gfwleak/tango-kni
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

初步完成数据面代码

Browse Source
This commit is contained in:
崔一鸣
2019-05-17 17:04:50 +08:00
parent 5cda54c8d4
commit c0e577d115
84 changed files with 944 additions and 1533 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
CMakeLists.txt Normal file
View File

@@ -0,0 +1,22 @@
cmake_minimum_required(VERSION 3.5)
project(kni)
set(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)
#include(Version)
set(CMAKE_CXX_STANDARD 11)
set(CMAKE_C_STANDARD 11)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set (CMAKE_CXX_FLAGS "-Wall")
add_definitions(-D_GNU_SOURCE)
if (CMAKE_BUILD_TYPE STREQUAL Debug)
add_definitions(-DDEBUG)
endif()
add_subdirectory(vendor)
add_subdirectory(common)
add_subdirectory(entry)
# cmake -DCMAKE_BUILD_TYPE=Debug

3
common/CMakeLists.txt Normal file
View File

@@ -0,0 +1,3 @@
add_library(common STATIC src/kni_utils.cpp src/ssl_utils.cpp)
target_include_directories(common PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)
target_link_libraries(common MESA_handle_logger)

30
common/include/kni_utils.h
View File

@@ -1,13 +1,13 @@
//TODO: 日志打印出文件名 + 行号
#pragma once
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <pthread.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/tcp.h>
#include <time.h>
#include "MESA/MESA_handle_logger.h"
#include "MESA/MESA_htable.h"
@@ -19,6 +19,11 @@
#define KNI_STRING_MAX 2048
#define KNI_PATH_MAX 256
#define KNI_SYMBOL_MAX 64
#define KNI_DOMAIN_MAX 256
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#define likely(expr) __builtin_expect((expr), 1)
#define unlikely(expr) __builtin_expect((expr), 0)
@@ -43,5 +48,22 @@ do { \
snprintf(location, KNI_PATH_MAX, "%s: line %d", __FILE__, __LINE__); \
MESA_handle_runtime_log(handler, RLOG_LV_DEBUG, location, fmt, ##__VA_ARGS__); } while(0)
//fprintf(stderr, fmt "\n", ##__VA_ARGS__);
MESA_htable_handle KNI_utils_create_htable(const char *profile, const char *section, void *free_data_cb, void *expire_notify_cb, void *logger);
//default tcp opt
#define KNI_DEFAULT_WINSCLE 0
#define KNI_DEFAULT_MSS 1460
#define KNI_DEFAULT_MTU 1500
#define KNI_MTU 3000
//TODO: 网络序
struct kni_tcpopt_info{
uint16_t mss;
uint8_t wscale;
uint8_t ts;
uint8_t sack;
};
uint16_t kni_ip_checksum(const void *buf, size_t hdr_len);
uint16_t kni_tcp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr);
uint16_t kni_udp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr);
struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len);
MESA_htable_handle kni_create_htable(const char *profile, const char *section, void *free_data_cb, void *expire_notify_cb, void *logger);

1
common/include/ssl_utils.h
View File

@@ -1,3 +1,4 @@
#pragma once
struct cipher_suite
{
int value;

151
common/src/kni_utils.cpp
View File

@@ -0,0 +1,151 @@
#include "kni_utils.h"
uint16_t kni_ip_checksum(const void *buf, size_t hdr_len){
unsigned long sum = 0;
const uint16_t *ip1;
ip1 = (const uint16_t *)buf;
while(hdr_len > 1){
sum += *ip1++;
if(sum & 0x80000000){
sum = (sum & 0xFFFF) + (sum >> 16);
}
hdr_len -= 2;
}
while(sum >> 16){
sum = (sum & 0xFFFF) + (sum >> 16);
}
return (~sum);
}
uint16_t kni_tcp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr){
const uint16_t *buf = (u_int16_t *)_buf;
uint16_t *ip_src=(uint16_t *)&src_addr, *ip_dst=(uint16_t *)&dest_addr;
uint32_t sum;
size_t length=len;
// Calculate the sum
sum = 0;
while(len > 1){
sum += *buf++;
if (sum & 0x80000000){
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
if(len & 1){
// Add the padding if the packet lenght is odd
sum += *((uint8_t *)buf);
}
// Add the pseudo-header
sum += *(ip_src++);
sum += *ip_src;
sum += *(ip_dst++);
sum += *ip_dst;
sum += htons(IPPROTO_TCP);
sum += htons(length);
// Add the carries
while(sum >> 16){
sum = (sum & 0xFFFF) + (sum >> 16);
}
// Return the one's complement of sum
return ((uint16_t)(~sum));
}
uint16_t kni_udp_checksum(const void *_buf, size_t len, in_addr_t src_addr, in_addr_t dest_addr){
const uint16_t *buf = (u_int16_t *)_buf;
uint16_t *ip_src=(u_int16_t *)&src_addr, *ip_dst=(u_int16_t *)&dest_addr;
uint32_t sum;
size_t length=len;
// Calculate the sum
sum = 0;
while(len > 1){
sum += *buf++;
if (sum & 0x80000000){
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
if(len & 1){
// Add the padding if the packet lenght is odd
sum += *((uint8_t *)buf);
}
// Add the pseudo-header
sum += *(ip_src++);
sum += *ip_src;
sum += *(ip_dst++);
sum += *ip_dst;
sum += htons(IPPROTO_UDP);
sum += htons(length);
// Add the carries
while(sum >> 16){
sum = (sum & 0xFFFF) + (sum >> 16);
}
// Return the one's complement of sum
return ( (uint16_t)(~sum) );
}
struct kni_tcpopt_info* kni_get_tcpopt(struct tcphdr* tcphdr,int tcphdr_len){
struct kni_tcpopt_info* tcpopt = (struct kni_tcpopt_info*)ALLOC(struct kni_tcpopt_info, 1);
tcpopt->mss = KNI_DEFAULT_MSS;
tcpopt->wscale = KNI_DEFAULT_WINSCLE;
const unsigned char *ptr = ((const unsigned char*)tcphdr + 20);
int length = tcphdr_len - 20;
while (length > 0){
int opcode = *ptr++;
int opsize;
switch (opcode){
case TCPOPT_EOL:
return tcpopt;
case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */
length--;
continue;
default:
opsize = *ptr++;
if (opsize < 2) /* "silly options" */
return tcpopt;
if (opsize > length)
return tcpopt; /* don't parse partial options */
switch (opcode){
case TCPOPT_MAXSEG:
if (opsize == TCPOLEN_MAXSEG){
uint16_t in_mss = *(uint16_t *)ptr;
if(in_mss){
tcpopt->mss = ntohs(in_mss);
}
}
break;
case TCPOPT_WINDOW:
if (opsize == TCPOLEN_WINDOW){
uint8_t snd_wscale = *(uint8_t *)ptr;
// rfc7323 page9: Thus, the shift count MUST be limited to 14 (which allows windows of 2^30 = 1 GiB).
// If a Window Scale option is received with a shift.cnt value larger than 14,
// the TCP SHOULD log the error but MUST use 14 instead of the specified value. */
tcpopt->wscale = snd_wscale;
if(tcpopt->wscale > 14){
tcpopt->wscale = 14;
}
//*wscale_perm=1;
}
break;
case TCPOPT_TIMESTAMP:
if ((opsize == TCPOLEN_TIMESTAMP)){
tcpopt->ts = 1;
}
break;
case TCPOPT_SACK_PERMITTED:
if (opsize == TCPOLEN_SACK_PERMITTED){
tcpopt->sack = 1;
}
break;
}
ptr += opsize-2;
length -= opsize;
}
}
return tcpopt;
}

