From f1efb711cfd3f64fc206fe926ca01e98c6fb7693 Mon Sep 17 00:00:00 2001 From: liuxueli Date: Thu, 4 Jul 2019 09:56:10 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=AE=89=E8=A3=85=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CMakeLists.txt | 14 + ntcconf/t1_conflist_business.inf | 8 + ntcconf/t1conf/asn_tableinfo.conf | 3 + ntcconf/t1conf/ddp.conf | 49 +++ ntcconf/t1conf/http_url_filter.conf | 126 ++++++++ ntcconf/t1conf/ipd_dyn_tableinfo.conf | 4 + ntcconf/t1conf/ipd_static_tableinfo.conf | 13 + ntcconf/t1conf/maat_test.json | 87 ++++++ ntcconf/t1conf/main.conf | 233 ++++++++++++++ ntcconf/t1conf/ntc_cache.conf | 26 ++ ntcconf/t1conf/t1_tableinfo.conf | 51 ++++ ntcconf/t2_conflist_business.inf | 1 + ntcconf/t2conf/asn_tableinfo.conf | 3 + ntcconf/t2conf/ipd_dyn_tableinfo.conf | 4 + ntcconf/t2conf/maat_test.json | 87 ++++++ ntcconf/t2conf/main.conf | 152 +++++++++ ntcconf/t2conf/ntc_cache.conf | 26 ++ ntcconf/t2conf/t2_tableinfo.conf | 29 ++ soqconf/t1_conflist_business.inf | 3 + soqconf/t1conf/ddp.json | 142 +++++++++ soqconf/t1conf/http_url_filter.conf | 126 ++++++++ soqconf/t1conf/maat_test.json | 373 +++++++++++++++++++++++ soqconf/t1conf/main.conf | 45 +++ soqconf/t1conf/t1_tableinfo.conf | 44 +++ soqconf/t2_conflist_business.inf | 1 + soqconf/t2conf/maat_test.json | 224 ++++++++++++++ soqconf/t2conf/main.conf | 30 ++ soqconf/t2conf/t2_tableinfo.conf | 44 +++ src/ntc_ip_comm | 2 +- 29 files changed, 1949 insertions(+), 1 deletion(-) create mode 100644 ntcconf/t1_conflist_business.inf create mode 100644 ntcconf/t1conf/asn_tableinfo.conf create mode 100644 ntcconf/t1conf/ddp.conf create mode 100644 ntcconf/t1conf/http_url_filter.conf create mode 100644 ntcconf/t1conf/ipd_dyn_tableinfo.conf create mode 100644 ntcconf/t1conf/ipd_static_tableinfo.conf create mode 100644 ntcconf/t1conf/maat_test.json create mode 100644 ntcconf/t1conf/main.conf create mode 100644 ntcconf/t1conf/ntc_cache.conf create mode 100644 ntcconf/t1conf/t1_tableinfo.conf create mode 100644 ntcconf/t2_conflist_business.inf create mode 100644 ntcconf/t2conf/asn_tableinfo.conf create mode 100644 ntcconf/t2conf/ipd_dyn_tableinfo.conf create mode 100644 ntcconf/t2conf/maat_test.json create mode 100644 ntcconf/t2conf/main.conf create mode 100644 ntcconf/t2conf/ntc_cache.conf create mode 100644 ntcconf/t2conf/t2_tableinfo.conf create mode 100644 soqconf/t1_conflist_business.inf create mode 100644 soqconf/t1conf/ddp.json create mode 100644 soqconf/t1conf/http_url_filter.conf create mode 100644 soqconf/t1conf/maat_test.json create mode 100644 soqconf/t1conf/main.conf create mode 100644 soqconf/t1conf/t1_tableinfo.conf create mode 100644 soqconf/t2_conflist_business.inf create mode 100644 soqconf/t2conf/maat_test.json create mode 100644 soqconf/t2conf/main.conf create mode 100644 soqconf/t2conf/t2_tableinfo.conf diff --git a/CMakeLists.txt b/CMakeLists.txt index 8d2c127..df34248 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,6 +15,7 @@ if(ENABLE_NTC_SWITCH) project(mesa_ntc_plug) endif() add_definitions(-DNTC_SWITCH=1) + set(config_path ntcconf/) else() if(ENABLE_T1_SWITCH) project(mesa_soq_t1_plug) @@ -25,6 +26,7 @@ else() if(ENABLE_T1_SWITCH AND ENABLE_T2_SWITCH) project(mesa_soq_plug) endif() + set(config_path soqconf/) endif() @@ -44,6 +46,8 @@ set(ALLOW_DUPLICATE_CUSTOM_TARGETS TRUE) set(CPACK_RPM_DEBUGINFO_PACKAGE ON) if(ENABLE_T1_SWITCH) + set(config_filepath t1conf) + set(conflist_filename t1_conflist_business.inf) set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp) add_subdirectory(src/ntc_app_plug) @@ -56,9 +60,19 @@ if(ENABLE_T1_SWITCH) endif() if(ENABLE_T2_SWITCH) + set(config_filepath t2conf) + set(conflist_filename t2_conflist_business.inf) set(CMAKE_INSTALL_PREFIX /home/mesasoft/maskey2.0) add_subdirectory(src/T2_HTTP_MAIL_BIZ) endif() +if(ENABLE_NTC_SWITCH) + install(DIRECTORY ntcconf/${config_filepath} DESTINATION ${CMAKE_INSTALL_PREFIX}/${config_filepath} COMPONENT devel) + install(FILES ntcconf/${conflist_filename} DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/business COMPONENT devel RENAME conflist_business.inf) +else() + install(DIRECTORY soqconf/${config_filepath} DESTINATION ${CMAKE_INSTALL_PREFIX}/${config_filepath} COMPONENT devel) + install(FILES soqconf/${conflist_filename} DESTINATION ${CMAKE_INSTALL_PREFIX}/plug/business COMPONENT devel RENAME conflist_business.inf) +endif() + include(Package) diff --git a/ntcconf/t1_conflist_business.inf b/ntcconf/t1_conflist_business.inf new file mode 100644 index 0000000..56ebed2 --- /dev/null +++ b/ntcconf/t1_conflist_business.inf @@ -0,0 +1,8 @@ +./plug/business/ntc_bgp_plug/ntc_bgp_plug.inf +./plug/business/soq_dns_plug/soq_dns_plug.inf +./plug/business/pg_seven_knights/pg_seven_knights.inf +./plug/business/T1_HTTP_MAIL_BIZ/T1_HTTP_MAIL_BIZ.inf +./plug/business/ntc_app_plug/ntc_app_plug.inf +./plug/business/ntc_ssl_collect/ntc_ssl_collect.inf +./plug/business/ntc_ip_comm/ntc_ip_comm.inf +./plug/business/ntc_http_collect/ntc_http_collect.inf diff --git a/ntcconf/t1conf/asn_tableinfo.conf b/ntcconf/t1conf/asn_tableinfo.conf new file mode 100644 index 0000000..5fd6797 --- /dev/null +++ b/ntcconf/t1conf/asn_tableinfo.conf @@ -0,0 +1,3 @@ +0 ASN_IP_COMPILE compile UTF8 UTF8 no 0 +1 ASN_IP_GROUP group UTF8 UTF8 no 0 +2 ASN_IP_REGION ip UTF8 UTF8 no diff --git a/ntcconf/t1conf/ddp.conf b/ntcconf/t1conf/ddp.conf new file mode 100644 index 