gfwleak/pangu-mesa-plug
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加安装配置文件

Browse Source
This commit is contained in:
liuxueli
2019-07-04 09:56:10 +08:00
parent 2d4de570b6
commit f1efb711cf
29 changed files with 1949 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
soqconf/t1_conflist_business.inf Normal file
View File

@@ -0,0 +1,3 @@
./plug/business/soq_dns_plug/soq_dns_plug.inf
./plug/business/pg_seven_knights/pg_seven_knights.inf
./plug/business/T1_HTTP_MAIL_BIZ/T1_HTTP_MAIL_BIZ.inf

142
soqconf/t1conf/ddp.json Normal file
View File

@@ -0,0 +1,142 @@
{
"log_info": {
"log_level": 30,
"log_path": "./log/ddp_master_log"
},
"trans_info": {
"_comment": "0:socket udp; 1:marsio udp(DPDK); 2:unix domain socket; 3:debug",
"ddp_mode": 0,
"is_stream": 1,
"rely_call": 0,
"is_bigblock": 1,
"family": 2,
"type": 2,
"protocol": 0,
"MESA_MTU": 1800
},
"feedback_group": [
{
"group_id":0,
"addrlist":[
{
"start_ip": "10.168.8.87",
"ip_num": 1,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":1,
"addrlist":[
{
"start_ip": "10.168.8.101",
"ip_num": 20,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":2,
"addrlist":[
{
"start_ip": "10.168.8.88",
"ip_num": 1,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":3,
"addrlist":[
{
"start_ip": "10.174.4.21",
"ip_num": 50,
"start_port": 60000,
"port_num": 16
}
]
},
{
"group_id":4,
"addrlist":[
{
"start_ip": "10.168.8.89",
"ip_num": 2,
"start_port": 60000,
"port_num": 32
}
]
},
{
"group_id":5,
"addrlist":[
{
"start_ip": "10.168.8.91",
"ip_num": 2,
"start_port": 60000,
"port_num": 32
}
]
}
],
"proto_info": [
{
"proto_id": 0,
"proto_name": "PROTO_IPv4",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 1,
"proto_name": "PROTO_IPv6",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 2,
"proto_name": "PROTO_TCP",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 3,
"proto_name": "PROTO_UDP",
"max_cache_size": 0,
"group_id":0
},
{
"proto_id": 4,
"proto_name": "PROTO_HTTP",
"max_cache_size": 100,
"group_id":1
},
{
"proto_id": 5,
"proto_name": "PROTO_MAIL",
"max_cache_size": 100,
"group_id":2
},
{
"proto_id": 6,
"proto_name": "PROTO_DNS",
"max_cache_size": 0,
"group_id":4
},
{
"proto_id": 10,
"proto_name": "PROTO_SSL",
"max_cache_size": 0,
"group_id":5
},
{
"proto_id": 7,
"proto_name": "PROTO_AIM",
"max_cache_size": 0,
"group_id":3
}
]
}

126
soqconf/t1conf/http_url_filter.conf Normal file
View File

@@ -0,0 +1,126 @@
.jpg
.jpeg
.gif
.bmp
.png
.tiff
.tif
.raw
.ico
.psd
.pcd
.cad
.ttf
.txt
.exe
.cab
.ini
.inf
.dll
.lib
.chm
.bin
.cur
.c++
.cc
.cxx
.c
.cpp
.hpp
.hxx
.h++
.h
.asm
.inc
.java
.mak
.obj
.pl
.gzip
.deb
.zip
.rar
.msu
.jar
.imp
.docm
.docx
.doc
.pdf
.mdb
.xlsx
.xls
.pptx
.ppt
.vsd
.csv
.caj
.nh
.kdh
.pdf
.jse
.js
.css
.xml
.xsl
.asmx
.cgi
.wml
.dwr
.ashx
.dtd
.do
.shtml
.shtm
.html
.htm
.aspx
.asp
.jsp
.php
.net
.edu
.biz
.com
.edu
.biz
.com
.name
.info
.mobi
.pro
.ws
.travel
.tv
.fm
.museum
.int
.areo
.post
.rec
.asia
.cn
.net/
.edu/
.biz/
.com/
.edu/
.biz/
.com/
.name/
.info/
.mobi/
.pro/
.ws/
.travel/
.tv/
.fm/
.museum/
.int/
.areo/
.post/
.rec/
.asia/
.cn/
.crl
.psf