15
common/src/ssl_utils.cpp
View File

@@ -1,6 +1,5 @@
#include <stdio.h>
#include <stdlib.h>
#include <ssl_utils.h>
#include "kni_utils.h"
#include "ssl_utils.h"
struct cipher_suite cipher_suite_list[] =
{
@@ -243,7 +242,7 @@ static enum chello_parse_result parse_extensions(const unsigned char* buff, size
static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n, const unsigned char* buff, size_t buff_len, enum chello_parse_result* result)
{
char* cipher_suites_str = (char* )malloc(TFE_STRING_MAX);
char* cipher_suites_str = (char* )malloc(KNI_STRING_MAX);
cipher_suites_str[0] = '\0';
size_t pos = 0;
int flag = 0;
@@ -255,13 +254,13 @@ static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n,
int val = (buff[pos] << 8) + buff[pos + 1];
if(_cipher_suite_list[i].value == val)
{
if(strnlen(_cipher_suite_list[i].name, TFE_STRING_MAX) + strnlen(cipher_suites_str, TFE_STRING_MAX) + 1 > TFE_STRING_MAX)
if(strnlen(_cipher_suite_list[i].name, KNI_STRING_MAX) + strnlen(cipher_suites_str, KNI_STRING_MAX) + 1 > KNI_STRING_MAX)
{
flag = 1;
break;
}
strncat(cipher_suites_str, _cipher_suite_list[i].name, TFE_STRING_MAX);
strncat(cipher_suites_str, ":", TFE_STRING_MAX);
strncat(cipher_suites_str, _cipher_suite_list[i].name, KNI_STRING_MAX);
strncat(cipher_suites_str, ":", KNI_STRING_MAX);
}
}
pos += 2;
@@ -270,7 +269,7 @@ static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n,
break;
}
}
int len = strnlen(cipher_suites_str, TFE_STRING_MAX);
int len = strnlen(cipher_suites_str, KNI_STRING_MAX);
if(len > 0)
{
cipher_suites_str[len-1] = '\0';

14
conf/kni.conf Normal file
View File

@@ -0,0 +1,14 @@
[global]
log_path = ./log/kni/kni.log
log_level = 10
[maat]
readconf_mode = 1
tableinfo_path = ./conf/kni/maat_tableinfo.conf
maatjson_path = ./conf/kni/maat_test.json
tablename_intercept_compile = PXY_INTERCEPT_COMPILE
[marsio]
appsym = knifw
dev_symbol = eth4

4
conf/maat/maat_tableinfo.conf Normal file
View File

@@ -0,0 +1,4 @@
1 PXY_INTERCEPT_COMPILE compile escape --
2 PXY_INTERCEPT_GROUP group --
3 PXY_INTERCEPT_IP ip --
4 PXY_INTERCEPT_DOMAIN expr utf8 utf8 yes 0

26
run/wyconf/hid_maat_test.json.bak → conf/maat/maat_test.json
View File

@@ -1,26 +1,26 @@
{
"compile_table": "MATT_CONFIG_COMPILE",
"group_table": "MATT_CONFIG_GROUP",
"compile_table": "PXY_INTERCEPT_COMPILE",
"group_table": "PXY_INTERCEPT_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action": 2,
"action":120,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "192.168.100.100",
"user_region": "zone=pkt_payload;substitute=/AAAA/BBBB",
"is_valid": "yes",
"groups": [
{
"group_name": "group_1",
"group_name": "Untitled",
"regions": [
{
"table_name": "HID_IP",
"table_name": "PXY_INTERCEPT_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "114.114.114.114",
"src_ip": "192.168.192.135",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
@@ -38,25 +38,25 @@
},
{
"compile_id": 2,
"service": 48,
"action": 2,
"service": 1,
"action":120,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "192.168.10.100",
"user_region": "zone=pkt_payload;substitute=/AAAA/BBBB",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HID_CONTENT",
"table_name": "PXY_INTERCEPT_DOMAIN",
"table_type": "string",
"table_content": {
"keywords": "3d87a97d",
"keywords": "www.google.com",
"expr_type": "none",
"match_method": "sub",
"format":"hexbin"
"format": "uncase plain"
}
}
]

1
conf/sapp/conflist_business.inf Normal file
View File

@@ -0,0 +1 @@
./plug/business/kni/kni.inf

13
conf/sapp/kni/kni.inf Normal file
View File

@@ -0,0 +1,13 @@
[PLUGINFO]
PLUGNAME = KNI
SO_PATH = ./plug/business/kni/libkni.so
INIT_FUNC = kni_init
DESTROY_FUNC =
[TCP_ALL]
FUNC_FLAG = all
FUNC_NAME = kni_tcpall_entry
[HTTP]
FUNC_FLAG = HTTP_HOST
FUNC_NAME = kni_http_entry

3
entry/CMakeLists.txt Normal file
View File

@@ -0,0 +1,3 @@
add_library(kni SHARED src/kni_entry.cpp src/kni_maat.cpp)
target_include_directories(kni PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)
target_link_libraries(kni common MESA_prof_load MESA_field_stat maatframe marsio)

