiredlb_health_port=43330
#wiredlb_group=FileLog
log_fsstat_appname=MAIL_CACHE
log_fsstat_filepath=./t2log/cache/mail_cache_fs2.log
log_fsstat_interval=10
log_fsstat_trig=1
log_fsstat_dst_ip=10.4.20.202
log_fsstat_dst_port=8125
[NTC_CACHE]
minio_ip_list=192.168.10.180;
minio_listen_port=9000
minio_proxy_port=9100
cache_bucket_name=ntcbucket
cache_bucket_num=32
max_used_memory_size_mb=5120
cache_upload_losf_size=4194304
cache_default_ttl_second=31104000
cache_object_key_hash_switch=0
cache_store_object_way=1
redis_cache_object_size=512000
redis_cluster_ip_list=192.168.10.180;
redis_cluster_port_range=9001-9004;
max_redis_session_num=1600
#wiredlb_override=1
#wiredlb_topic=MinioFileLog
#wiredlb_datacenter=k18consul-tse
wiredlb_health_port=42220
#wiredlb_group=FileLog
log_fsstat_appname=NTC_CACHE
log_fsstat_filepath=./t2log/cache/ntc_cache_fs2.log
log_fsstat_interval=10
log_fsstat_trig=1
log_fsstat_dst_ip=10.4.20.202
log_fsstat_dst_port=8125
[NTC_MAAT]
EFFECT_INTERVAL_S=1
FULL_CFG_DIR=./ntcrule/full/index/
INC_CFG_DIR=./ntcrule/inc/index/
JSON_CFG_FILE=./t2conf/maat_test.json
MAAT_JSON_SWITCH=0
PERF_SWITCH=1
STAT_FILE=./t2_maat.staus
STAT_SWITCH=1
TABLE_INFO=./t2conf/t2_tableinfo.conf
[SYSTEM]
FS_SERVER_IP=10.4.20.202
FS_SERVER_PORT=8125
KAFKA_BROKERLIST=192.168.10.10:9092
LOG_LEVEL=30
NIC_NAME=enp131s0f2
SENDLOG_MODE=1
SOQLOG_LOCAL_LEVEL=20
SOQLOG_LOCAL_PATH=./t2log/soqlog_local.log
[TRANS_INFO]
protolist=HTTP=4;MAIL=5;FTP=7;
start_port=60000
wlb_group_name=ASTANA
wlb_health_port=20000
wlb_override=1
wlb_switch=0

26
ntcconf/t2conf/ntc_cache.conf Normal file
View File

@@ -0,0 +1,26 @@
[NTC_CACHE]
#MINIO IP地址目前只支持一个
MINIO_IP_LIST=10.4.35.41-48;
MINIO_LISTEN_PORT=9000
#每个域名最多开启的链接数
MAX_CONNECTION_PER_HOST=10
#bucket的名称
CACHE_BUCKET_NAME=ntcbucket
#缓存最大占用的内存空间大小,超出空间时上传失败
MAX_USED_MEMORY_SIZE_MB=5120
#上传时Expires头部的过期时间单位秒最小601分钟
CACHE_DEFAULT_TTL_SECOND=3600
#是否对对象的名称进行哈希,开启哈希有助于提高上传下载的速率
CACHE_OBJECT_KEY_HASH_SWITCH=0
#WIRED LOAD BALANCER配置
#WIREDLB_OVERRIDE=0
#WIREDLB_TOPIC=
#WIREDLB_GROUP=
#WIREDLB_DATACENTER=
WIREDLB_HEALTH_PORT=49000