373
soqconf/t1conf/maat_test.json Normal file
View File

@@ -0,0 +1,373 @@
{
"compile_table": "CONFIG_COMPILE",
"group_table": "CONFIG_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "172.30.8.1",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
},
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv6",
"src_ip": "2001:da8:205:1::101",
"mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0::0",
"mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 2,
"service": 48,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_2",
"regions": [
{
"table_name": "DJ_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "10.0.6.201",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 105,
"service": 50,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_FTP_URL",
"table_type": "expr",
"table_content": {
"keywords":"!!!!!!.com",
"expr_type":"none",
"match_method":"sub",
"format":"uncase plain"
}
}
]
}
]
},
{
"compile_id": 101,
"service": 50,
"action": 1,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords":"sdfghjkooooooool;mhhjkl;.com",
"expr_type":"none",
"match_method":"sub",
"format":"uncase plain"
}
}
]
}
]
},
{
"compile_id": 102,
"service": 13,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "To",
"keywords": "bounce-mc.us12_49410953.675173-04060eed83@mail59.suw13.rsgsv.net",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 104,
"service": 13,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "10;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "Subject",
"keywords": "董嵬去北陵",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 103,
"service": 13,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "10;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "To",
"keywords": "1111xxtest_2@sina.com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id":108,
"service": 6,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;0",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_DNS_REGION",
"table_type": "expr_plus",
"table_content": {
"district": "QNAME",
"keywords": ".net-test",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id":107,
"service": 6,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;1801",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_DNS_REGION",
"table_type": "expr_plus",
"table_content": {
"district": "QNAME",
"keywords": ".com-test",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id":106,
"service": 6,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "100;1801",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "DF_DNS_REGION",
"table_type": "expr_plus",
"table_content": {
"district": "QNAME",
"keywords": ".com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "DNS_RESPONSE_STRATEGY",
"table_content": [
"18001\t1801\tstrategy_1\t18101\t1\t18108\t1\t18308\t1\t18405\t1\t0\t0\t60\t600\t1",
"18002\t1802\tstrategy_2\t18201\t1\t18201\t1\t18301\t1\t18401\t1\t0\t0\t60\t600\t1"
]
},
{
"table_name": "DNS_GROUP_TYPE",
"table_content": [
"19001\t18101\t7\t1",
"19002\t18201\t7\t1",
"19003\t18301\t0\t1",
"19004\t18401\t0\t1"
]
},
{
"table_name": "DNS_FAKE_IP",
"table_content": [
"10001\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t10.10.10.10\t255.255.255.255\t0\t65535\t0\t0\t1",
"10011\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t13.13.13.10\t255.255.255.255\t0\t65535\t0\t0\t1",
"10002\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t11.11.11.11\t255.255.255.255\t0\t65535\t0\t0\t1",
"10003\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t12.12.12.12\t255.255.255.255\t0\t65535\t0\t0\t1",
"10004\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t50:50:50::50\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0",
"10005\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t60:60:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0",
"10006\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t70:70:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"10007\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t40:40:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"20001\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t1.1.1.1\t255.255.255.255\t0\t65535\t0\t0\t1",
"20002\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t2.2.2.2\t255.255.255.255\t0\t65535\t0\t0\t1",
"20003\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t3.3.3.3\t255.255.255.255\t0\t65535\t0\t0\t0",
"20004\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t4.4.4.4\t255.255.255.255\t0\t65535\t0\t0\t1",
"20006\t18101\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t6:6:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"20007\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t7:7:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1",
"20008\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t8:8:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1"
]
},
{
"table_name": "DNS_FAKE_INFO",
"table_content": [
"21001\t18301\twww.bdu.com\t1",
"21002\t18301\twww.bidu.com\t1",
"21003\t18301\twww.idu.com\t1",
"21004\t18401\twww.sna.com\t1",
"21005\t18401\twww.na.com\t1",
"21006\t18401\twww.sina.com\t1"
]
},
{
"table_name": "ENCRYPT_PROTO_RANDOM",
"table_content": [
"1\t20\t8\t1",
"2\t34\t9\t1",
"3\t19\t11\t1",
"4\t0\t12\t1",
"5\t-2\t13\t1",
"-1\t-2\t999\t1"
]
}
]
}

