兼容Firewall版本, sapp和kni拆开
This commit is contained in:
崔一鸣
BIN
roles/sapp/files/sapp-4.0.5.3385992-1.el7.x86_64.rpm
Normal file
BIN
roles/sapp/files/sapp-4.0.5.3385992-1.el7.x86_64.rpm
Normal file
Binary file not shown.
41
roles/sapp/tasks/main.yml
Normal file
41
roles/sapp/tasks/main.yml
Normal file
@@ -0,0 +1,41 @@
|
||||
---
|
||||
- name: "copy sapp to destination server"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/"
|
||||
dest: /tmp/ansible_deploy/
|
||||
|
||||
- name: "install sapp rpms from localhost"
|
||||
yum:
|
||||
name:
|
||||
- /tmp/ansible_deploy/sapp-4.0.5.3385992-1.el7.x86_64.rpm
|
||||
state: present
|
||||
|
||||
- name: Template the sapp.toml
|
||||
template:
|
||||
src: "{{ role_path }}/templates/sapp.toml.j2"
|
||||
dest: /home/mesasoft/sapp_run/etc/sapp.toml
|
||||
tags: template
|
||||
|
||||
- name: Template the project_list.conf
|
||||
template:
|
||||
src: "{{ role_path }}/templates/project_list.conf.j2"
|
||||
dest: /home/mesasoft/sapp_run/etc/project_list.conf
|
||||
tags: template
|
||||
|
||||
- name: Template the conflist.inf
|
||||
template:
|
||||
src: "{{ role_path }}/templates/conflist.inf.j2"
|
||||
dest: /home/mesasoft/sapp_run/plug/conflist.inf
|
||||
tags: template
|
||||
|
||||
- name: Template the gdev.conf
|
||||
template:
|
||||
src: "{{ role_path }}/templates/gdev.conf.j2"
|
||||
dest: /home/mesasoft/sapp_run/etc/gdev.conf
|
||||
tags: template
|
||||
|
||||
- name: "enable sapp"
|
||||
systemd:
|
||||
name: sapp
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
19
roles/sapp/templates/conflist.inf.j2
Normal file
19
roles/sapp/templates/conflist.inf.j2
Normal file
@@ -0,0 +1,19 @@
|
||||
[platform]
|
||||
./plug/platform/g_device_plug/g_device_plug.inf
|
||||
./plug/platform/tsg_master/tsg_master.inf
|
||||
|
||||
[protocol]
|
||||
./plug/protocol/ssl/ssl.inf
|
||||
./plug/protocol/http/http.inf
|
||||
./plug/protocol/dns/dns.inf
|
||||
./plug/protocol/mail/mail.inf
|
||||
./plug/protocol/ftp/ftp.inf
|
||||
|
||||
[business]
|
||||
./plug/business/kni/kni.inf
|
||||
./plug/business/fw_ssl/fw_ssl.inf
|
||||
./plug/business/fw_http_plug/fw_http_plug.inf
|
||||
./plug/business/fw_dns_plug/fw_dns_plug.inf
|
||||
./plug/business/fw_mail_plug/fw_mail_plug.inf
|
||||
./plug/business/fw_ftp_plug/fw_ftp_plug.inf
|
||||
./plug/business/tsg_conn_record/tsg_conn_record.inf
|
||||
5
roles/sapp/templates/gdev.conf.j2
Normal file
5
roles/sapp/templates/gdev.conf.j2
Normal file
@@ -0,0 +1,5 @@
|
||||
[Module]
|
||||
pcapdevice={{ nic_data_incoming.name }}
|
||||
sendto_gdev_card={{ nic_data_incoming.name }}
|
||||
sendto_gdev_ip={{ nic_data_incoming.address }}
|
||||
gdev_status_switch=1
|
||||
4
roles/sapp/templates/project_list.conf.j2
Normal file
4
roles/sapp/templates/project_list.conf.j2
Normal file
@@ -0,0 +1,4 @@
|
||||
tcp_flow_stat struct
|
||||
udp_flow_stat struct
|
||||
tcp_deduce_flow_stat struct
|
||||
POLICY_PRIORITY struct
|
||||
135
roles/sapp/templates/sapp.toml.j2
Normal file
135
roles/sapp/templates/sapp.toml.j2
Normal file
@@ -0,0 +1,135 @@
|
||||
###################################################################################################
|
||||
# NOTE:
|
||||
# The format of this file is toml (https://github.com/cktan/tomlc99)
|
||||
# to make vim editor display colorful and human readable,
|
||||
# you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini
|
||||
###################################################################################################
|
||||
|
||||
[SYSTEM]
|
||||
instance_name = "sapp4"
|
||||
|
||||
[CPU]
|
||||
worker_threads=16
|
||||
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
|
||||
bind_mask=[1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]
|
||||
#bind_mask=[]
|