29
ntcconf/t2conf/t2_tableinfo.conf Normal file
View File

@@ -0,0 +1,29 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 NTC_COMPILE compile UTF8 UTF8 no 0
0 WHITE_LIST_COMPILE compile UTF8 UTF8 no 0
1 NTC_GROUP group UTF8 UTF8 no 0
1 WHITE_LIST_GROUP group UTF8 UTF8 no 0
2 NTC_UNIVERSAL_IP ip UTF8 UTF8 no 0
3 NTC_UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0
4 WHITE_LIST_IP ip UTF8 UTF8 no 0
5 NTC_HTTP_URL expr UTF8 UTF8 yes 0 quickoff
5 WHITE_LIST_DOMAIN expr UTF8 UTF8 yes 0 quickoff
6 NTC_HTTP_REQ_HDR expr_plus UTF8 UTF8 yes 0 quickoff
7 NTC_HTTP_RES_HDR expr_plus UTF8 UTF8 yes 0 quickoff
8 NTC_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff
8 WHITE_LIST_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff
9 NTC_HTTP_REQ_BODY expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff
10 NTC_HTTP_RES_BODY expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff
11 NTC_MAIL_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
12 NTC_MAIL_BODY expr_plus UTF8 UTF8/GBK yes 0 quickoff
13 NTC_FTP_URL expr UTF8 UTF8 yes 0 quickoff
14 NTC_FTP_CONTENT expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff

3
soqconf/t1_conflist_business.inf Normal file
View File

@@ -0,0 +1,3 @@
./plug/business/soq_dns_plug/soq_dns_plug.inf
./plug/business/pg_seven_knights/pg_seven_knights.inf
./plug/business/T1_HTTP_MAIL_BIZ/T1_HTTP_MAIL_BIZ.inf

142
soqconf/t1conf/ddp.json Normal file
View File

@@ -0,0 +1,142 @@
{
"log_info": {
"log_level": 30,
"log_path": "./log/ddp_master_log"
},
"trans_info": {
"_comment": "0:socket udp; 1:marsio udp(DPDK); 2:unix domain socket; 3:debug",
"ddp_mode": 0,
"is_stream": 1,
"rely_call": 0,
"is_bigblock": 1,
"family": 2,
"type": 2,
"protocol": 0,
"MESA_MTU": 1800
},
"feedback_group": [
{
"group_id":0,
"addrlist":[
{
"start_ip": "10.168.8.87",
"ip_num": 1,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":1,
"addrlist":[
{
"start_ip": "10.168.8.101",
"ip_num": 20,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":2,
"addrlist":[
{
"start_ip": "10.168.8.88",
"ip_num": 1,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":3,
"addrlist":[
{
"start_ip": "10.174.4.21",
"ip_num": 50,
"start_port": 60000,
"port_num": 16
}
]
},
{
"group_id":4,
"addrlist":[
{
"start_ip": "10.168.8.89",
"ip_num": 2,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":5,
"addrlist":[
{
"start_ip": "10.168.8.91",
"ip_num": 2,
"start_port": 60000,
"port_num": 32
}
]
}
],
"proto_info": [
{
"proto_id": 0,
"proto_name": "PROTO_IPv4",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 1,
"proto_name": "PROTO_IPv6",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 2,
"proto_name": "PROTO_TCP",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 3,
"proto_name": "PROTO_UDP",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 4,
"proto_name": "PROTO_HTTP",
"max_cache_size": 100,
"group_id":1
},
{
"proto_id": 5,
"proto_name": "PROTO_MAIL",
"max_cache_size": 100,
"group_id":2
},
{
"proto_id": 6,
"proto_name": "PROTO_DNS",
"max_cache_size": 0,
"group_id":4
},
{
"proto_id": 10,
"proto_name": "PROTO_SSL",
"max_cache_size": 0,
"group_id":5
},
{
"proto_id": 7,
"proto_name": "PROTO_AIM",
"max_cache_size": 0,
"group_id":3
}
]
}