45
soqconf/t1conf/main.conf Normal file
View File

@@ -0,0 +1,45 @@
[SYSTEM]
NIC_NAME=enp175s0f0
LOG_LEVEL=30
DYN_BLACKLIST_OPEN=1
#seconds
DYN_BLACKLIST_TIMEOUT=90
SEND_INJECT_PKT=0
SOQLOG_LOCAL_LEVEL=10
SOQLOG_LOCAL_PATH=./t1log/soqlog_local.log
ENTRANCE_ID=5
[MAAT]
MAAT_JSON_SWITCH=1
STAT_SWITCH=1
PERF_SWITCH=1
EFFECT_INTERVAL_S=10
TABLE_INFO=./t1conf/t1_tableinfo.conf
INC_CFG_DIR=./soqrule/inc/index/
FULL_CFG_DIR=./soqrule/full/index/
JSON_CFG_FILE=./t1conf/maat_test.json
STAT_FILE=./t1_maat.staus
[MAGELLAN]
LOG_RECEIVER_NUM=2
LOG_RECEIVER_PORT=45678
LOG_RECEIVER_ADDR=10.168.2.139;10.168.2.140;
LOG_LOCAL_SWITCH=1
LOCAL_MSG_DIR=./t1log/t1_magellan_local/
[HTTP_BIZ]
MAX_SCAN=10
RUN_LOG_PATH=./t1log/t1_http_mail_biz.log
#----- DEBUG:10; INFO:20; FATAL:30 ----
RUN_RLOG_LV=30
[T1_SEVEN]
log_level=30
log_path=./t1log/t1_seven_knights_log
[DNS_PLUG]
CONVERT_4TO6=1
LOG_LEVEL=10
LOG_PATH=./t1log/soq_dns_plug/soq_dns_plug
HASH_SLOT_SIZE=1048576
[T1_HTTP_AIM]
aim_proto=7
[T1_RAWPKT]
feedback_dns_switch=1

44
soqconf/t1conf/t1_tableinfo.conf Normal file
View File

@@ -0,0 +1,44 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickoff or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 CONFIG_COMPILE compile UTF8 UTF8 no 0
1 CONFIG_GROUP group UTF8 UTF8 no 0
2 DF_IP_PORT ip UTF8 UTF8 no 0
2 FX_IP_PORT ip UTF8 UTF8 no 0
3 DJ_IP_PORT ip UTF8 UTF8 no 0
4 UNIVERSAL_IP ip UTF8 UTF8 no 0
5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0
6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff
9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff
10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff
11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff
12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff
12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff
13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff
13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff
14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
15 DF_FTP_URL expr UTF8 UTF8 yes
15 DJ_FTP_URL expr UTF8 UTF8 yes
17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes
18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0
19 DNS_GROUP_TYPE plugin GBK GBK no 0
20 DNS_FAKE_IP plugin GBK GBK no 0
21 DNS_FAKE_INFO plugin GBK GBK no 0
22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes
22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes
23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0