0000000..d73a93f --- /dev/null +++ b/ntcconf/t1conf/ddp.conf @@ -0,0 +1,49 @@ +[WIRED_INFO] +APP_NAME=ddp +SELF_IP=10.4.4.1 +REMOTE_DIR=ASTANA +KEY_CNT=31 +RAWFILE_CNT=0 +WIRED_TIME=2019-02-20T15:29:33 + +[FTP] +data_type=APP +iplist=127.0.0.1; +max_cache_size=1000 +override=1 +port_num=1 +proto_id=7 +start_port=60000 + +[HTTP] +data_type=APP +iplist=127.0.0.1; +max_cache_size=0 +override=1 +port_num=1 +proto_id=4 +start_port=60000 + +[LOG_INFO] +log_level=30 +log_path=./t1log/ddp_log + +[MAIL] +data_type=APP +iplist=127.0.0.1; +max_cache_size=0 +override=1 +port_num=1 +proto_id=5 +start_port=60000 + +[TRANS_INFO] +MESA_MTU=2000 +#"0:debug; 1:socket udp; 2:unix domain socket; 3:masrio3, 4:marsio4" +ddp_mode=1 +is_bigblock=1 +is_stream=1 +protolist=HTTP;MAIL;FTP; +rely_call=0 +wlb_group_name=ASTANA +wlb_health_port=30000 diff --git a/ntcconf/t1conf/http_url_filter.conf b/ntcconf/t1conf/http_url_filter.conf new file mode 100644 index 0000000..8a08d30 --- /dev/null +++ b/ntcconf/t1conf/http_url_filter.conf @@ -0,0 +1,126 @@ +.jpg +.jpeg +.gif +.bmp +.png +.tiff +.tif +.raw +.ico +.psd +.pcd +.cad +.ttf +.txt +.exe +.cab +.ini +.inf +.dll +.lib +.chm +.bin +.cur +.c++ +.cc +.cxx +.c +.cpp +.hpp +.hxx +.h++ +.h +.asm +.inc +.java +.mak +.obj +.pl +.gzip +.deb +.zip +.rar +.msu +.jar +.imp +.docm +.docx +.doc +.pdf +.mdb +.xlsx +.xls +.pptx +.ppt +.vsd +.csv +.caj +.nh +.kdh +.pdf +.jse +.js +.css +.xml +.xsl +.asmx +.cgi +.wml +.dwr +.ashx +.dtd +.do +.shtml +.shtm +.html +.htm +.aspx +.asp +.jsp +.php +.net +.edu +.biz +.com +.edu +.biz +.com +.name +.info +.mobi +.pro +.ws +.travel +.tv +.fm +.museum +.int +.areo +.post +.rec +.asia +.cn +.net/ +.edu/ +.biz/ +.com/ +.edu/ +.biz/ +.com/ +.name/ +.info/ +.mobi/ +.pro/ +.ws/ +.travel/ +.tv/ +.fm/ +.museum/ +.int/ +.areo/ +.post/ +.rec/ +.asia/ +.cn/ +.crl +.psf diff --git a/ntcconf/t1conf/ipd_dyn_tableinfo.conf b/ntcconf/t1conf/ipd_dyn_tableinfo.conf new file mode 100644 index 0000000..bcfefc1 --- /dev/null +++ b/ntcconf/t1conf/ipd_dyn_tableinfo.conf @@ -0,0 +1,4 @@ +0 IPD_DYN_COMPILE compile UTF8 UTF8 no 0 +1 IPD_DYN_GROUP group UTF8 UTF8 no 0 +2 IPD_RELATED_DOMAIN expr UTF8 UTF8 yes +3 IPD_DYN_SUBSCRIBE_IP plugin {"key":4,"valid":9,"tag":5,"estimate_size":1048576} -- diff --git a/ntcconf/t1conf/ipd_static_tableinfo.conf b/ntcconf/t1conf/ipd_static_tableinfo.conf new file mode 100644 index 0000000..bb2f8f8 --- /dev/null +++ b/ntcconf/t1conf/ipd_static_tableinfo.conf @@ -0,0 +1,13 @@ +0 APP_COMPILE compile UTF8 UTF8 no 0 +0 LIMIT_COMPILE compile UTF8 UTF8 no 0 +0 PXY_INTERCEPT_COMPILE compile UTF8 UTF8 no 0 +0 WHITE_LIST_COMPILE compile UTF8 UTF8 no 0 +1 WHITE_LIST_GROUP group UTF8 UTF8 no 0 +1 APP_GROUP group UTF8 UTF8 no 0 +1 APP_GROUP group UTF8 UTF8 no 0 +1 LIMIT_GROUP group UTF8 UTF8 no 0 +1 PXY_INTERCEPT_GROUP group UTF8 UTF8 no 0 +2 APP_DOMAIN expr UTF8 UTF8 yes +2 LIMIT_DOMAIN expr UTF8 UTF8 yes +2 PXY_INTERCEPT_DOMAIN expr UTF8 UTF8 yes +2 WHITE_LIST_DOMAIN expr UTF8 UTF8 yes 0 quickoff diff --git a/ntcconf/t1conf/maat_test.json b/ntcconf/t1conf/maat_test.json new file mode 100644 index 0000000..acfcbdc --- /dev/null +++ b/ntcconf/t1conf/maat_test.json @@ -0,0 +1,87 @@ +{ + "compile_table": "NTC_COMPILE", + "group_table": "NTC_GROUP", + "rules": [ + { + "compile_id": 6, + "service": 12, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_7", + "regions": [ + { + "table_name": "NTC_UNIVERSAL_PROTO_TYPE", + "table_type": "intval", + "table_content": { + "low_boundary": 10, + "up_boundary": 10 + } + } + ] + }, + { + "group_name": "group_6", + "regions": [ + { + "table_name": "NTC_UNIVERSAL_IP", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "211.144.24.29", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + # { + # "group_name": "group_8", + # "regions": [ + # { + # "table_name": "DJ_SSL_REGION", + # "table_type": "expr_plus", + # "table_content": { + # "district": "SAN", + # "keywords": "jd.com", + # "expr_type": "and", + # "match_method": "sub", + # "format": "uncase plain" + # } + # } + # ] + # } + ] + } + ], + "plugin_table": [ + { + "table_name": "DNS_RESPONSE_STRATEGY", + "table_content": [ + "1\t192.168.0.1\t101", + "2\t192.168.0.2\t101", + "3\t192.168.1.1\t102" + ] + }, + { + "table_name": "DNS_GROUP_TYPE", + "table_content": [ + "1\t3388\t99\t1", + "2\t3355\t66\t1", + "3\tcccc\t11\t1" + ] + } + ] +} diff --git a/ntcconf/t1conf/main.conf b/ntcconf/t1conf/main.conf new file mode 100644 index 0000000..8d7f5f5 --- /dev/null +++ b/ntcconf/t1conf/main.conf @@ -0,0 +1,233 @@ +[WIRED_INFO] +APP_NAME=T1 +SELF_IP=10.4.4.1 +REMOTE_DIR=ASTANA/KAZAKHTELECOM/ +KEY_CNT=171 +RAWFILE_CNT=0 +WIRED_TIME=2019-01-30T16:38:46 + +[APP_PLUG] +DKPT_PROJECT=PPROJECT_PRO_V2 +#1:GRE; 2:SSL; 4:SSH_VPN; 8:STATIS +FEEDBACK_SWITCH=8 +LOG_LEVAL=30 +MAX_FS2_LINE_NUM=40960 +SSL_PROJECT=SSL_LABEL +STAT_CYCLE=3 +TELEGRAF_IP=127.0.0.1 +TELEGRAF_PORT=8100 + +[ASN_MAAT] +EFFECT_INTERVAL_S=1 +FULL_CFG_DIR=./asnrule/full/index/ +INC_CFG_DIR=./asnrule/inc/index/ +JSON_CFG_FILE=./t1conf/asn_test.json +MAAT_JSON_SWITCH=0 +PERF_SWITCH=1 +REDIS_INDEX=2 +REDIS_IP=10.0.8.17 +REDIS_PORT=9001 +REDIS_PORT_NUM=1 +STAT_FILE=./asn_maat.staus +STAT_SWITCH=1 +TABLE_INFO=./t1conf/asn_tableinfo.conf + +[BGP_PLUG] +LOG_LEVEL=30 +LOG_PATH=./t1log/ntc_bgp_plug/ntc_bgp_plug + +[CACHE] +CONFIG_FILE=./t1conf/main.conf +FILEPATH_PREFIX=ASTANA/ +LOG_LEVEL=30 +LOG_PATH=t1log/cache/cache +SWITCH=1 + +[DNS_PLUG] +CONVERT_4TO6=0 +HASH_SLOT_SIZE=1048576 +LOG_LEVEL=30 +LOG_PATH=./t1log/soq_dns_plug/soq_dns_plug +NO_STRATE_MAX_TTL=900 +NO_STRATE_MIN_TTL=60 +DNS_COLLECT_SWITCH=1 +DNS_COLLECT_SERVICE_ID=171 + +[HTTP_BIZ] +DEBUG_MODE=0 +MAX_SCAN=1024 +RUN_LOG_PATH=./t1log/t1_http_mail_biz.log +#----- DEBUG:10; INFO:20; FATAL:30 ---- +RUN_RLOG_LV=30 + +[IPD_DYN_MAAT] +EFFECT_INTERVAL_S=1 +FULL_CFG_DIR=./ipd_dynrule/full/index/ +INC_CFG_DIR=./ipd_dynrule/inc/index/ +JSON_CFG_FILE=./t1conf/ipd_dyn_maat_test.json +MAAT_JSON_SWITCH=0 +PERF_SWITCH=1 +REDIS_IP=10.4.20.151 +REDIS_PORT=6380 +REDIS_PORT_NUM=10 +STAT_FILE=./ipd_dyn_maat.staus +STAT_SWITCH=1 +TABLE_INFO=./t1conf/ipd_dyn_tableinfo.conf + +[IPD_STATIC_MAAT] +EFFECT_INTERVAL_S=1 +FULL_CFG_DIR=./ipd_staticrule/full/index/ +INC_CFG_DIR=./ipd_staticrule/inc/index/ +JSON_CFG_FILE=./t1conf/ipd_static_maat_test.json +MAAT_JSON_SWITCH=0 +PERF_SWITCH=1 +STAT_FILE=./ipd_static_maat.staus +STAT_SWITCH=1 +TABLE_INFO=./t1conf/ipd_static_tableinfo.conf + +[MAIL_LOG_CACHE] +minio_ip_list=192.168.10.180; +minio_listen_port=9000 +minio_proxy_port=9100 + +cache_bucket_name=ntcbucket +cache_bucket_num=32 +max_used_memory_size_mb=5120 +cache_upload_losf_size=4194304 +#cache_upload_losf_timeout_s=10 +cache_default_ttl_second=31104000 +cache_object_key_hash_switch=0 + +cache_store_object_way=1 +#max_redis_session_num=800 +redis_cluster_ip_list=192.168.10.180; +redis_cluster_port_range=9001-9004; +#wiredlb_override=1 +#wiredlb_topic=MinioFileLog +#wiredlb_datacenter=k18consul-tse +wiredlb_health_port=32210 +#wiredlb_group=FileLog + +log_fsstat_appname=MAIL_CACHE +log_fsstat_filepath=./t1log/cache/mail_cache_fs2.log +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.202 +log_fsstat_dst_port=8125 + + +[NTC_CACHE] +minio_ip_list=192.168.10.180; +minio_listen_port=9000 +minio_proxy_port=9100 + +cache_bucket_name=ntcbucket +cache_bucket_num=32 +max_used_memory_size_mb=5120 +cache_upload_losf_size=4194304 +cache_default_ttl_second=31104000 +cache_object_key_hash_switch=0 + +cache_store_object_way=1 +redis_cache_object_size=512000 +redis_cluster_ip_list=192.168.10.180; +redis_cluster_port_range=9001-9004; +#wiredlb_override=1 +#wiredlb_topic=MinioFileLog +#wiredlb_datacenter=k18consul-tse +wiredlb_health_port=32110 +#wiredlb_group=FileLog + +log_fsstat_appname=NTC_CACHE +log_fsstat_filepath=./t1log/cache/ntc_cache_fs2.log +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.202 +log_fsstat_dst_port=8125 + + +[NTC_HTTP_COLLECT] +enable_double=1 +enable_filter=0 +enable_lostlen=0 +enable_stat=1 +kafka_handle_name=g_soq_kafka_handle +#kafka_topic=NTC-HTTP-COLLECT-LOG +kafka_handle_provide_path=./plug/platform/t1_master/t1_master.so +kafka_mode=1 +kafka_topic=NTC-COLLECT-HTTP-LOG +log_level=30 +log_path=./t1log/ntc_http_collect_log +stat_interval=3 +stat_path=./t1log/http_collect.stat +stat_server_ip=10.4.20.202 +stat_server_port=8125 + +[NTC_IP_COMM] +comm_log_mode=4 +dpkt_label=PPROJECT_PRO_V2 +kafka_brokelist=10.4.34.10:9092,10.4.34.11:9092,10.4.34.12:9092,10.4.34.13:9092,10.4.34.14:9092,10.4.34.15:9092,10.4.34.16:9092,10.4.34.17:9092,10.4.34.18:9092,10.4.34.19:9092 +kafka_handle_name=g_soq_kafka_handle +kafka_handle_provide_path=./plug/platform/t1_master/t1_master.so +kafka_topic=NTC-CONN-RECORD-LOG +min_bytes=5 +min_pkts=3 +service=160 + +[NTC_MAAT] +EFFECTIVE_FLAG={"tags":[{"tag":"location","value":"Astana"},{"tag":"isp","value":"Tanstelecom"}]} +EFFECT_INTERVAL_S=1 +FULL_CFG_DIR=./ntcrule/full/index/ +INC_CFG_DIR=./ntcrule/inc/index/ +JSON_CFG_FILE=./t1conf/maat_test.json +MAAT_JSON_SWITCH=0 +PERF_SWITCH=1 +REDIS_INDEX=2 +REDIS_IP=10.0.8.17 +REDIS_PORT=9001 +REDIS_PORT_NUM=1 +STAT_FILE=./t1_maat.staus +STAT_SWITCH=1 +TABLE_INFO=./t1conf/t1_tableinfo.conf + +[NTC_SSL_COLLECT] +kafka_handle_name=g_soq_kafka_handle +kafka_handle_provide_path=./plug/platform/t1_master/t1_master.so +kafka_mode=1 +kafka_topic=NTC-COLLECT-SSL-LOG +collect_all_sw=1 +collect_san_sw=1 + +[P2P] +bt_dht_switch=1 +bt_utp_block=0 +bt_utp_switch=1 +emule_kad_switch=1 +emule_normal_switch=1 +field_stat_logpath=./t1log/p2p_field_stat.log +logger_filepath=./t1log/p2p.log +logger_level=30 +p2p_local_log_switch=1 + +[PG_SEVEN] +log_level=30 +log_path=./t1log/pg_seven_knights_log + +[SYSTEM] +ASMIS_LOG=0 +DDP_PROFILE=./t1conf/ddp.conf +DYN_BLACKLIST_OPEN=1 +DYN_BLACKLIST_TIMEOUT=180 +ENTRANCE_ID=1 +FS_SERVER_IP=10.4.20.202 +FS_SERVER_PORT=8125 +KAFKA_BROKERLIST=192.168.10.10:9092 +LOG_LEVEL=30 +NIC_NAME=enp131s0f2 +#0:DOUBLE;1:KAFKA;2:MAGELLAN +SENDLOG_MODE=1 +SEND_INJECT_PKT=0 +SOQLOG_LOCAL_LEVEL=30 +SOQLOG_LOCAL_PATH=./t1log/soqlog_local.log +SUBSCRIBE_ID_SWITCH=1 +SYNACK_OR_RST=1 diff --git a/ntcconf/t1conf/ntc_cache.conf b/ntcconf/t1conf/ntc_cache.conf new file mode 100644 index 0000000..1f4bebc --- /dev/null +++ b/ntcconf/t1conf/ntc_cache.conf @@ -0,0 +1,26 @@ +[NTC_CACHE] +#MINIO IP地址,目前只支持一个 +MINIO_IP_LIST=10.4.35.41-48; +MINIO_LISTEN_PORT=9000 + +#每个域名最多开启的链接数 +MAX_CONNECTION_PER_HOST=10 + +#bucket的名称 +CACHE_BUCKET_NAME=ntcbucket + +#缓存最大占用的内存空间大小,超出空间时上传失败 +MAX_USED_MEMORY_SIZE_MB=5120 + +#上传时Expires头部的过期时间,单位秒,最小60(1分钟) +CACHE_DEFAULT_TTL_SECOND=3600 + +#是否对对象的名称进行哈希,开启哈希有助于提高上传下载的速率 +CACHE_OBJECT_KEY_HASH_SWITCH=0 + +#WIRED LOAD BALANCER配置 +#WIREDLB_OVERRIDE=0 +#WIREDLB_TOPIC= +#WIREDLB_GROUP= +#WIREDLB_DATACENTER= +WIREDLB_HEALTH_PORT=49000 diff --git a/ntcconf/t1conf/t1_tableinfo.conf b/ntcconf/t1conf/t1_tableinfo.conf