126
soqconf/t1conf/http_url_filter.conf Normal file
View File

@@ -0,0 +1,126 @@
.jpg
.jpeg
.gif
.bmp
.png
.tiff
.tif
.raw
.ico
.psd
.pcd
.cad
.ttf
.txt
.exe
.cab
.ini
.inf
.dll
.lib
.chm
.bin
.cur
.c++
.cc
.cxx
.c
.cpp
.hpp
.hxx
.h++
.h
.asm
.inc
.java
.mak
.obj
.pl
.gzip
.deb
.zip
.rar
.msu
.jar
.imp
.docm
.docx
.doc
.pdf
.mdb
.xlsx
.xls
.pptx
.ppt
.vsd
.csv
.caj
.nh
.kdh
.pdf
.jse
.js
.css
.xml
.xsl
.asmx
.cgi
.wml
.dwr
.ashx
.dtd
.do
.shtml
.shtm
.html
.htm
.aspx
.asp
.jsp
.php
.net
.edu
.biz
.com
.edu
.biz
.com
.name
.info
.mobi
.pro
.ws
.travel
.tv
.fm
.museum
.int
.areo
.post
.rec
.asia
.cn
.net/
.edu/
.biz/
.com/
.edu/
.biz/
.com/
.name/
.info/
.mobi/
.pro/
.ws/
.travel/
.tv/
.fm/
.museum/
.int/
.areo/
.post/
.rec/
.asia/
.cn/
.crl
.psf

373
soqconf/t1conf/maat_test.json Normal file
View File

@@ -0,0 +1,373 @@
{
"compile_table": "CONFIG_COMPILE",
"group_table": "CONFIG_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "172.30.8.1",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
},
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv6",
"src_ip": "2001:da8:205:1::101",
"mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0::0",
"mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 2,
"service": 48,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_2",
"regions": [
{
"table_name": "DJ_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "10.0.6.201",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 105,
"service": 50,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_FTP_URL",
"table_type": "expr",
"table_content": {
"keywords":"!!!!!!.com",
"expr_type":"none",
"match_method":"sub",
"format":"uncase plain"
}
}
]
}
]
},
{
"compile_id": 101,
"service": 50,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords":"sdfghjkooooooool;mhhjkl;.com",
"expr_type":"none",
"match_method":"sub",
"format":"uncase plain"
}
}
]
}
]
},
{
"compile_id": 102,
"service": 13,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "To",
"keywords": "bounce-mc.us12_49410953.675173-04060eed83@mail59.suw13.rsgsv.net",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 104,
"service": 13,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "10;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "Subject",
"keywords": "董嵬去北陵",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 103,
"service": 13,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "10;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "To",
"keywords": "1111xxtest_2@sina.com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id":108,
"service": 6,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;0",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_DNS_REGION",
"table_type": "expr_plus",
"table_content": {
"district": "QNAME",
"keywords": ".net-test",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id":107,
"service": 6,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;1801",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_DNS_REGION",
"table_type": "expr_plus",
"table_content": {
"district": "QNAME",
"keywords": ".com-test",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id":106,
"service": 6,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;1801",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_DNS_REGION",
"table_type": "expr_plus",
"table_content": {
"district": "QNAME",
"keywords": ".com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "DNS_RESPONSE_STRATEGY",
"table_content": [
"18001\t1801\tstrategy_1\t18101\t1\t18108\t1\t18308\t1\t18405\t1\t0\t0\t60\t600\t1",
"18002\t1802\tstrategy_2\t18201\t1\t18201\t1\t18301\t1\t18401\t1\t0\t0\t60\t600\t1"
]
},
{
"table_name": "DNS_GROUP_TYPE",
"table_content": [
"19001\t18101\t7\t1",
"19002\t18201\t7\t1",
"19003\t18301\t0\t1",
"19004\t18401\t0\t1"
]
},
{
"table_name": "DNS_FAKE_IP",
"table_content": [
"10001\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t10.10.10.10\t255.255.255.255\t0\t65535\t0\t0\t1",
"10011\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t13.13.13.10\t255.255.255.255\t0\t65535\t0\t0\t1",
"10002\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t11.11.11.11\t255.255.255.255\t0\t65535\t0\t0\t1",
"10003\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t12.12.12.12\t255.255.255.255\t0\t65535\t0\t0\t1",
"10004\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t50:50:50::50\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0",
"10005\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t60:60:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0",
"10006\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t70:70:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"10007\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t40:40:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"20001\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t1.1.1.1\t255.255.255.255\t0\t65535\t0\t0\t1",
"20002\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t2.2.2.2\t255.255.255.255\t0\t65535\t0\t0\t1",
"20003\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t3.3.3.3\t255.255.255.255\t0\t65535\t0\t0\t0",
"20004\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t4.4.4.4\t255.255.255.255\t0\t65535\t0\t0\t1",
"20006\t18101\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t6:6:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"20007\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t7:7:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"20008\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t8:8:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1"
]
},
{
"table_name": "DNS_FAKE_INFO",
"table_content": [
"21001\t18301\twww.bdu.com\t1",
"21002\t18301\twww.bidu.com\t1",
"21003\t18301\twww.idu.com\t1",
"21004\t18401\twww.sna.com\t1",
"21005\t18401\twww.na.com\t1",
"21006\t18401\twww.sina.com\t1"
]
},
{
"table_name": "ENCRYPT_PROTO_RANDOM",
"table_content": [
"1\t20\t8\t1",
"2\t34\t9\t1",
"3\t19\t11\t1",
"4\t0\t12\t1",
"5\t-2\t13\t1",
"-1\t-2\t999\t1"
]
}
]
}