99
entry/include/kni_entry.h Normal file
View File

@@ -0,0 +1,99 @@
#define HTTP_PROJECT_NAME "kni_http_tag"
#define BURST_MAX 1
enum kni_protocol{
KNI_PROTOCOL_UNKNOWN = 0,
KNI_PROTOCOL_SSL,
KNI_PROTOCOL_HTTP,
};
struct http_project{
int host_len;
char host[KNI_DOMAIN_MAX];
};
struct pme_info{
int protocol;
int action;
struct kni_tcpopt_info *client_tcpopt;
struct kni_tcpopt_info *server_tcpopt;
};
struct wrapped_packet{
char data[KNI_MTU];
};
struct tcp_option_restore{
uint8_t kind;
uint8_t len;
uint16_t offset;
};
struct kni_marsio_handle{
struct mr_instance *instance;
struct mr_vdev *dev_handler;
struct mr_sendpath *dev_sendpath;
};
struct protocol_identify_result{
int protocol;
char domain[KNI_DOMAIN_MAX];
int domain_len;
};
//TODO: 有些字段可以不要
struct pkt_info{
struct iphdr *iphdr;
int iphdr_len;
int ip_totlen;
struct tcphdr *tcphdr;
int tcphdr_len;
char *data;
int data_len;
};
enum tcp_restore_info_tlv_type
{
TCP_RESTORE_INFO_TLV_SEQ,
TCP_RESTORE_INFO_TLV_ACK,
TCP_RESTORE_INFO_TLV_MSS_CLIENT,
TCP_RESTORE_INFO_TLV_MSS_SERVER,
TCP_RESTORE_INFO_TLV_WSACLE_CLIENT,
TCP_RESTORE_INFO_TLV_WSACLE_SERVER,
TCP_RESTORE_INFO_TLV_SACK_CLIENT,
TCP_RESTORE_INFO_TLV_SACK_SERVER,
TCP_RESTORE_INFO_TLV_TS_CLIENT,
TCP_RESTORE_INFO_TLV_TS_SERVER,
TCP_RESTORE_INFO_TLV_USER_DEFINED
};
struct tcp_restore_info_tlv
{
uint16_t type;
uint16_t length;
union
{
uint8_t value_as_uint8[0];
uint16_t value_as_uint16[0];
uint32_t value_as_uint32[0];
unsigned char value_as_string[0];
};
} __attribute__((packed));
struct tcp_restore_info_header
{
uint8_t __magic__[2]; /* Must be 0x4d, 0x5a */
uint16_t nr_tlvs;
struct tcp_restore_info_tlv tlvs[0];
} __attribute__((packed));
struct kni_handle{
int http_project_id;
struct kni_marsio_handle *marsio_handle;
struct kni_maat_handle *maat_handle;
void *logger;
};
#define TCP_RESTORE_HEADER_MAX 128

21
entry/include/kni_maat.h Normal file
View File

@@ -0,0 +1,21 @@
#define KNI_MAAT_READCONF_IRIS 0
#define KNI_MAAT_READCONF_JSON 1
#define KNI_MAAT_READCONF_REDIS 2
#define KNI_MAAT_RULE_NUM_MAX 8
struct kni_maat_handle{
Maat_feather_t feather;
int default_action;
int tableid_intercept_compile;
void *logger;
};
enum kni_action{
KNI_ACTION_UNKNOWN = 0,
KNI_ACTION_INTERCEPT,
KNI_ACTION_BYPASS,
};
struct kni_maat_handle* kni_maat_init(const char* profile, void *logger);
void kni_maat_destroy(struct kni_maat_handle *handle);
int kni_maat_scan_ip(struct kni_maat_handle* handle, struct ipaddr *addr, int thread_seq, void *logger);
int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domain_len, int thread_seq, void *logger);

68
entry/main.cpp
View File

@@ -1,68 +0,0 @@
//syn包开始回调
extern "C" char kni_tcpall_entry(const struct streaminfo* pstream, void** pme, int thread_seq, const void* a_packet){
//当前包bypass, 剩下包bypass
char ret = APP_STATE_FAWPKT|APP_STATE_DROPME;
struct kni_ipv6_hdr* ipv6_hdr = NULL;
struct kni_pme_info *pmeinfo = *(struct kni_pme_info **)pme;
if(pstream->addr.addrtype==ADDR_TYPE_IPV6){
ipv6_hdr = (struct kni_ipv6_hdr*)a_packet;
if((a_packet != NULL) && (ipv6_hdr->ip6_nex_hdr != NEXTHDR_TCP)){
kni_filestate2_set(thread_seq,FS_DROP_IPV6OPT,0,1);
return ret;
}
}
switch(pstream->pktstate){
case OP_STATE_PENDING:
kni_filestate2_set(thread_seq,FS_PENDING,0,1);
kni_filestate2_set(thread_seq,FS_PMENUM,0,1);
*pme=pmeinfo=kni_pmeinfo_new();
ret=kni_pending_opstate(pstream, pmeinfo, thread_seq, a_packet, PROTO_TYPE_TCP);
break;
case OP_STATE_DATA:
ret=kni_data_opstate(pstream, pmeinfo, thread_seq,a_packet, PROTO_TYPE_TCP);
break;
case OP_STATE_CLOSE:
if(a_packet == NULL)
{
kni_filestate2_set(thread_seq,FS_CLOSE_TIMEOUT,0,1);
}
else
{
kni_filestate2_set(thread_seq,FS_CLOSE_FIN,0,1);
}
ret=kni_close_opstate(pstream,(struct kni_pme_info*)*pme,thread_seq,a_packet,PROTO_TYPE_TCP);
break;
default:
break;
}
if((ret&APP_STATE_DROPME)&& pmeinfo!=NULL)
{
kni_filestate2_set(thread_seq,FS_PMENUM,0,-1);
kni_free_pmeinfo(pmeinfo);
*pme=NULL;
if(pstream->pktstate != OP_STATE_CLOSE)
{
kni_filestate2_set(thread_seq,FS_CLOSE_DROPME,0,1);
}
}
clock_gettime(CLOCK_MONOTONIC, &end);
elapse=(end.tv_sec-start.tv_sec)*1000000+(end.tv_nsec-start.tv_nsec)/1000;
FS_operate(g_kni_fs2_info.handler, g_kni_fs2_info.metric_sapp_proc, 0, FS_OP_SET, elapse);
return ret;
}

