1、intercept数据包htable_add失败后不再处理;2、CLOSE状态和出错处理时htable_del
This commit is contained in:
liuyang
@@ -3,21 +3,23 @@ table_info_path=./kniconf/maat_table_info.conf
|
||||
full_cfg_dir=/home/mesasoft/tango_rules/full/index
|
||||
inc_cfg_dir=/home/mesasoft/tango_rules/inc/index
|
||||
logger_filepath=./log/kni.log
|
||||
logger_level=20
|
||||
|
||||
tun_name=tun0
|
||||
tun_path=/dev/net/tun
|
||||
socketopt_mark=101
|
||||
logger_level=30
|
||||
|
||||
#0:intercept;1:bypass
|
||||
default_work_mode=1
|
||||
#0:not replay;1:replay
|
||||
replay_win_update=0
|
||||
replay_win_update=1
|
||||
|
||||
#0:iris;1:json;2:redis
|
||||
maat_readconf_mode=2
|
||||
redis_server=192.168.11.243
|
||||
redis_server=10.3.34.1
|
||||
redis_port=6379
|
||||
redis_db_index=4
|
||||
scandir_interval=1000
|
||||
effect_interval=60000
|
||||
effect_interval=1000
|
||||
|
||||
//dyn_domain
|
||||
dyn_maat_readconf_mode=1
|
||||
dyn_redis_server=192.168.11.243
|
||||
dyn_redis_port=6379
|
||||
dyn_redis_db_index=5
|
||||
|
||||
@@ -7,6 +7,6 @@
|
||||
4 WHITE_LIST_DOMAIN expr GBK GBK yes 0
|
||||
4 PXY_INTERCEPT_DOMAIN expr GBK GBK yes 0
|
||||
5 PXY_INTERCEPT_PKT_BIN expr GBK GBK yes 0
|
||||
6 IPD_DYN_COMPILE compile GBK GBK no 0
|
||||
6 IPD_DYN_COMPILE compile GBK GBK no 0
|
||||
7 IPD_DYN_GROUP group GBK GBK no 0
|
||||
8 IPD_RELATED_DOMAIN expr GBK GBK yes 0
|
||||
|
||||
@@ -1,26 +1,26 @@
|
||||
{
|
||||
"compile_table": "PXY_ INTERCEPT _COMPILE",
|
||||
"group_table": "PXY_ INTERCEPT_GROUP",
|
||||
"compile_table": "WHITE_LIST_COMPILE",
|
||||
"group_table": "WHITE_LIST_GROUP",
|
||||
"rules": [
|
||||
{
|
||||
"compile_id": 1,
|
||||
"service": 1,
|
||||
"action":64,
|
||||
"action":123,
|
||||
"do_blacklist": 1,
|
||||
"do_log": 1,
|
||||
"effective_rage": 0,
|
||||
"user_region": "Droprate=0.50",
|
||||
"user_region": "anything",
|
||||
"is_valid": "yes",
|
||||
"groups": [
|
||||
{
|
||||
"group_name": "Untitled",
|
||||
"group_name": "group_1",
|
||||
"regions": [
|
||||
{
|
||||
"table_name": "PXY_INTERCEPT_IP",
|
||||
"table_name": "WHITE_LIST_IP",
|
||||
"table_type": "ip",
|
||||
"table_content": {
|
||||
"addr_type": "ipv4",
|
||||
"src_ip": "192.168.66.123",
|
||||
"src_ip": "192.168.11.119",
|
||||
"mask_src_ip": "255.255.255.255",
|
||||
"src_port": "0",
|
||||
"mask_src_port": "65535",
|
||||
@@ -39,7 +39,7 @@
|
||||
{
|
||||
"compile_id": 2,
|
||||
"service": 48,
|
||||
"action": 80,
|
||||
"action": 123,
|
||||
"do_blacklist": 1,
|
||||
"do_log": 1,
|
||||
"effective_rage": 0,
|
||||
@@ -47,14 +47,14 @@
|
||||
"is_valid": "yes",
|
||||
"groups": [
|
||||
{
|
||||
"group_name": "Untitled",
|
||||
"group_name": "group_2",
|
||||
"regions": [
|
||||
{
|
||||
"table_name": "PXY_INTERCEPT_DOMAIN",
|
||||
"table_name": "WHITE_LIST_DOMAIN",
|
||||
"table_type": "string",
|
||||
"table_content": {
|
||||
"keywords": "abcdddfedfe",
|
||||
"expr_type": "none",
|
||||
"keywords": "www.baidu.com",
|
||||
"expr_type": "regex",
|
||||
"match_method": "sub",
|
||||
"format":"uncase plain"
|
||||
}
|
||||
@@ -62,33 +62,6 @@
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"compile_id": 3,
|
||||
"service": 48,
|
||||
"action": 80,
|
||||
"do_blacklist": 1,
|
||||
"do_log": 1,
|
||||
"effective_rage": 0,
|
||||
"user_region": "zone=pkt_payload;substitute=/baidu/qq",
|
||||
"is_valid": "yes",
|
||||
"groups": [
|
||||
{
|
||||
"group_name": "Untitled",
|
||||
"regions": [
|
||||
{
|
||||
"table_name": "PXY_INTERCEPT_PKT_BIN",
|
||||
"table_type": "string",
|
||||
"table_content": {
|
||||
"keywords": "dfek;fdfkds;",
|
||||
"expr_type": "none",
|
||||
"match_method": "sub",
|
||||
"format":"hexbin"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user