45
soqconf/t1conf/main.conf Normal file
View File

@@ -0,0 +1,45 @@
[SYSTEM]
NIC_NAME=enp175s0f0
LOG_LEVEL=30
DYN_BLACKLIST_OPEN=1
#seconds
DYN_BLACKLIST_TIMEOUT=90
SEND_INJECT_PKT=0
SOQLOG_LOCAL_LEVEL=10
SOQLOG_LOCAL_PATH=./t1log/soqlog_local.log
ENTRANCE_ID=5
[MAAT]
MAAT_JSON_SWITCH=1
STAT_SWITCH=1
PERF_SWITCH=1
EFFECT_INTERVAL_S=10
TABLE_INFO=./t1conf/t1_tableinfo.conf
INC_CFG_DIR=./soqrule/inc/index/
FULL_CFG_DIR=./soqrule/full/index/
JSON_CFG_FILE=./t1conf/maat_test.json
STAT_FILE=./t1_maat.staus
[MAGELLAN]
LOG_RECEIVER_NUM=2
LOG_RECEIVER_PORT=45678
LOG_RECEIVER_ADDR=10.168.2.139;10.168.2.140;
LOG_LOCAL_SWITCH=1
LOCAL_MSG_DIR=./t1log/t1_magellan_local/
[HTTP_BIZ]
MAX_SCAN=10
RUN_LOG_PATH=./t1log/t1_http_mail_biz.log
#----- DEBUG:10; INFO:20; FATAL:30 ----
RUN_RLOG_LV=30
[T1_SEVEN]
log_level=30
log_path=./t1log/t1_seven_knights_log
[DNS_PLUG]
CONVERT_4TO6=1
LOG_LEVEL=10
LOG_PATH=./t1log/soq_dns_plug/soq_dns_plug
HASH_SLOT_SIZE=1048576
[T1_HTTP_AIM]
aim_proto=7
[T1_RAWPKT]
feedback_dns_switch=1

44
soqconf/t1conf/t1_tableinfo.conf Normal file
View File

@@ -0,0 +1,44 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickoff or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 CONFIG_COMPILE compile UTF8 UTF8 no 0
1 CONFIG_GROUP group UTF8 UTF8 no 0
2 DF_IP_PORT ip UTF8 UTF8 no 0
2 FX_IP_PORT ip UTF8 UTF8 no 0
3 DJ_IP_PORT ip UTF8 UTF8 no 0
4 UNIVERSAL_IP ip UTF8 UTF8 no 0
5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0
6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff
10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff
11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff
12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff
12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff
13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff
13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff
14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
15 DF_FTP_URL expr UTF8 UTF8 yes
15 DJ_FTP_URL expr UTF8 UTF8 yes
17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes
18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0
19 DNS_GROUP_TYPE plugin GBK GBK no 0
20 DNS_FAKE_IP plugin GBK GBK no 0
21 DNS_FAKE_INFO plugin GBK GBK no 0
22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes
22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes
23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0