430
entry/src/kni_entry.cpp Normal file
View File

@@ -0,0 +1,430 @@
#include "kni_utils.h"
#include "ssl_utils.h"
#include "kni_entry.h"
#include "marsio.h"
#include "kni_maat.h"
#include "MESA/http.h"
extern int g_iThreadNum;
//APP_STATE_DROPME/GIVEME: 当前tcp会话的剩下包是否回调
//APP_STATE_FAWPKT/DROPPKT: 当前包是否丢弃or转发如果是丢弃当前包不会给后面的插件
//PROT_STATE_GIVEME/DROPME: 当前http会话的剩下包是否回调
//TODO: seq, ack 是当拿到client hello时传给秋秋取client hello的 seq, ack, 时间戳和sack没有解, 不用解只需要知道enable/disable即可
//TODO: 注意内存泄漏ALLOC对应的FREE, 还有calloc
//TOOD: 函数加static
//TODO: 统计syn/syn/ack个数流个数 pending not syn个数, not syn/ack个数, 单向流数量, 发往tfe的包数流数收到的包数流数
//多个tcpall插件APP_STATE_DROPPKT, APP_STATE_FAWPKT? 有一个droppkt就不给后面的插件了
//一个tcp流中有多个httpssl会话的情况只扫描第一个
struct kni_handle *g_kni_handle;
//int g_http_project_id;
//struct kni_marsio_handle *g_kni_marsio_handle;
//g_iThreadNum 为sapp线程数
static struct pme_info* pme_info_new(){
struct pme_info* pmeinfo = ALLOC(struct pme_info, 1);
return pmeinfo;
}
static void pme_info_destroy(struct pme_info *pmeinfo){
if(pmeinfo != NULL){
if(pmeinfo->client_tcpopt != NULL){
FREE(&(pmeinfo->client_tcpopt));
}
if(pmeinfo->server_tcpopt != NULL){
FREE(&(pmeinfo->server_tcpopt));
}
FREE(&pmeinfo);
}
}
static int protocol_identify(const struct streaminfo* stream, char *buf, int len, struct protocol_identify_result *result){
//判断是http
struct http_project* project = (struct http_project*)project_req_get_struct(stream, g_kni_handle->http_project_id);
if(project != NULL){
result->protocol = KNI_PROTOCOL_HTTP;
result->domain_len = project->host_len;
memcpy(result->domain, project->host, result->domain_len);
return 0;
}
//判断是ssl
enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
struct ssl_chello *chello = NULL;
chello = ssl_chello_parse((const unsigned char*)buf, len, &chello_status);
if(chello_status == CHELLO_PARSE_SUCCESS){
result->protocol = KNI_PROTOCOL_SSL;
result->domain_len = strnlen(chello->sni, KNI_DOMAIN_MAX);
memcpy(result->domain, chello->sni, result->domain_len);
ssl_chello_free(chello);
return 0;
}
ssl_chello_free(chello);
result->protocol = KNI_PROTOCOL_UNKNOWN;
return 0;
}
static int tcp_restore_info_tlv_add(uint16_t type, uint16_t value_len, uint32_t value, char *header, int *offset, int *nr_tlvs){
int tlv_len = sizeof(tcp_restore_info_tlv) + value_len;
struct tcp_restore_info_tlv *tlv_info = (struct tcp_restore_info_tlv*)calloc(tlv_len, 1);
tlv_info->type= htons(type);
tlv_info->length = htons(tlv_len);
if(value_len == 1){
tlv_info->value_as_uint8[0] = value;
}
if(value_len == 2){
tlv_info->value_as_uint16[0] = value;
}
if(value_len == 4){
tlv_info->value_as_uint32[0] = value;
}
memcpy(header + *offset, tlv_info, tlv_len);
*offset += tlv_len;
(*nr_tlvs)++;
free(tlv_info);
return 0;
}
static struct tcp_restore_info_header* tcp_restore_info_header_new(struct pme_info *pmeinfo, struct pkt_info *pktinfo, int *len){
struct tcp_restore_info_header *header = (struct tcp_restore_info_header*)calloc(TCP_RESTORE_HEADER_MAX, 1);
int offset = sizeof(struct tcp_restore_info_header);
int nr_tlvs = 0;
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_SEQ, 4, pktinfo->tcphdr->seq, (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_ACK, 4, pktinfo->tcphdr->ack_seq, (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_MSS_CLIENT, 2, htons(pmeinfo->client_tcpopt->mss), (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_MSS_SERVER, 2, htons(pmeinfo->server_tcpopt->mss), (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_WSACLE_CLIENT, 1, pmeinfo->client_tcpopt->wscale, (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_WSACLE_SERVER, 1, pmeinfo->server_tcpopt->wscale, (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_SACK_CLIENT, 1, pmeinfo->client_tcpopt->sack, (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_SACK_SERVER, 1, pmeinfo->server_tcpopt->sack, (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_TS_CLIENT, 1, pmeinfo->client_tcpopt->ts, (char*)header, &offset, &nr_tlvs);
tcp_restore_info_tlv_add(TCP_RESTORE_INFO_TLV_TS_SERVER, 1, pmeinfo->server_tcpopt->ts, (char*)header, &offset, &nr_tlvs);
header->__magic__[0] = 0x4d;
header->__magic__[1] = 0x5a;
header->nr_tlvs = htons(nr_tlvs);
*len = offset;
return header;
}
static char* tcp_restore_info_header_add(struct pme_info *pmeinfo, struct pkt_info *pktinfo, int *len){
//tcp option: kind 88, len 4, control_info_len
char *new_pkt = (char*)ALLOC(struct wrapped_packet, 1);
struct iphdr *iphdr = (struct iphdr*)new_pkt;
int offset = 0;
//iphdr
memcpy(new_pkt, (void*)pktinfo->iphdr, pktinfo->iphdr_len);
offset += pktinfo->iphdr_len;
//tcphdr
struct tcphdr *tcphdr = (struct tcphdr*)(new_pkt + offset);
memcpy(new_pkt + offset, (void*)pktinfo->tcphdr, 20);
offset += 20;
tcphdr->doff = pktinfo->tcphdr->doff + 1;
struct tcp_option_restore *opt = ALLOC(struct tcp_option_restore, 1);
opt->kind = 88;
opt->len = 4;
opt->offset = htons(pktinfo->data_len);
memcpy(new_pkt + offset, (void*)opt, 4);
offset += 4;
memcpy(new_pkt + offset, (void*)((char*)pktinfo->tcphdr + 20), pktinfo->tcphdr_len - 20);
offset += pktinfo->tcphdr_len - 20;
//data
memcpy(new_pkt + offset, (void*)pktinfo->data, pktinfo->data_len);
offset += pktinfo->data_len;
//tcp_restore_info_header
int header_len = 0;
struct tcp_restore_info_header* header = tcp_restore_info_header_new(pmeinfo, pktinfo, &header_len);