new file mode 100644 index 0000000..072c20e --- /dev/null +++ b/ntcconf/t1conf/t1_tableinfo.conf @@ -0,0 +1,51 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 NTC_COMPILE compile UTF8 UTF8 no 0 +0 WHITE_LIST_COMPILE compile UTF8 UTF8 no 0 +0 APP_COMPILE compile UTF8 UTF8 no 0 +1 NTC_GROUP group UTF8 UTF8 no 0 +1 WHITE_LIST_GROUP group UTF8 UTF8 no 0 +1 APP_GROUP group UTF8 UTF8 no 0 +2 NTC_UNIVERSAL_IP ip UTF8 UTF8 no 0 +3 NTC_UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0 +4 NTC_IP ip UTF8 UTF8 no 0 +4 NTC_ASN_IP ip UTF8 UTF8 no 0 +4 WHITE_LIST_IP ip UTF8 UTF8 no 0 +5 NTC_IP_RANGE ip UTF8 UTF8 no 0 +6 NTC_DNS_REGION expr_plus UTF8 UTF8 yes 0 +7 NTC_HTTP_URL expr UTF8 UTF8 yes 0 quickoff +7 WHITE_LIST_DOMAIN expr UTF8 UTF8 yes 0 quickoff +8 NTC_HTTP_REQ_HDR expr_plus UTF8 UTF8 yes 0 quickoff +8 NTC_HTTP_RES_HDR expr_plus UTF8 UTF8 yes 0 quickoff +9 NTC_HTTP_REQ_BODY expr UTF8 UTF8/GBK yes 0 quickoff +9 NTC_HTTP_RES_BODY expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff +10 NTC_SSL_SNI expr UTF8 UTF8 yes 0 quickoff +11 NTC_MAIL_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +12 NTC_MAIL_BODY expr_plus UTF8 UTF8/GBK yes 0 quickoff +13 NTC_FTP_URL expr UTF8 UTF8 yes 0 quickoff +14 NTC_FTP_CONTENT expr UTF8 UTF8 yes 0 quickoff +15 NTC_FILE_DIGEST digest UTF8 UTF8 yes 0 quickoff +16 NTC_BGP_AS expr UTF8 UTF8 yes 0 quickoff +17 NTC_DNS_RES_STRATEGY plugin GBK GBK no 0 +18 NTC_DNS_FAKE_IP_CB plugin GBK GBK no 0 +19 NTC_SSL_SAN expr UTF8 UTF8 yes 0 quickoff +20 NTC_SSL_CN expr UTF8 UTF8 yes 0 quickoff +21 APP_POLICY expr UTF8 UTF8 yes 0 quickoff +22 WHITE_LIST_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff +23 APP_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff +23 NTC_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff +24 NTC_ASN_NUMBER expr UTF8 UTF8 yes 0 quickoff +25 NTC_P2P_IP ip UTF8 UTF8 no 0 +26 NTC_P2P_HASH_BIN expr GBK GBK yes 0 +27 NTC_P2P_KEYWORDS expr GBK GBK no 0 +28 NTC_BGP_AS expr GBK GBK no 0 +29 NTC_VOIP_ACCOUNT expr GBK GBK yes 0 +30 NTC_STREAMING_MEDIA_URL expr GBK GBK yes 0 diff --git a/ntcconf/t2_conflist_business.inf b/ntcconf/t2_conflist_business.inf new file mode 100644 index 0000000..7d7206b --- /dev/null +++ b/ntcconf/t2_conflist_business.inf @@ -0,0 +1 @@ +./plug/business/T2_HTTP_MAIL_BIZ/T2_HTTP_MAIL_BIZ.inf diff --git a/ntcconf/t2conf/asn_tableinfo.conf b/ntcconf/t2conf/asn_tableinfo.conf new file mode 100644 index 0000000..5fd6797 --- /dev/null +++ b/ntcconf/t2conf/asn_tableinfo.conf @@ -0,0 +1,3 @@ +0 ASN_IP_COMPILE compile UTF8 UTF8 no 0 +1 ASN_IP_GROUP group UTF8 UTF8 no 0 +2 ASN_IP_REGION ip UTF8 UTF8 no diff --git a/ntcconf/t2conf/ipd_dyn_tableinfo.conf b/ntcconf/t2conf/ipd_dyn_tableinfo.conf new file mode 100644 index 0000000..bcfefc1 --- /dev/null +++ b/ntcconf/t2conf/ipd_dyn_tableinfo.conf @@ -0,0 +1,4 @@ +0 IPD_DYN_COMPILE compile UTF8 UTF8 no 0 +1 IPD_DYN_GROUP group UTF8 UTF8 no 0 +2 IPD_RELATED_DOMAIN expr UTF8 UTF8 yes +3 IPD_DYN_SUBSCRIBE_IP plugin {"key":4,"valid":9,"tag":5,"estimate_size":1048576} -- diff --git a/ntcconf/t2conf/maat_test.json b/ntcconf/t2conf/maat_test.json new file mode 100644 index 0000000..acfcbdc --- /dev/null +++ b/ntcconf/t2conf/maat_test.json @@ -0,0 +1,87 @@ +{ + "compile_table": "NTC_COMPILE", + "group_table": "NTC_GROUP", + "rules": [ + { + "compile_id": 6, + "service": 12, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_7", + "regions": [ + { + "table_name": "NTC_UNIVERSAL_PROTO_TYPE", + "table_type": "intval", + "table_content": { + "low_boundary": 10, + "up_boundary": 10 + } + } + ] + }, + { + "group_name": "group_6", + "regions": [ + { + "table_name": "NTC_UNIVERSAL_IP", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "211.144.24.29", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + # { + # "group_name": "group_8", + # "regions": [ + # { + # "table_name": "DJ_SSL_REGION", + # "table_type": "expr_plus", + # "table_content": { + # "district": "SAN", + # "keywords": "jd.com", + # "expr_type": "and", + # "match_method": "sub", + # "format": "uncase plain" + # } + # } + # ] + # } + ] + } + ], + "plugin_table": [ + { + "table_name": "DNS_RESPONSE_STRATEGY", + "table_content": [ + "1\t192.168.0.1\t101", + "2\t192.168.0.2\t101", + "3\t192.168.1.1\t102" + ] + }, + { + "table_name": "DNS_GROUP_TYPE", + "table_content": [ + "1\t3388\t99\t1", + "2\t3355\t66\t1", + "3\tcccc\t11\t1" + ] + } + ] +} diff --git a/ntcconf/t2conf/main.conf b/ntcconf/t2conf/main.conf new file mode 100644 index 0000000..5825a18 --- /dev/null +++ b/ntcconf/t2conf/main.conf @@ -0,0 +1,152 @@ +[WIRED_INFO] +APP_NAME=T2 +SELF_IP=10.4.16.1 +REMOTE_DIR=ASTANA/ +KEY_CNT=106 +RAWFILE_CNT=0 +WIRED_TIME=2019-02-20T15:37:09 + +[ASN_MAAT] +EFFECT_INTERVAL_S=1 +FULL_CFG_DIR=./asnrule/full/index/ +INC_CFG_DIR=./asnrule/inc/index/ +JSON_CFG_FILE=./t2conf/asn_test.json +MAAT_JSON_SWITCH=0 +PERF_SWITCH=1 +REDIS_INDEX=2 +REDIS_IP=10.0.8.17 +REDIS_PORT=9001 +REDIS_PORT_NUM=1 +STAT_FILE=./asn_maat.staus +STAT_SWITCH=1 +TABLE_INFO=./t2conf/asn_tableinfo.conf + +[CACHE] +CONFIG_FILE=./t2conf/main.conf +LOG_LEVEL=30 +LOG_PATH=./t2log/cache/cache +SWITCH=1 + +[HTTP] +MAX_CACHE_SIZE=4096000 +MAX_SAVE_SIZE=4096000 + +[HTTP_BIZ] +DEBUG_MODE=0 +PDF_SWITCH=0 +TEST_MODE=0 +MAIL_COLLECT_SWITCH=1 +HTTP_POST_COLLECT_SWITCH=1 +COLLECT_TYPE=doc;docx;rtf;exe;pdf;xls;xlsx;ppt;pptx;txt;bin; + +[IPD_DYN_MAAT] +EFFECT_INTERVAL_S=1 +FULL_CFG_DIR=./ipd_dynrule/full/index/ +INC_CFG_DIR=./ipd_dynrule/inc/index/ +JSON_CFG_FILE=./t2conf/ipd_dyn_maat_test.json +MAAT_JSON_SWITCH=0 +PERF_SWITCH=1 +REDIS_IP=10.4.20.151 +REDIS_PORT=6380 +REDIS_PORT_NUM=10 +STAT_FILE=./ipd_dyn_maat.staus +STAT_SWITCH=1 +TABLE_INFO=./t2conf/ipd_dyn_tableinfo.conf + +[IP] +MAX_CACHE_SIZE=4096 +MAX_SAVE_SIZE=32768 + +[MAIL] +MAX_CACHE_SIZE=16384 +MAX_SAVE_SIZE=20971520 + +[MAIL_LOG_CACHE] +minio_ip_list=192.168.10.180; +minio_listen_port=9000 +minio_proxy_port=9100 + +cache_bucket_name=ntcbucket +cache_bucket_num=32 +max_used_memory_size_mb=5120 +cache_upload_losf_size=4194304 +#cache_upload_losf_timeout_s=10 +cache_default_ttl_second=31104000 +cache_object_key_hash_switch=0 + +cache_store_object_way=1 +redis_cluster_ip_list=192.168.10.180; +redis_cluster_port_range=9001-9004; +cache_upload_losf_timeout_s=20 +#wiredlb_override=1 +#wiredlb_topic=MinioFileLog +#wiredlb_datacenter=k18consul-tse +wiredlb_health_port=43330 +#wiredlb_group=FileLog + +log_fsstat_appname=MAIL_CACHE +log_fsstat_filepath=./t2log/cache/mail_cache_fs2.log +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.202 +log_fsstat_dst_port=8125 + + +[NTC_CACHE] +minio_ip_list=192.168.10.180; +minio_listen_port=9000 +minio_proxy_port=9100 + +cache_bucket_name=ntcbucket +cache_bucket_num=32 +max_used_memory_size_mb=5120 +cache_upload_losf_size=4194304 +cache_default_ttl_second=31104000 +cache_object_key_hash_switch=0 + +cache_store_object_way=1 +redis_cache_object_size=512000 +redis_cluster_ip_list=192.168.10.180; +redis_cluster_port_range=9001-9004; +max_redis_session_num=1600 +#wiredlb_override=1 +#wiredlb_topic=MinioFileLog +#wiredlb_datacenter=k18consul-tse +wiredlb_health_port=42220 +#wiredlb_group=FileLog + +log_fsstat_appname=NTC_CACHE +log_fsstat_filepath=./t2log/cache/ntc_cache_fs2.log +log_fsstat_interval=10 +log_fsstat_trig=1 +log_fsstat_dst_ip=10.4.20.202 +log_fsstat_dst_port=8125 + +[NTC_MAAT] +EFFECT_INTERVAL_S=1 +FULL_CFG_DIR=./ntcrule/full/index/ +INC_CFG_DIR=./ntcrule/inc/index/ +JSON_CFG_FILE=./t2conf/maat_test.json +MAAT_JSON_SWITCH=0 +PERF_SWITCH=1 +STAT_FILE=./t2_maat.staus +STAT_SWITCH=1 +TABLE_INFO=./t2conf/t2_tableinfo.conf + +[SYSTEM] +FS_SERVER_IP=10.4.20.202 +FS_SERVER_PORT=8125 +KAFKA_BROKERLIST=192.168.10.10:9092 +LOG_LEVEL=30 +NIC_NAME=enp131s0f2 +SENDLOG_MODE=1 +SOQLOG_LOCAL_LEVEL=20 +SOQLOG_LOCAL_PATH=./t2log/soqlog_local.log + +[TRANS_INFO] +protolist=HTTP=4;MAIL=5;FTP=7; +start_port=60000 +wlb_group_name=ASTANA +wlb_health_port=20000 +wlb_override=1 +wlb_switch=0 diff --git a/ntcconf/t2conf/ntc_cache.conf b/ntcconf/t2conf/ntc_cache.conf new file mode 100644 index 0000000..1f4bebc --- /dev/null +++ b/ntcconf/t2conf/ntc_cache.conf @@ -0,0 +1,26 @@ +[NTC_CACHE] +#MINIO IP地址,目前只支持一个 +MINIO_IP_LIST=10.4.35.41-48; +MINIO_LISTEN_PORT=9000 + +#每个域名最多开启的链接数 +MAX_CONNECTION_PER_HOST=10 + +#bucket的名称 +CACHE_BUCKET_NAME=ntcbucket + +#缓存最大占用的内存空间大小,超出空间时上传失败 +MAX_USED_MEMORY_SIZE_MB=5120 + +#上传时Expires头部的过期时间,单位秒,最小60(1分钟) +CACHE_DEFAULT_TTL_SECOND=3600 + +#是否对对象的名称进行哈希,开启哈希有助于提高上传下载的速率 +CACHE_OBJECT_KEY_HASH_SWITCH=0 + +#WIRED LOAD BALANCER配置 +#WIREDLB_OVERRIDE=0 +#WIREDLB_TOPIC= +#WIREDLB_GROUP= +#WIREDLB_DATACENTER= +WIREDLB_HEALTH_PORT=49000 diff --git a/ntcconf/t2conf/t2_tableinfo.conf b/ntcconf/t2conf/t2_tableinfo.conf new file mode 100644 index 0000000..cdcadcf --- /dev/null +++ b/ntcconf/t2conf/t2_tableinfo.conf @@ -0,0 +1,29 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 NTC_COMPILE compile UTF8 UTF8 no 0 +0 WHITE_LIST_COMPILE compile UTF8 UTF8 no 0 +1 NTC_GROUP group UTF8 UTF8 no 0 +1 WHITE_LIST_GROUP group UTF8 UTF8 no 0 +2 NTC_UNIVERSAL_IP ip UTF8 UTF8 no 0 +3 NTC_UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0 +4 WHITE_LIST_IP ip UTF8 UTF8 no 0 +5 NTC_HTTP_URL expr UTF8 UTF8 yes 0 quickoff +5 WHITE_LIST_DOMAIN expr UTF8 UTF8 yes 0 quickoff +6 NTC_HTTP_REQ_HDR expr_plus UTF8 UTF8 yes 0 quickoff +7 NTC_HTTP_RES_HDR expr_plus UTF8 UTF8 yes 0 quickoff +8 NTC_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff +8 WHITE_LIST_SUBSCRIBE_ID expr UTF8 UTF8 yes 0 quickoff +9 NTC_HTTP_REQ_BODY expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff +10 NTC_HTTP_RES_BODY expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff +11 NTC_MAIL_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +12 NTC_MAIL_BODY expr_plus UTF8 UTF8/GBK yes 0 quickoff +13 NTC_FTP_URL expr UTF8 UTF8 yes 0 quickoff +14 NTC_FTP_CONTENT expr UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff diff --git a/soqconf/t1_conflist_business.inf b/soqconf/t1_conflist_business.inf new file mode 100644 index 0000000..06bc208 --- /dev/null +++ b/soqconf/t1_conflist_business.inf @@ -0,0 +1,3 @@ +./plug/business/soq_dns_plug/soq_dns_plug.inf +./plug/business/pg_seven_knights/pg_seven_knights.inf +./plug/business/T1_HTTP_MAIL_BIZ/T1_HTTP_MAIL_BIZ.inf diff --git a/soqconf/t1conf/ddp.json b/soqconf/t1conf/ddp.json new file mode 100644 index 0000000..33bbbcd --- /dev/null +++ b/soqconf/t1conf/ddp.json @@ -0,0 +1,142 @@ +{ + "log_info": { + "log_level": 30, + "log_path": "./log/ddp_master_log" + }, + "trans_info": { + "_comment": "0:socket udp; 1:marsio udp(DPDK); 2:unix domain socket; 3:debug", + "ddp_mode": 0, + "is_stream": 1, + "rely_call": 0, + "is_bigblock": 1, + "family": 2, + "type": 2, + "protocol": 0, + "MESA_MTU": 1800 + }, + "feedback_group": [ + { + "group_id":0, + "addrlist":[ + { + "start_ip": "10.168.8.87", + "ip_num": 1, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":1, + "addrlist":[ + { + "start_ip": "10.168.8.101", + "ip_num": 20, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":2, + "addrlist":[ + { + "start_ip": "10.168.8.88", + "ip_num": 1, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":3, + "addrlist":[ + { + "start_ip": "10.174.4.21", + "ip_num": 50, + "start_port": 60000, + "port_num": 16 + } + ] + }, + { + "group_id":4, + "addrlist":[ + { + "start_ip": "10.168.8.89", + "ip_num": 2, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":5, + "addrlist":[ + { + "start_ip": "10.168.8.91", + "ip_num": 2, + "start_port": 60000, + "port_num": 32 + } + ] + } + ], + "proto_info": [ + { + "proto_id": 0, + "proto_name": "PROTO_IPv4", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 1, + "proto_name": "PROTO_IPv6", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 2, + "proto_name": "PROTO_TCP", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 3, + "proto_name": "PROTO_UDP", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 4, + "proto_name": "PROTO_HTTP", + "max_cache_size": 100, + "group_id":1 + + }, + { + "proto_id": 5, + "proto_name": "PROTO_MAIL", + "max_cache_size": 100, + "group_id":2 + }, + { + "proto_id": 6, + "proto_name": "PROTO_DNS", + "max_cache_size": 0, + "group_id":4 + }, + { + "proto_id": 10, + "proto_name": "PROTO_SSL", + "max_cache_size": 0, + "group_id":5 + }, + { + "proto_id": 7, + "proto_name": "PROTO_AIM", + "max_cache_size": 0, + "group_id":3 + } + ] +} diff --git a/soqconf/t1conf/http_url_filter.conf b/soqconf/t1conf/http_url_filter.conf new file mode 100644 index 0000000..8a08d30 --- /dev/null +++ b/soqconf/t1conf/http_url_filter.conf @@ -0,0 +1,126 @@ +.jpg +.jpeg +.gif +.bmp +.png +.tiff +.tif +.raw +.ico +.psd +.pcd +.cad +.ttf +.txt +.exe +.cab +.ini +.inf +.dll +.lib +.chm +.bin +.cur +.c++ +.cc +.cxx +.c +.cpp +.hpp +.hxx +.h++ +.h +.asm +.inc +.java +.mak +.obj +.pl +.gzip +.deb +.zip +.rar +.msu +.jar +.imp +.docm +.docx +.doc +.pdf +.mdb +.xlsx +.xls +.pptx +.ppt +.vsd +.csv +.caj +.nh +.kdh +.pdf +.jse +.js +.css +.xml +.xsl +.asmx +.cgi +.wml +.dwr +.ashx +.dtd +.do +.shtml +.shtm +.html +.htm +.aspx +.asp +.jsp +.php +.net +.edu +.biz +.com +.edu +.biz +.com +.name +.info +.mobi +.pro +.ws +.travel +.tv +.fm +.museum +.int +.areo +.post +.rec +.asia +.cn +.net/ +.edu/ +.biz/ +.com/ +.edu/ +.biz/ +.com/ +.name/ +.info/ +.mobi/ +.pro/ +.ws/ +.travel/ +.tv/ +.fm/ +.museum/ +.int/ +.areo/ +.post/ +.rec/ +.asia/ +.cn/ +.crl +.psf diff --git a/soqconf/t1conf/maat_test.json b/soqconf/t1conf/maat_test.json new file mode 100644 index 0000000..56c32b0 --- /dev/null +++ b/soqconf/t1conf/maat_test.json @@ -0,0 +1,373 @@ +{ + "compile_table": "CONFIG_COMPILE", + "group_table": "CONFIG_GROUP", + "rules": [ + { + "compile_id": 1, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_1", + "regions": [ + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "172.30.8.1", + "mask_src_ip": "255.255.255.255", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + }, + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv6", + "src_ip": "2001:da8:205:1::101", + "mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0::0", + "mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 2, + "service": 48, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_2", + "regions": [ + { + "table_name": "DJ_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "10.0.6.201", + "mask_src_ip": "255.255.255.255", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 105, + "service": 50, + "action": 1, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_FTP_URL", + "table_type": "expr", + "table_content": { + "keywords":"!!!!!!.com", + "expr_type":"none", + "match_method":"sub", + "format":"uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 101, + "service": 50, + "action": 1, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords":"sdfghjkooooooool;mhhjkl;.com", + "expr_type":"none", + "match_method":"sub", + "format":"uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 102, + "service": 13, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "To", + "keywords": "bounce-mc.us12_49410953.675173-04060eed83@mail59.suw13.rsgsv.net", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 104, + "service": 13, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "10;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "Subject", + "keywords": "董嵬去北陵", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 103, + "service": 13, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "10;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "To", + "keywords": "1111xxtest_2@sina.com", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id":108, + "service": 6, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;0", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_DNS_REGION", + "table_type": "expr_plus", + "table_content": { + "district": "QNAME", + "keywords": ".net-test", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id":107, + "service": 6, + "action": 2, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;1801", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_DNS_REGION", + "table_type": "expr_plus", + "table_content": { + "district": "QNAME", + "keywords": ".com-test", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id":106, + "service": 6, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;1801", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_DNS_REGION", + "table_type": "expr_plus", + "table_content": { + "district": "QNAME", + "keywords": ".com", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + } + ], + "plugin_table": [ + { + "table_name": "DNS_RESPONSE_STRATEGY", + "table_content": [ + "18001\t1801\tstrategy_1\t18101\t1\t18108\t1\t18308\t1\t18405\t1\t0\t0\t60\t600\t1", + "18002\t1802\tstrategy_2\t18201\t1\t18201\t1\t18301\t1\t18401\t1\t0\t0\t60\t600\t1" + ] + }, + { + "table_name": "DNS_GROUP_TYPE", + "table_content": [ + "19001\t18101\t7\t1", + "19002\t18201\t7\t1", + "19003\t18301\t0\t1", + "19004\t18401\t0\t1" + ] + }, + { + "table_name": "DNS_FAKE_IP", + "table_content": [ + "10001\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t10.10.10.10\t255.255.255.255\t0\t65535\t0\t0\t1", + "10011\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t13.13.13.10\t255.255.255.255\t0\t65535\t0\t0\t1", + "10002\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t11.11.11.11\t255.255.255.255\t0\t65535\t0\t0\t1", + "10003\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t12.12.12.12\t255.255.255.255\t0\t65535\t0\t0\t1", + "10004\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t50:50:50::50\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0", + "10005\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t60:60:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0", + "10006\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t70:70:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "10007\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t40:40:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "20001\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t1.1.1.1\t255.255.255.255\t0\t65535\t0\t0\t1", + "20002\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t2.2.2.2\t255.255.255.255\t0\t65535\t0\t0\t1", + "20003\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t3.3.3.3\t255.255.255.255\t0\t65535\t0\t0\t0", + "20004\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t4.4.4.4\t255.255.255.255\t0\t65535\t0\t0\t1", + "20006\t18101\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t6:6:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "20007\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t7:7:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "20008\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t8:8:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1" + ] + }, + { + "table_name": "DNS_FAKE_INFO", + "table_content": [ + "21001\t18301\twww.bdu.com\t1", + "21002\t18301\twww.bidu.com\t1", + "21003\t18301\twww.idu.com\t1", + "21004\t18401\twww.sna.com\t1", + "21005\t18401\twww.na.com\t1", + "21006\t18401\twww.sina.com\t1" + ] + }, + { + "table_name": "ENCRYPT_PROTO_RANDOM", + "table_content": [ + "1\t20\t8\t1", + "2\t34\t9\t1", + "3\t19\t11\t1", + "4\t0\t12\t1", + "5\t-2\t13\t1", + "-1\t-2\t999\t1" + ] + } + ] +} diff --git a/soqconf/t1conf/main.conf b/soqconf/t1conf/main.conf new file mode 100644 index 0000000..3b3336b --- /dev/null +++ b/soqconf/t1conf/main.conf @@ -0,0 +1,45 @@ +[SYSTEM] +NIC_NAME=enp175s0f0 +LOG_LEVEL=30 +DYN_BLACKLIST_OPEN=1 +#seconds +DYN_BLACKLIST_TIMEOUT=90 +SEND_INJECT_PKT=0 +SOQLOG_LOCAL_LEVEL=10 +SOQLOG_LOCAL_PATH=./t1log/soqlog_local.log +ENTRANCE_ID=5 +[MAAT] +MAAT_JSON_SWITCH=1 +STAT_SWITCH=1 +PERF_SWITCH=1 +EFFECT_INTERVAL_S=10 +TABLE_INFO=./t1conf/t1_tableinfo.conf +INC_CFG_DIR=./soqrule/inc/index/ +FULL_CFG_DIR=./soqrule/full/index/ +JSON_CFG_FILE=./t1conf/maat_test.json +STAT_FILE=./t1_maat.staus +[MAGELLAN] +LOG_RECEIVER_NUM=2 +LOG_RECEIVER_PORT=45678 +LOG_RECEIVER_ADDR=10.168.2.139;10.168.2.140; +LOG_LOCAL_SWITCH=1 +LOCAL_MSG_DIR=./t1log/t1_magellan_local/ +[HTTP_BIZ] +MAX_SCAN=10 +RUN_LOG_PATH=./t1log/t1_http_mail_biz.log +#----- DEBUG:10; INFO:20; FATAL:30 ---- +RUN_RLOG_LV=30 +[T1_SEVEN] +log_level=30 +log_path=./t1log/t1_seven_knights_log + +[DNS_PLUG] +CONVERT_4TO6=1 +LOG_LEVEL=10 +LOG_PATH=./t1log/soq_dns_plug/soq_dns_plug +HASH_SLOT_SIZE=1048576 +[T1_HTTP_AIM] +aim_proto=7 + +[T1_RAWPKT] +feedback_dns_switch=1 diff --git a/soqconf/t1conf/t1_tableinfo.conf b/soqconf/t1conf/t1_tableinfo.conf new file mode 100644 index 0000000..8e18cf8 --- /dev/null +++ b/soqconf/t1conf/t1_tableinfo.conf @@ -0,0 +1,44 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickoff or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 CONFIG_COMPILE compile UTF8 UTF8 no 0 +1 CONFIG_GROUP group UTF8 UTF8 no 0 +2 DF_IP_PORT ip UTF8 UTF8 no 0 +2 FX_IP_PORT ip UTF8 UTF8 no 0 +3 DJ_IP_PORT ip UTF8 UTF8 no 0 +4 UNIVERSAL_IP ip UTF8 UTF8 no 0 +5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0 +6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff +10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff +11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff +12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff +12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff +13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff +13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff +14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +15 DF_FTP_URL expr UTF8 UTF8 yes +15 DJ_FTP_URL expr UTF8 UTF8 yes +17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes +18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0 +19 DNS_GROUP_TYPE plugin GBK GBK