1
soqconf/t2_conflist_business.inf Normal file
View File

@@ -0,0 +1 @@
./plug/business/T2_HTTP_MAIL_BIZ/T2_HTTP_MAIL_BIZ.inf

224
soqconf/t2conf/maat_test.json Normal file
View File

@@ -0,0 +1,224 @@
{
"compile_table": "CONFIG_COMPILE",
"group_table": "CONFIG_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action": 0,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "121.11.151.70",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
},
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv6",
"src_ip": "2001:da8:205:1::101",
"mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0::0",
"mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 2,
"service": 48,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_2",
"regions": [
{
"table_name": "DJ_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "10.0.6.201",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 3,
"service": 2,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_3",
"regions": [
{
"table_name": "FX_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "10.0.6.201",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 4,
"service": 1,
"action": 0,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_4",
"regions": [
{
"table_name": "CONTENT_SIZE",
"table_type": "intval",
"table_content": {
"low_boundary": 100,
"up_boundary": 500
}
}
]
}
]
},
{
"compile_id": 5,
"service": 50,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_5",
"regions": [
{
"table_name": "DJ_HTTP_RES_BODY",
"table_type": "expr",
"table_content": {
"keywords": "ghklgfdfcom",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 6,
"service": 60,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_6",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "FROM",
"keywords": "163.com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "DNS_RESPONSE_STRATEGY",
"table_content": [
"1\t192.168.0.1\t101",
"2\t192.168.0.2\t101",
"3\t192.168.1.1\t102"
]
},
{
"table_name": "DNS_GROUP_TYPE",
"table_content": [
"1\t3388\t99\t1",
"2\t3355\t66\t1",
"3\tcccc\t11\t1"
]
}
]
}

30
soqconf/t2conf/main.conf Normal file
View File

@@ -0,0 +1,30 @@
[SYSTEM]
NIC_NAME=mg0
LOG_LEVEL=30
ENTRANCE_ID=5
SOQLOG_LOCAL_LEVEL=30
SOQLOG_LOCAL_PATH=./t2log/soqlog_local.log
[MAAT]
MAAT_JSON_SWITCH=0
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=./t2conf/t2_tableinfo.conf
INC_CFG_DIR=./soqrule/inc/index/
FULL_CFG_DIR=./soqrule/full/index/
JSON_CFG_FILE=./t2conf/maat_test.json
STAT_FILE=./t2_maat.staus
[MAGELLAN]
LOG_RECEIVER_NUM=1
LOG_RECEIVER_PORT=45678
LOG_RECEIVER_ADDR=10.168.2.4;
LOG_LOCAL_SWITCH=0
LOCAL_MSG_DIR=./t2log/t2_magellanlocal/
[IP]
MAX_CACHE_SIZE=4096
MAX_SAVE_SIZE=32768
[MAIL]
MAX_CACHE_SIZE=16384
MAX_SAVE_SIZE=20971520
[HTTP]
MAX_CACHE_SIZE=4096
MAX_SAVE_SIZE=327680

44
soqconf/t2conf/t2_tableinfo.conf Normal file
View File

@@ -0,0 +1,44 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 CONFIG_COMPILE compile UTF8 UTF8 no 0
1 CONFIG_GROUP group UTF8 UTF8 no 0
2 DF_IP_PORT ip UTF8 UTF8 no 0
2 FX_IP_PORT ip UTF8 UTF8 no 0
3 DJ_IP_PORT ip UTF8 UTF8 no 0
4 UNIVERSAL_IP ip UTF8 UTF8 no 0
5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0
6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
#10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff
#10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff
#11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff
#12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon
#12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon
13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon
13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon
14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
#15 DF_FTP_URL expr UTF8 UTF8 yes
#15 DJ_FTP_URL expr UTF8 UTF8 yes
#17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes
#18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0
#19 DNS_GROUP_TYPE plugin GBK GBK no 0
#20 DNS_FAKE_IP plugin GBK GBK no 0
#21 DNS_FAKE_INFO plugin GBK GBK no 0
22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes
22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes
#23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0

2
src/ntc_ip_comm

Submodule src/ntc_ip_comm updated: 78dfd39db1...121c3bf035