memcpy(new_pkt + offset, (void*)header, header_len);
offset += header_len;
free(header);
//iphdr: tot_len
iphdr->tot_len = htons(offset);
//iphdr: checksum
//计算校验和之前一定要先置0
iphdr->check = 0;
iphdr->check = kni_ip_checksum((void*)iphdr, pktinfo->iphdr_len);
//tcphdr: checkdum
tcphdr->check = 0;
tcphdr->check = kni_tcp_checksum((void*)tcphdr, offset - pktinfo->iphdr_len, iphdr->saddr, iphdr->daddr);
*len = offset;
return new_pkt;
}
static int send_to_tfe(struct kni_marsio_handle *handle, char *raw_data, int raw_len, int thread_seq){
void *logger = g_kni_handle->logger;
KNI_LOG_DEBUG(logger, "send packet to tfe");
marsio_buff_t *tx_buffs[BURST_MAX];
unsigned int ret = 1;
//TODO: marsio配置文件: 2500
int alloc_ret = marsio_buff_malloc_device(handle->dev_handler, tx_buffs, ret, 0, thread_seq);
if (alloc_ret < 0){
KNI_LOG_ERROR(logger, "Failed at alloc marsio buffer, ret is %d, thread_seq is %d", ret, thread_seq);
return -1;
}
void * dst_data = marsio_buff_append(tx_buffs[0], raw_len + 14);
unsigned char ethernet_header[14] = {0xfe, 0x65, 0xb7, 0x03, 0x50, 0xbd, 0xe8, 0x61, 0x1f, 0x13, 0x70, 0x7a, 0x08, 0x00};
memcpy(dst_data, ethernet_header, 14);
memcpy((char*)dst_data + 14, raw_data, raw_len);
marsio_send_burst(handle->dev_sendpath, thread_seq, tx_buffs, ret);
return 0;
}
static char pending_opstate(const struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo){
void *logger = g_kni_handle->logger;
if(!pktinfo->tcphdr->syn){
//TODO: pending_opstate 不是syn, bypass这个流
KNI_LOG_ERROR(logger, "pending opstate: not syn");
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
pmeinfo->client_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len);
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
static int get_action(struct ipaddr *addr, char *domain, int domain_len, int thread_seq){
//return KNI_ACTION_INTERCEPT;
int action = kni_maat_scan_ip(g_kni_handle->maat_handle, addr, thread_seq, g_kni_handle->logger);
if(action == KNI_ACTION_BYPASS){
return action;
}
action = kni_maat_scan_domain(g_kni_handle->maat_handle, domain, domain_len, thread_seq, g_kni_handle->logger);
return action;
}
//TODO: 这一块逻辑需要和洋姐和秋秋讨论一下
static char data_opstate(const struct streaminfo *stream, struct pme_info *pmeinfo, struct pkt_info *pktinfo, int thread_seq){
void *logger = g_kni_handle->logger;
char *buf = (char*)pktinfo->iphdr;
int len = pktinfo->ip_totlen;
//action取值只能为 KNI_ACTION_INTERCEPT, KNI_ACTION_UNKNOWN, 因为判断是KNI_ACTION_BYPASS之后直接返回 APP_STATE_DROPME了
if(pmeinfo->action == KNI_ACTION_INTERCEPT){
send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq);
return APP_STATE_DROPPKT | APP_STATE_GIVEME;
}
//TODO: client hello如果跨包怎么办client hello后面一个包先到这个包该丢掉还是bypass
//此时 action = KNI_ACTION_UNKNOWN, 说明还没收到第一个数据包
// syn/ack包
if(pktinfo->tcphdr->syn && pktinfo->tcphdr->ack){
pmeinfo->server_tcpopt = kni_get_tcpopt(pktinfo->tcphdr, pktinfo->tcphdr_len);
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
if(pktinfo->data_len <= 0){
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
//第一个数据包: 如果从第一个数据包判断不出协议,直接返回,后续包也不要了
//单向流, 直接bypass
if(stream->dir != DIR_DOUBLE){
KNI_LOG_INFO(logger, "stream dir is %d, bypass", stream->dir);
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
struct protocol_identify_result *result = ALLOC(struct protocol_identify_result, 1);
protocol_identify(stream, pktinfo->data, pktinfo->data_len, result);
pmeinfo->protocol = result->protocol;
if(pmeinfo->protocol == KNI_PROTOCOL_UNKNOWN){
KNI_LOG_INFO(logger, "Failed at protocol_identify, protocol is %d\n", pmeinfo->protocol);
FREE(&result);
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
//protocol = KNI_PROTOCOL_SSL/KNI_PROTOCOL_HTTP, 判断action, action返回值: KNI_ACTION_INTERCEPT/KNI_ACTION_BYPASS
pmeinfo->action = get_action((struct ipaddr*)(&stream->addr), result->domain, result->domain_len, thread_seq);
FREE(&result);
if(pmeinfo->action == KNI_ACTION_BYPASS){
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
//TODO: 这块比较奇怪, 收到client hello, 但是没有syn/ack包, 直接bypass了
if(pmeinfo->client_tcpopt == NULL || pmeinfo->server_tcpopt == NULL){
KNI_LOG_ERROR(logger, "Failed at intercept, %s, %s", pmeinfo->client_tcpopt == NULL ? "no syn" : "",
pmeinfo->server_tcpopt == NULL ? "no syn/ack" : "");
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
//action = KNI_ACTION_INTERCEPT, 带上控制信息发送给qq, 要修改ip, tcp的校验和
buf = tcp_restore_info_header_add(pmeinfo, pktinfo, &len);
send_to_tfe(g_kni_handle->marsio_handle, buf, len, thread_seq);
FREE(&buf);
return APP_STATE_DROPPKT | APP_STATE_GIVEME;
}
static char close_opstate(){
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
//从syn包开始回调
extern "C" char kni_tcpall_entry(const struct streaminfo* stream, void** pme, int thread_seq, const void* a_packet){
void *logger = g_kni_handle->logger;
KNI_LOG_DEBUG(logger, "call kni_tcpall_entry");
//当前包bypass, 剩下包bypass
//TODO: ipv6暂时不处理, ipv6: 通过nexthdr链式寻找tcp头(IPPROTO_TCP)
if(stream->addr.addrtype == ADDR_TYPE_IPV6){
return APP_STATE_FAWPKT | APP_STATE_DROPME;
}
//a_packet == NULL, 不处理这个包
if(a_packet == NULL){
return APP_STATE_FAWPKT | APP_STATE_GIVEME;
}
struct pme_info *pmeinfo = *(struct pme_info **)pme;
//pktinfo
struct pkt_info *pktinfo = (struct pkt_info*)ALLOC(struct pkt_info, 1);
pktinfo->iphdr = (struct iphdr*)a_packet;
