gfwleak/solutions-tsg-scripts
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OMPUB-159:新增v21.06适配mirror流量的DPI安装包

Browse Source
This commit is contained in:
fumingwei
2021-07-06 14:48:40 +08:00
parent 3322c11ad9
commit e3977b920e
236 changed files with 218 additions and 9473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
roles/firewall/files/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/dns-2.0.11.2265b5c-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/dns-2.0.12.e083fec-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/mail-1.0.11.48abeae-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/ssl-2.0.2.1389716-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

BIN
roles/firewall/files/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm
View File

Binary file not shown.

BIN
roles/firewall/files/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm Normal file
View File

Binary file not shown.

28
roles/firewall/tasks/main.yml
View File

@@ -11,27 +11,25 @@
skip_broken: yes
vars:
fw_packages:
- /tmp/ansible_deploy/capture_packet_plug-3.0.6.a2db4a4-2.el7.x86_64.rpm
- /tmp/ansible_deploy/conn_telemetry-1.0.2.8d6da43-2.el7.x86_64.rpm
- /tmp/ansible_deploy/dns-2.0.11.2265b5c-2.el7.x86_64.rpm
- /tmp/ansible_deploy/dns-2.0.12.e083fec-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ftp-1.0.8.13d5fda-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_dns_plug-3.0.5.2a25c20-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_dns_plug-3.0.6.57c2feb-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_ftp_plug-3.0.1.0a78573-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_http_plug-3.2.3.6b8c95d-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_mail_plug-3.1.1.777fa90-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_quic_plug-3.0.4.947ef77-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_ssl_plug-3.0.6.a121701-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_ssl_plug-3.1.1.d9e9de4-2.el7.x86_64.rpm
- /tmp/ansible_deploy/http-2.0.5.c61ad9a-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mail-1.0.9.c1d3bde-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mail-1.0.11.48abeae-2.el7.x86_64.rpm
- /tmp/ansible_deploy/quic-1.1.17.8c22b4d-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ssl-1.0.12.16b8fb5-2.el7.x86_64.rpm
- /tmp/ansible_deploy/tsg_conn_sketch-2.1.33.68c9aaf-2.el7.x86_64.rpm
- /tmp/ansible_deploy/ssl-2.0.2.1389716-2.el7.x86_64.rpm
- /tmp/ansible_deploy/tsg_conn_sketch-2.1.41.906e62b-2.el7.x86_64.rpm
- /tmp/ansible_deploy/rtp-1.0.4.91b4ab7-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mesa_sip-1.1.0.cfebc76-2.el7.x86_64.rpm
- /tmp/ansible_deploy/mesa_sip-1.1.1.0721ead-2.el7.x86_64.rpm
- /tmp/ansible_deploy/fw_voip_plug-1.0.6.341fe83-2.el7.x86_64.rpm
- /tmp/ansible_deploy/app_proto_identify-2.0.1.dd683eb-2.el7.x86_64.rpm
- /tmp/ansible_deploy/gtp-1.0.4.8804e43-2.el7.x86_64.rpm
- /tmp/ansible_deploy/gtp_signaling_plug-1.0.1.6e51cc4-2.el7.x86_64.rpm
- /tmp/ansible_deploy/gtp_signaling_plug-1.0.2.2dfced5-2.el7.x86_64.rpm
- name: "Template the tsgconf/main.conf"
template:
@@ -46,11 +44,6 @@
dest: /home/mesasoft/sapp_run/tsgconf/maat.conf
tags: template
- name: "Template the conf/capture_packet_plug.conf.j2"
template:
src: "{{ role_path }}/templates/capture_packet_plug.conf.j2"
dest: /home/mesasoft/sapp_run/conf/capture_packet_plug.conf
tags: template
- name: "Template the tsgconf/app_l7_proto_id.conf"
template:
@@ -63,3 +56,8 @@
dest: /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
tags: template
- name: "Template the conf/http/http.conf"
template:
src: "{{ role_path }}/templates/http.conf.j2"
dest: /home/mesasoft/sapp_run/conf/http/http.conf
tags: template

51
roles/firewall/templates/app_l7_proto_id.conf.j2
View File

@@ -1,51 +0,0 @@
#TYPE1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
#TYPE FIELD VALUE
STRING UNCATEGORIZED 100
STRING UNCATEGORIZED 101
STRING UNKNOWN_OTHER 102
STRING DNS 103
STRING FTP 104
STRING FTPS 105
STRING HTTP 106
STRING HTTPS 107
STRING ICMP 108
STRING IKE 109
STRING MAIL 110
STRING IMAPS 111
STRING IPSEC 112
STRING XMPP 113
STRING L2TP 114
STRING NTP 115
STRING POP3S 117
STRING PPTP 118
STRING QUIC 119
STRING SIP 120
STRING SMB 121
STRING SMTPS 123
STRING SPDY 124
STRING SSH 125
STRING SSL 126
STRING SOCKS 127
STRING TELNET 128
STRING DHCP 129
STRING RADIUS 130
STRING OPENVPN 131
STRING STUN 132
STRING TEREDO 133
STRING DTLS 134
STRING DoH 135
STRING ISAKMP 136
STRING MDNS 137
STRING NETBIOS 138
STRING NETFLOW 139
STRING RDP 140
STRING RTCP 141
STRING RTP 142
STRING SLP 143
STRING SNMP 144
STRING SSDP 145
STRING TFTP 146
STRING BJNP 147
STRING LDAP 148
STRING RTMP 149
STRING RTSP 150