no 0 +20 DNS_FAKE_IP plugin GBK GBK no 0 +21 DNS_FAKE_INFO plugin GBK GBK no 0 +22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes +22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes +23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0 diff --git a/soqconf/t2_conflist_business.inf b/soqconf/t2_conflist_business.inf new file mode 100644 index 0000000..7d7206b --- /dev/null +++ b/soqconf/t2_conflist_business.inf @@ -0,0 +1 @@ +./plug/business/T2_HTTP_MAIL_BIZ/T2_HTTP_MAIL_BIZ.inf diff --git a/soqconf/t2conf/maat_test.json b/soqconf/t2conf/maat_test.json new file mode 100644 index 0000000..956c609 --- /dev/null +++ b/soqconf/t2conf/maat_test.json @@ -0,0 +1,224 @@ +{ + "compile_table": "CONFIG_COMPILE", + "group_table": "CONFIG_GROUP", + "rules": [ + { + "compile_id": 1, + "service": 1, + "action": 0, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_1", + "regions": [ + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "121.11.151.70", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + }, + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv6", + "src_ip": "2001:da8:205:1::101", + "mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0::0", + "mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 2, + "service": 48, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_2", + "regions": [ + { + "table_name": "DJ_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "10.0.6.201", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 3, + "service": 2, + "action": 2, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_3", + "regions": [ + { + "table_name": "FX_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "10.0.6.201", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 4, + "service": 1, + "action": 0, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_4", + "regions": [ + { + "table_name": "CONTENT_SIZE", + "table_type": "intval", + "table_content": { + "low_boundary": 100, + "up_boundary": 500 + } + } + ] + } + ] + }, + { + "compile_id": 5, + "service": 50, + "action": 2, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_5", + "regions": [ + { + "table_name": "DJ_HTTP_RES_BODY", + "table_type": "expr", + "table_content": { + "keywords": "ghklgfdfcom", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 6, + "service": 60, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_6", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "FROM", + "keywords": "163.com", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + } + + ], + "plugin_table": [ + { + "table_name": "DNS_RESPONSE_STRATEGY", + "table_content": [ + "1\t192.168.0.1\t101", + "2\t192.168.0.2\t101", + "3\t192.168.1.1\t102" + ] + }, + { + "table_name": "DNS_GROUP_TYPE", + "table_content": [ + "1\t3388\t99\t1", + "2\t3355\t66\t1", + "3\tcccc\t11\t1" + ] + } + ] +} diff --git a/soqconf/t2conf/main.conf b/soqconf/t2conf/main.conf new file mode 100644 index 0000000..d34e954 --- /dev/null +++ b/soqconf/t2conf/main.conf @@ -0,0 +1,30 @@ +[SYSTEM] +NIC_NAME=mg0 +LOG_LEVEL=30 +ENTRANCE_ID=5 +SOQLOG_LOCAL_LEVEL=30 +SOQLOG_LOCAL_PATH=./t2log/soqlog_local.log +[MAAT] +MAAT_JSON_SWITCH=0 +STAT_SWITCH=1 +PERF_SWITCH=1 +TABLE_INFO=./t2conf/t2_tableinfo.conf +INC_CFG_DIR=./soqrule/inc/index/ +FULL_CFG_DIR=./soqrule/full/index/ +JSON_CFG_FILE=./t2conf/maat_test.json +STAT_FILE=./t2_maat.staus +[MAGELLAN] +LOG_RECEIVER_NUM=1 +LOG_RECEIVER_PORT=45678 +LOG_RECEIVER_ADDR=10.168.2.4; +LOG_LOCAL_SWITCH=0 +LOCAL_MSG_DIR=./t2log/t2_magellanlocal/ +[IP] +MAX_CACHE_SIZE=4096 +MAX_SAVE_SIZE=32768 +[MAIL] +MAX_CACHE_SIZE=16384 +MAX_SAVE_SIZE=20971520 +[HTTP] +MAX_CACHE_SIZE=4096 +MAX_SAVE_SIZE=327680 diff --git a/soqconf/t2conf/t2_tableinfo.conf b/soqconf/t2conf/t2_tableinfo.conf new file mode 100644 index 0000000..15fe05a --- /dev/null +++ b/soqconf/t2conf/t2_tableinfo.conf @@ -0,0 +1,44 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 CONFIG_COMPILE compile UTF8 UTF8 no 0 +1 CONFIG_GROUP group UTF8 UTF8 no 0 +2 DF_IP_PORT ip UTF8 UTF8 no 0 +2 FX_IP_PORT ip UTF8 UTF8 no 0 +3 DJ_IP_PORT ip UTF8 UTF8 no 0 +4 UNIVERSAL_IP ip UTF8 UTF8 no 0 +5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0 +6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +#10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff +#10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff +#11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff +#12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon +#12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon +13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon +13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon +14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +#15 DF_FTP_URL expr UTF8 UTF8 yes +#15 DJ_FTP_URL expr UTF8 UTF8 yes +#17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes +#18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0 +#19 DNS_GROUP_TYPE plugin GBK GBK no 0 +#20 DNS_FAKE_IP plugin GBK GBK no 0 +#21 DNS_FAKE_INFO plugin GBK GBK no 0 +22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes +22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes +#23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0 diff --git a/src/ntc_ip_comm b/src/ntc_ip_comm index 78dfd39..121c3bf 160000 --- a/src/ntc_ip_comm +++ b/src/ntc_ip_comm @@ -1 +1 @@ -Subproject commit 78dfd39db185398ecc9f7a8fc09082973e1e2162 +Subproject commit 121c3bf03536d7a447107ecf093d4d31c173b7a8