pktinfo->iphdr_len = pktinfo->iphdr->ihl * 4;
pktinfo->ip_totlen = ntohs(pktinfo->iphdr->tot_len);
pktinfo->tcphdr = (struct tcphdr*)((char*)pktinfo->iphdr + pktinfo->iphdr_len);
pktinfo->tcphdr_len = pktinfo->tcphdr->doff * 4;
pktinfo->data = (char*)pktinfo->tcphdr + pktinfo->tcphdr_len;
pktinfo->data_len = pktinfo->ip_totlen - pktinfo->iphdr_len - pktinfo->tcphdr_len;
int ret = APP_STATE_FAWPKT | APP_STATE_DROPME;
switch(stream->pktstate){
case OP_STATE_PENDING:
*pme = pmeinfo = pme_info_new();
ret = pending_opstate(stream, pmeinfo, pktinfo);
break;
case OP_STATE_DATA:
ret = data_opstate(stream, pmeinfo, pktinfo, thread_seq);
break;
case OP_STATE_CLOSE:
ret = close_opstate();
break;
default:
break;
}
FREE(&pktinfo);
if((ret & APP_STATE_DROPME)){
pme_info_destroy(pmeinfo);
*pme = NULL;
}
return ret;
}
void http_project_free(int thread_seq, void *project_req_value){
FREE(&project_req_value);
}
static int http_project_init(){
void *logger = g_kni_handle->logger;
int id = project_producer_register(HTTP_PROJECT_NAME, PROJECT_VAL_TYPE_STRUCT, http_project_free);
if(id < 0){
KNI_LOG_ERROR(logger, "Failed at project_producer_register, project name is %s, ret is %d", HTTP_PROJECT_NAME, id);
return -1;
}
id = project_customer_register(HTTP_PROJECT_NAME, PROJECT_VAL_TYPE_STRUCT);
if(id < 0){
KNI_LOG_ERROR(logger, "Failed at project_customer_register, project name is %s, ret is %d", HTTP_PROJECT_NAME, id);
return -1;
}
return id;
}
extern "C" char kni_http_entry(stSessionInfo* session_info, void **pme, int thread_seq, struct streaminfo *a_stream, const void *a_packet){
http_infor* http_info = (http_infor*)(session_info->app_info);
//http_session_seq = 1表示只处理tcp链接中的第一个http会话
if(http_info->http_session_seq != 1){
return PROT_STATE_DROPME;
}
if(session_info->prot_flag != HTTP_HOST){
return PROT_STATE_GIVEME;
}
int host_len = MIN(session_info->buflen, KNI_DEFAULT_MTU);
struct http_project* host_info = ALLOC(struct http_project, 1);
host_info->host_len = host_len;
memcpy(host_info->host, session_info->buf, host_len);
if(project_req_add_struct(a_stream, g_kni_handle->http_project_id, host_info) < 0){
FREE(&host_info);
host_info = NULL;
}
return PROT_STATE_DROPME;
}
static void kni_marsio_destroy(struct kni_marsio_handle *handle){
//TODO: dev_handler, dev_sendpath不需要free吗
if(handle != NULL){
if(handle->instance != NULL){
marsio_destory(handle->instance);
}
}
FREE(&handle);
}
static struct kni_marsio_handle* kni_marsio_init(const char* profile){
void *logger = g_kni_handle->logger;
const char* section = "marsio";
char appsym[KNI_SYMBOL_MAX];
char dev_symbol[KNI_SYMBOL_MAX];
MESA_load_profile_string_def(profile, section, "appsym", appsym, sizeof(appsym), "unknown");
MESA_load_profile_string_def(profile, section, "dev_symbol", dev_symbol, sizeof(dev_symbol), "unknown");
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n appsym: %s\n dev_symbol: %s", section, appsym, dev_symbol);
struct mr_instance *instance = marsio_create();
if(instance == NULL){
KNI_LOG_ERROR(logger, "Failed at marsio_create");
return NULL;
}
unsigned int opt_value = 1;
marsio_option_set(instance, MARSIO_OPT_EXIT_WHEN_ERR, &opt_value, sizeof(opt_value));
//uint64_t cpu_mask = 0x3c; //??
//marsio_option_set(handle->instance, MARSIO_OPT_THREAD_MASK, &cpu_mask, sizeof(cpu_mask));
marsio_init(instance, appsym);
//设为sapp线程数
int nr_thread = g_iThreadNum;
struct mr_vdev * dev_handler = marsio_open_device(instance, dev_symbol, nr_thread, nr_thread);
if(dev_handler == NULL){
KNI_LOG_ERROR(logger, "Failed at marsio_open_device, dev_symbol is %s, nr_thread is %d", dev_symbol, nr_thread);
return NULL;
}
struct mr_sendpath * dev_sendpath = marsio_sendpath_create_by_vdev(dev_handler);
if(dev_sendpath == NULL){
KNI_LOG_ERROR(logger, "Failed at marsio_sendpath_create_by_vdev");
return NULL;
}
struct kni_marsio_handle *handle = ALLOC(struct kni_marsio_handle, 1);
handle->instance = instance;
handle->dev_handler = dev_handler;
handle->dev_sendpath = dev_sendpath;
//暂时不用调
//marsio_thread_init(mr_instance);
return handle;
}
extern "C" int kni_init(){
g_kni_handle = ALLOC(struct kni_handle, 1);
const char *profile = "./conf/kni/kni.conf";
const char *section = "global";
//init logger
char log_path[KNI_PATH_MAX];
MESA_load_profile_string_def(profile, section, "log_path", log_path, sizeof(log_path), "unknown");
int log_level;
MESA_load_profile_int_def(profile, section, "log_level", &log_level, 10);
void *logger = MESA_create_runtime_log_handle(log_path, log_level);
if (unlikely(logger == NULL))
{
printf("Failed at create logger: %s, exit", log_path);
exit(EXIT_FAILURE);
}
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n log_path: %s\n log_level: %d", section, log_path, log_level);
g_kni_handle->logger = logger;
//init http_project
int id = http_project_init();
if(id < 0){
KNI_LOG_ERROR(logger, "Failed at http_project_init, exit. ret is %d", id);
exit(EXIT_FAILURE);
}
g_kni_handle->http_project_id = id;
//init marsio
g_kni_handle->marsio_handle = kni_marsio_init(profile);
if(g_kni_handle->marsio_handle == NULL){
KNI_LOG_ERROR(logger, "Failed at kni_marsio_init, exit");
exit(EXIT_FAILURE);
}
//init maat
g_kni_handle->maat_handle = kni_maat_init(profile, logger);
if(g_kni_handle->maat_handle == NULL){
KNI_LOG_ERROR(logger, "Failed at kni_maat_init, exit");
exit(EXIT_FAILURE);
}
return 0;
}