28
roles/firewall/templates/capture_packet_plug.conf.j2
View File

@@ -1,28 +0,0 @@
[MAAT]
MAAT_MODE=2
#EFFECTIVE_FLAG=
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=conf/capture_packet_tableinfo.conf
STAT_FILE=capture_packet_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ maat_redis_server.address }}
REDIS_PORT_NUM={{ maat_redis_server.port_num }}
REDIS_PORT={{ maat_redis_server.port }}
REDIS_INDEX={{ maat_redis_server.db }}
JSON_CFG_FILE=conf/capture_packet_maat.json
INC_CFG_DIR=capture_packet_rule/inc/index/
FULL_CFG_DIR=capture_packet_rule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}
[LOG]
NIC_NAME={{ nic_mgr.name }}
BROKER_LIST={{ log_kafkabrokers.address | join(",") }}
FIELD_FILE=conf/capture_packet_log_field.conf
[SYSTEM]
LOG_LEVEL={{ capture_packet_log_level }}
LOG_PATH=./tsglog/capture_packet_plug/capture_packet

43
roles/firewall/templates/http.conf.j2 Normal file
View File

@@ -0,0 +1,43 @@
#http_special
#all regions
1 HTTP_ALL
2 HTTP_OTHER_REGIONS
#http state
3 HTTP_STATE
4 HTTP_REQ_LINE
5 HTTP_RES_LINE
6 HTTP_CONTENT
7 HTTP_UNGZIP_CONTENT
8 HTTP_MESSAGE_URL
9 HTTP_URI
#http_request
10 HTTP_HOST
11 HTTP_REFERER
12 HTTP_USER_AGENT
13 HTTP_COOKIE
14 HTTP_PROXY_AUTHORIZATION
15 HTTP_AUTHORIZATION
#http_response
16 HTTP_LOCATION
17 HTTP_SERVER
18 HTTP_ETAG
#http_general
19 HTTP_DATE
20 HTTP_TRAILER
21 HTTP_TRANSFER_ENCODING
22 HTTP_VIA
23 HTTP_PRAGMA
24 HTTP_CONNECTION
#http_content
25 HTTP_CONT_ENCODING
26 HTTP_CONT_LANGUAGE
27 HTTP_CONT_LOCATION
28 HTTP_CONT_DISPOSITION
29 HTTP_CONT_RANGE
30 HTTP_CONT_LENGTH
31 HTTP_CONT_TYPE
32 HTTP_CHARSET
33 HTTP_EXPIRES
34 HTTP_X_FLASH_VERSION
35 HTTP_TRANSFER_LENGTH
36 Set-Cookie

16
roles/firewall/templates/maat.conf.j2
View File

@@ -32,21 +32,5 @@ INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[APP_SIGNATURE_MAAT]
MAAT_MODE=2
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
STAT_FILE=app_sketch_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP={{ maat_redis_server.address }}
REDIS_PORT_NUM={{ maat_redis_server.port_num }}
REDIS_PORT={{ maat_redis_server.port }}
REDIS_INDEX={{ maat_redis_server.db }}
JSON_CFG_FILE=tsgconf/app_sketch_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[MAAT]
ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center }}"}]}

18
roles/firewall/templates/main.conf.j2
View File

@@ -66,11 +66,16 @@ ENTRANCE_ID={{ tsg_master_entrance_id }}
LOG_LEVEL={{ tsg_master_log_level }}
LOG_PATH="./tsglog/tsg_master"
POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
[TSG_CONN_SKETCH]
log_service=2
live_service=6
transaction_service=7
live_service_switch=1
transaction_service_switch=1
live_intervals_time = 30
[HOS_CONF]
hos_serverip="{{ firewall.hos_serverip }}"
@@ -82,14 +87,3 @@ hos_thread_sum={{ firewall.hos_thread_sum }}
hos_cache_size={{ firewall.hos_cache_size }}
hos_fs2_serverip="{{ firewall.hos_fs2_serverip }}"
hos_fs2_serverport={{ firewall.hos_fs2_serverport }}
[APP_SKETCH_LOCAL]
LOG_LEVEL={{ firewall.APP_SKETCH_LOG_LEVEL }}
LOG_PATH="{{ firewall.APP_SKETCH_LOG_PATH }}"
L7_PROTOCOL_LABEL="{{ firewall.APP_SKETCH_L7_PROTOCOL_LABEL }}"
[APP_SKETCH_FEEDBACK]
QOS={{ firewall.APP_SKETCH_QOS }}
PUBLISH_TOPIC="{{ firewall.APP_SKETCH_PUBLISH_TOPIC }}"
#CLIENT_ID=
BROKER_LIST="{{ firewall.APP_SKETCH_BROKER_LIST }}"

17
roles/firewall/templates/tsg_conn_sketch.inf.j2
View File

@@ -25,11 +25,22 @@ FUNC_NAME=tsg_record_http_entry
FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
FUNC_NAME=tsg_record_ssl_entry
#[DNS]
#FUNC_FLAG=ALL
#FUNC_NAME=tsg_record_dns_entry
[DNS]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_dns_entry
[MAIL]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_mail_entry
[RTP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_rtp_entry
[SIP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_sip_entry
[FTP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_ftp_entry