||||
|
||||
[PACKET_IO]
|
||||
### note, BSD_packet_filter, if you do not want to set any filter rule, keep it empty as ""
|
||||
BSD_packet_filter=""
|
||||
|
||||
### note, depolyment.mode options: [mirror, inline, transparent]
|
||||
[packet_io.depolyment]
|
||||
{% if nic_transparent_mode.enable %}
|
||||
mode=transparent
|
||||
{% else %}
|
||||
mode=inline
|
||||
{% endif %}
|
||||
|
||||
### note, interface.type options: [pag,pcap,marsio]
|
||||
[packet_io.internal.interface]
|
||||
{% if nic_transparent_mode.enable %}
|
||||
type={{nic_transparent_mode.mode}}
|
||||
name={{nic_transparent_mode.internel_interface}}
|
||||
{% else %}
|
||||
type=marsio
|
||||
name=vxlan_user
|
||||
{% endif %}
|
||||
|
||||
[packet_io.external.interface]
|
||||
{% if nic_transparent_mode.enable %}
|
||||
type={{nic_transparent_mode.mode}}
|
||||
name={{nic_transparent_mode.external_interface}}
|
||||
{% else %}
|
||||
type=pcap
|
||||
name=lo
|
||||
{% endif %}
|
||||
|
||||
[packet_io.polling]
|
||||
### note, polling_priority = call sapp_recv_pkt every call polling_entry times,
|
||||
polling_priority=1
|
||||
|
||||
[STREAM]
|
||||
[stream.tcp]
|
||||
max=200000
|
||||
timeout=30
|
||||
syn_mandatory=1
|
||||
reorder_pkt_max=5
|
||||
analyse_option_enabled=1
|
||||
[stream.tcp.inject]
|
||||
link_mss=1460
|
||||
|
||||
[stream.tcp.inject.rst]
|
||||
number=3
|
||||
signature_enabled=1
|
||||
signature_seed1=65535
|
||||
signature_seed2=13
|
||||
|
||||
[stream.udp]
|
||||
max=10000
|
||||
timeout=60
|
||||
|
||||
[PROFILING]
|
||||
[profiling.pkt_latency]
|
||||
enabled=0
|
||||
### note, threshold unit is microseconds (us)
|
||||
threshold=1000000
|
||||
|
||||
[profiling.sanity_check]
|
||||
raw_pkt_broken_enabled=0
|
||||
symbol_conflict_enabled=0
|
||||
|
||||
[profiling.log]
|
||||
level=20
|
||||
interval=5
|
||||
|
||||
[profiling.log.local]
|
||||
enabled=1
|
||||
### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.
|
||||
file_truncate_enabled = 1
|
||||
log_file_name = "fs2_sysinfo.log"
|
||||
|
||||
[profiling.log.remote]
|
||||
enabled=1
|
||||
server_ip={{ fs_remote.address }}
|
||||
server_port={{ fs_remote.port }}
|
||||
|
||||
[profiling.log.remote.field_stat2]
|
||||
### note, is valid when "remote_send_out_type=field_stat2"
|
||||
### note, metric_type option value: [default, json]
|
||||
metric_type = default
|
||||
app_name=sapp
|
||||
|
||||
[TOOLS]
|
||||
[tools.pkt_dump]
|
||||
enabled=0
|
||||
### note, mode options value:[storage, udp_socket]
|
||||
mode=udp_socket
|
||||
BSD_packet_filter=""
|
||||
|
||||
[tools.pkt_dump.threads]
|
||||
### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=1, then 'dump_thread_id' is obsoleted.
|
||||
### if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
|
||||
all_threads_enabled=1
|
||||
|
||||
### note, dump_thread_id start from 0, max is CPU.worker_threads-1
|
||||
dump_thread_id=[0,1,2,3,4]
|
||||
|
||||
[tools.pkt_dump.udp]
|
||||
command_port=12345
|
||||
|
||||
[tools.pkt_dump.storage]
|
||||
### note, file path must be double quotation mark extension, for example, path="/dev/shm/pkt_dump"
|
||||
path="/dev/shm/pkt_dump"
|
||||
### note, file size unit: MB
|
||||
file_size_max_per_thread=10000
|
||||
|
||||
### note:
|
||||
### These configurations format is complex and difficult to describe with toml grammar,
|
||||
### so, create a Independent config file to description specific information.
|
||||
[SPECIAL_CONFIG_LINK]
|
||||
project_list_path="./etc/project_list.conf"
|
||||
plugin_path="./etc/plugin.conf"
|
||||
entrylist_path="./etc/entrylist.conf"
|
||||
send_raw_pkt_path="./etc/send_raw_pkt.conf"
|
||||
vxlan_sport_service_map_path="./etc/vxlan_sport_service_map.conf"
|
||||
Reference in New Issue
Block a user