110
entry/src/kni_maat.cpp Normal file
View File

@@ -0,0 +1,110 @@
#include "kni_utils.h"
#include "kni_maat.h"
extern int g_iThreadNum;
void kni_maat_destroy(struct kni_maat_handle *handle){
if(handle != NULL){
if(handle->feather != NULL){
Maat_burn_feather(handle->feather);
}
}
FREE(&handle);
}
struct kni_maat_handle* kni_maat_init(const char* profile, void *logger){
const char *section = "maat";
int readconf_mode;
char tableinfo_path[KNI_PATH_MAX];
char tablename_intercept_compile[KNI_SYMBOL_MAX];
MESA_load_profile_int_def(profile, section, "readconf_mode", &readconf_mode, KNI_MAAT_READCONF_IRIS);
MESA_load_profile_string_def(profile, section, "tableinfo_path", tableinfo_path, sizeof(tableinfo_path), "unknown");
MESA_load_profile_string_def(profile, section, "tablename_intercept_compile", tablename_intercept_compile, sizeof(tablename_intercept_compile), "unknown");
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n readconf_mode: %d\n tableinfo_path: %s\n tablename_intercept_compile: %s\n",
section, readconf_mode, tableinfo_path, tablename_intercept_compile);
Maat_feather_t feather = Maat_feather(g_iThreadNum, tableinfo_path, logger);
if(feather == NULL){
KNI_LOG_ERROR(logger, "Failed at Maat_feather, max_thread_num is %d, tableinfo_path is %s", g_iThreadNum, tableinfo_path);
return NULL;
}
if(readconf_mode == KNI_MAAT_READCONF_JSON){
char maatjson_path[KNI_PATH_MAX];
MESA_load_profile_string_def(profile, section, "maatjson_path", maatjson_path, sizeof(maatjson_path), "unknown");
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n maatjson_path: %s", section, maatjson_path);
Maat_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, maatjson_path, strlen(maatjson_path));
}
if(readconf_mode == KNI_MAAT_READCONF_IRIS){
//TODO
}
if(readconf_mode == KNI_MAAT_READCONF_REDIS){
char redis_ip[KNI_SYMBOL_MAX];
int redis_port;
int redis_index;
MESA_load_profile_string_def(profile, section, "redis_ip", redis_ip, sizeof(redis_ip), "unknown");
MESA_load_profile_int_def(profile, section, "redis_port", &redis_port, -1);
MESA_load_profile_int_def(profile, section, "redis_index", &redis_index, -1);
KNI_LOG_INFO(logger, "MESA_prof_load, [%s]:\n redis_ip: %s\n redis_port: %s\n redis_index: %d",
section, redis_ip, redis_port, redis_index);
Maat_set_feather_opt(feather, MAAT_OPT_REDIS_IP, (void*)redis_ip, strlen(redis_ip) + 1);
Maat_set_feather_opt(feather, MAAT_OPT_REDIS_PORT, (void*)&redis_port, sizeof(redis_port));
Maat_set_feather_opt(feather, MAAT_OPT_REDIS_INDEX, (void*)&redis_index, sizeof(redis_index));
}
int ret = Maat_initiate_feather(feather);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at Maat_initiate_feather");
return NULL;
}
int tableid_intercept_compile = Maat_table_register(feather, tablename_intercept_compile);
if(tableid_intercept_compile < 0){
KNI_LOG_ERROR(logger, "Failed at Maat_table_register, tablename is %d, ret is %d",
tablename_intercept_compile, tableid_intercept_compile);
return NULL;
}
struct kni_maat_handle *handle = ALLOC(struct kni_maat_handle, 1);
handle->feather = feather;
handle->tableid_intercept_compile = tableid_intercept_compile;
handle->default_action = KNI_ACTION_INTERCEPT;
handle->logger = logger;
return handle;
}
static int maat_process_scan_result(struct kni_maat_handle *handle, int num, struct Maat_rule_t *result){
//void *logger = handle->logger;
int action = handle->default_action;
for(int i = 0; i < num; i++){
action = result[i].action;
if(action == KNI_ACTION_BYPASS){
return action;
}
}
return action;
}
//TODO: Maat_rule_get_ex_new_index compile_ex_param_new: config_id = 0, 取action即为全局变量, 一旦配置更新就回调, tableinfo怎么写回调表 编译配置表
int kni_maat_scan_ip(struct kni_maat_handle *handle, struct ipaddr *addr, int thread_seq){
void *logger = handle->logger;
struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX];
int ret = Maat_scan_proto_addr(handle->feather, handle->tableid_intercept_compile, addr, 0, result,
KNI_MAAT_RULE_NUM_MAX, NULL, thread_seq);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at Maat_scan_proto_addr, ret is %d", ret);
return handle->default_action;
}
return maat_process_scan_result(handle, ret, result);
}
int kni_maat_scan_domain(struct kni_maat_handle* handle, char *domain, int domain_len, int thread_seq){
void *logger = handle->logger;
struct Maat_rule_t result[KNI_MAAT_RULE_NUM_MAX];
//TODO: GBK
int ret = Maat_full_scan_string(handle->feather, handle->tableid_intercept_compile, CHARSET_GBK,
domain, domain_len, result, NULL, KNI_MAAT_RULE_NUM_MAX, NULL, thread_seq);
if(ret < 0){
KNI_LOG_ERROR(logger, "Failed at Maat_full_scan_string, ret is %d", ret);
return handle->default_action;
}
return maat_process_scan_result(handle, ret, result);
}

9
run/benchmark.sh
View File

@@ -1,9 +0,0 @@
#!/bin/sh
for i in {1..223}
do
echo "-------- process $i files --------" >> bench.log
#tcpdump -r /tmp/fraglist.leak.pcap net $i.0.0.0/8 -s0 -w /tmp/fraglist.leak.pcap.net.$i
ln -sf /tmp/fraglist.leak.pcap.net.$i dumpfile
./memchk.sh.full
cat valgrind.log | grep definitely >> bench.log
done

15
run/cmp.sh
View File

@@ -1,15 +0,0 @@
#!/bin/sh
filename=$1
cat $filename |sort >$filename.sort
cat $filename.sort |grep tcpstream >$filename.tcp
cat $filename.sort |grep tcpallstream >$filename.tcpall
cat $filename.sort |grep udpstream >$filename.udp
echo $filename tcpallstreamnum=`cat $filename.tcpall|wc -l`
echo $filename tcpstreamnum=`cat $filename.tcp|wc -l`
echo $filename udpstreamnum=`cat $filename.udp|wc -l`
#./start
#echo program crashed, reboot at `date +"%w %Y/%m/%d, %H:%M:%S"` >> REBOOT.log
#reboot

15
run/cmp3.sh
View File

@@ -1,15 +0,0 @@
#!/bin/sh
filename=$1
cat $filename |sort >$filename.sort
cat $filename.sort |grep tcpstream >$filename.tcp
cat $filename.sort |grep tcpallstream >$filename.tcpall
cat $filename.sort |grep udpallstream >$filename.udp
echo $filename tcpallstreamnum=`cat $filename.tcpall|wc -l`
echo $filename tcpstreamnum=`cat $filename.tcp|wc -l`
echo $filename udpstreamnum=`cat $filename.udp|wc -l`
cat $filename.tcpall |awk {'print $10'}|awk -F',' '{sum+=$1 } END {print "tcppktnum=" sum }'
cat $filename.udp |awk {'print $10'}|awk -F',' '{sum+=$1 } END {print "udppktnum=" sum }'
cat $filename.tcpall |awk {'print $10'}|awk -F'=' '{sum+=$2 } END {print "tcppayload=" sum }'
cat $filename.udp |awk {'print $10'}|awk -F'=' '{sum+=$2 } END {print "udppayload=" sum }'

17
run/cmp_sapp.sh
View File

@@ -1,17 +0,0 @@
#!/bin/sh
filename=$1
cat $filename |sort >$filename.sort
cat $filename.sort |grep tcpstream >$filename.tcp
cat $filename.sort |grep tcpallstream >$filename.tcpall
cat $filename.sort |grep udpallstream >$filename.udp
echo $filename tcpallstreamnum=`cat $filename.tcpall|wc -l`
echo $filename tcpstreamnum=`cat $filename.tcp|wc -l`
echo $filename udpstreamnum=`cat $filename.udp|wc -l`
#cat $filename.tcpall |awk {'print $10'}|awk -F '=' '{sum+=$2 } END {print "tcppktnum=" sum }'
cat $filename.tcpall |awk {'print $10'} | awk -F ',' '{print $1}'|awk -F '=' '{sum+=$2 } END {print "tcppktnum=" sum }'
cat $filename.udp |awk {'print $8'}|awk -F'=' '{sum+=$2 } END {print "udppktnum=" sum }'
cat $filename.tcpall |awk {'print $11'} | awk -F '=' ' {sum +=$2} END {print "tcppayload=" sum }'
#cat $filename.tcpall |awk {'print $10'}|awk -F'=' '{sum+=$2 } END {print "tcppayload=" sum }'
cat $filename.udp |awk {'print $9'}|awk -F'=' '{sum+=$2 } END {print "udppayload=" sum }'