1
soqconf/t2_conflist_business.inf Normal file
View File

@@ -0,0 +1 @@
./plug/business/T2_HTTP_MAIL_BIZ/T2_HTTP_MAIL_BIZ.inf

224
soqconf/t2conf/maat_test.json Normal file
View File

@@ -0,0 +1,224 @@
{
"compile_table": "CONFIG_COMPILE",
"group_table": "CONFIG_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action": 0,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"regions": [
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "121.11.151.70",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
},
{
"table_name": "DF_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv6",
"src_ip": "2001:da8:205:1::101",
"mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0::0",
"mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 2,
"service": 48,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_2",
"regions": [
{
"table_name": "DJ_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "10.0.6.201",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 3,
"service": 2,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_3",
"regions": [
{
"table_name": "FX_IP_PORT",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "10.0.6.201",
"mask_src_ip": "255.255.0.0",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 4,
"service": 1,
"action": 0,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_4",
"regions": [
{
"table_name": "CONTENT_SIZE",
"table_type": "intval",
"table_content": {
"low_boundary": 100,
"up_boundary": 500
}
}
]
}
]
},
{
"compile_id": 5,
"service": 50,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_5",
"regions": [
{
"table_name": "DJ_HTTP_RES_BODY",
"table_type": "expr",
"table_content": {
"keywords": "ghklgfdfcom",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 6,
"service": 60,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "group_6",
"regions": [
{
"table_name": "DF_MAIL_HDR",
"table_type": "expr_plus",
"table_content": {
"district": "FROM",
"keywords": "163.com",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "DNS_RESPONSE_STRATEGY",
"table_content": [
"1\t192.168.0.1\t101",
"2\t192.168.0.2\t101",
"3\t192.168.1.1\t102"
]
},
{
"table_name": "DNS_GROUP_TYPE",
"table_content": [
"1\t3388\t99\t1",
"2\t3355\t66\t1",
"3\tcccc\t11\t1"
]
}
]
}

30
soqconf/t2conf/main.conf Normal file
View File

@@ -0,0 +1,30 @@
[SYSTEM]
NIC_NAME=mg0
LOG_LEVEL=30
ENTRANCE_ID=5
SOQLOG_LOCAL_LEVEL=30
SOQLOG_LOCAL_PATH=./t2log/soqlog_local.log
[MAAT]
MAAT_JSON_SWITCH=0
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=./t2conf/t2_tableinfo.conf
INC_CFG_DIR=./soqrule/inc/index/
FULL_CFG_DIR=./soqrule/full/index/
JSON_CFG_FILE=./t2conf/maat_test.json
STAT_FILE=./t2_maat.staus
[MAGELLAN]
LOG_RECEIVER_NUM=1
LOG_RECEIVER_PORT=45678
LOG_RECEIVER_ADDR=10.168.2.4;
LOG_LOCAL_SWITCH=0
LOCAL_MSG_DIR=./t2log/t2_magellanlocal/
[IP]
MAX_CACHE_SIZE=4096
MAX_SAVE_SIZE=32768
[MAIL]
MAX_CACHE_SIZE=16384
MAX_SAVE_SIZE=20971520
[HTTP]
MAX_CACHE_SIZE=4096
MAX_SAVE_SIZE=327680

44
soqconf/t2conf/t2_tableinfo.conf Normal file
View File

@@ -0,0 +1,44 @@
#each collumn seperate with '\t'
#id (0~65535)
#name string
#type one of ip,expr,expr_plus,digest,intval,compile or plugin
#src_charset one of GBK,BIG5,UNICODE,UTF8
#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
#do_merege yes or no
#cross cache 0~max
#quickswitch quickon or quick off
#id name type src_charset dst_charset do_merge cross_cache quickswitch
0 CONFIG_COMPILE compile UTF8 UTF8 no 0
1 CONFIG_GROUP group UTF8 UTF8 no 0
2 DF_IP_PORT ip UTF8 UTF8 no 0
2 FX_IP_PORT ip UTF8 UTF8 no 0
3 DJ_IP_PORT ip UTF8 UTF8 no 0
4 UNIVERSAL_IP ip UTF8 UTF8 no 0
5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0
6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon
9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024
#10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff
#10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff
#11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff
#12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon
#12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon
13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon
13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon
14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes
#15 DF_FTP_URL expr UTF8 UTF8 yes
#15 DJ_FTP_URL expr UTF8 UTF8 yes
#17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes
#18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0
#19 DNS_GROUP_TYPE plugin GBK GBK no 0
#20 DNS_FAKE_IP plugin GBK GBK no 0
#21 DNS_FAKE_INFO plugin GBK GBK no 0
22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes
22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes
#23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0