6
run/conf/gdev.conf
View File

@@ -1,6 +0,0 @@
[Module]
pcapdevice=p6p2
sendto_gdev_card=p6p2
sendto_gdev_ip=192.168.15.15
gdev_status_switch=1
default_keepalive_action=1

1
run/conf/gip
View File

@@ -1 +0,0 @@
10.0.6.229

42
run/conf/http/http.conf
View File

@@ -1,42 +0,0 @@
#http_special
#all regions
1 HTTP_ALL
2 HTTP_OTHER_REGIONS
#http state
3 HTTP_STATE
4 HTTP_REQ_LINE
5 HTTP_RES_LINE
6 HTTP_CONTENT
7 HTTP_UNGZIP_CONTENT
8 HTTP_MESSAGE_URL
9 HTTP_URI
#http_request
10 HTTP_HOST
11 HTTP_REFERER
12 HTTP_USER_AGENT
13 HTTP_COOKIE
14 HTTP_PROXY_AUTHORIZATION
15 HTTP_AUTHORIZATION
#http_response
16 HTTP_LOCATION
17 HTTP_SERVER
18 HTTP_ETAG
#http_general
19 HTTP_DATE
20 HTTP_TRAILER
21 HTTP_TRANSFER_ENCODING
22 HTTP_VIA
23 HTTP_PRAGMA
24 HTTP_CONNECTION
#http_content
25 HTTP_CONT_ENCODING
26 HTTP_CONT_LANGUAGE
27 HTTP_CONT_LOCATION
28 HTTP_CONT_DISPOSITION
29 HTTP_CONT_RANGE
30 HTTP_CONT_LENGTH
31 HTTP_CONT_TYPE
32 HTTP_CHARSET
33 HTTP_EXPIRES
34 HTTP_X_FLASH_VERSION
35 HTTP_TRANSFER_LENGTH

30
run/conf/http/http_main.conf
View File

@@ -1,30 +0,0 @@
[FUNCTION]
switch_no_biz=1
#0 means close stat
stat_cycle=0
#stat output screen 0: screen 1: file
stat_screen_print=0
stat_file=./log/http/http_stat.log
#ungzip
ungzip_switch=1
#support proxy
proxy_switch=1
#single-way traffic need http session num, 0 means no this function
singleway_maxseq=2
#0: field callback mode(default) 1:batch callback mode
callback_mode=0
#batch field maxnum when http_all or http_other
batch_field_maxnum=32
[LOG]
#FATAL:wrong info
#INFO: lostlen; special proc ;proxy info
#DEBUG: pending and close info; all url;
log_level=30
log_path=./log/http/runtime

90
run/conf/main.conf
View File

@@ -1,90 +0,0 @@
[Module]
threadnum=10
#cpu_bind_core_mask=1,2,3,4,5
cpu_bind_core_mask=0x7fe
app_instance_name=sapp
MaxTcpStreams=1000000
MaxUdpStreams=1000000
LinkTimeout=180
UdpResetTime=0
CreatLinkMode=1
MaxUnorderNum=5
TcpAllEnable=1
IPv6_module_enable=1
IPv6_raw_socket=1
ipentry_priority_over_ipfrag=0
dictator_switch=1
load_plug_switch=1
discard_ack=0
kill_tcp_remedy=0
signal_take_over_switch=0
timestamp_record=0
#timedelay_threshold unit: CPU CYCLE
timedelay_threshold=99900000
analyse_tcp_option=1
#in linux kernel 2.6.20 and subsequent version, should enable this
use_MESAsleep=0
#skip ethernet, if you don't care MAC address
skip_ethernet_layer=0
#for dual-stack send rst
skip_not_ip_layer=0
#packet use DDP protocol
encapsulate_with_ddp=0
maxrandval=65535
randkeyval=13
#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
#(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
capdatamodlel=12
forwardpkt=0
pcapdevice=vxlan_user
#pcapdevice=p7p1
pcapdevice2=em2
pcapfilter=
pcap_dumpfile_list=dumpfile.list
senddevice=em2
gateway_mac=00:90:0b:1b:a1:2b
#max pending packet num between capture-thread and handle-thread
queue_max_num=2000
#-----network connection mode definition-----
# 0: don't send packet, only capture;
# 1: parallel mode with single card;
# 2: serial mode with two card;
# 3: logic serial mode with G device.
net_connection_mode=3
[ShowStatInfo]
showinterval=3
iknow_listen_port=65500
platform_log_level=10
[pkt_dump]
pkt_dump_switch=0
#1:local file; 2:udp socket
pkt_dump_mode=2
pkt_dump_cmd_port=12345
pkt_dump_bpf_filter=
pkt_dump_file_root_dir=/dev/shm/pkt_dump234
#config 'pkt_dump_total_size' means summation of all files size in 'root_dir', unit:MB.
pkt_dump_total_size=29900
#config 'pkt_dump_file_max_size' means MB per thread.
pkt_dump_file_max_size=10000
#config 'pkt_dump_thread_seq' means which thread enable this module, 'all' is total running thread.
pkt_dump_thread_seq=all
#pkt_dump_thread_seq=0,1,2,3

90
run/conf/main.conf.31
View File

@@ -1,90 +0,0 @@
[Module]
threadnum=2
#cpu_bind_core_mask=1,2,3,4,5
cpu_bind_core_mask=0xF
app_instance_name=sapp_master
MaxTcpStreams=1000
MaxUdpStreams=1000
LinkTimeout=0
UdpResetTime=0
CreatLinkMode=3
MaxUnorderNum=5
TcpAllEnable=1
IPv6_module_enable=1
IPv6_raw_socket=1
ipentry_priority_over_ipfrag=0
dictator_switch=0
load_plug_switch=1
discard_ack=0
kill_tcp_remedy=0
signal_take_over_switch=0
timestamp_record=0
#timedelay_threshold unit: CPU CYCLE
timedelay_threshold=99900000
analyse_tcp_option=1
#in linux kernel 2.6.20 and subsequent version, should enable this
use_MESAsleep=0
#skip ethernet, if you don't care MAC address
skip_ethernet_layer=0
#for dual-stack send rst
skip_not_ip_layer=0
#packet use DDP protocol
encapsulate_with_ddp=0
maxrandval=65535
randkeyval=13
#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
#(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
capdatamodlel=1
forwardpkt=0
pcapdevice=enp2s0
pcapdevice2=enp3s0
pcapfilter=host 192.168.11.31
#pcapfilter=
pcap_dumpfile_list=dumpfile.list
senddevice=enp3s0
gateway_mac=00:90:0b:1b:a1:2b
#max pending packet num between capture-thread and handle-thread
queue_max_num=2000
#-----network connection mode definition-----
# 0: don't send packet, only capture;
# 1: parallel mode with single card;
# 2: serial mode with two card;
# 3: logic serial mode with G device.
net_connection_mode=2
[ShowStatInfo]
showinterval=3
iknow_listen_port=65500
platform_log_level=20
[pkt_dump]
pkt_dump_switch=0
#1:local file; 2:udp socket
pkt_dump_mode=2
pkt_dump_cmd_port=12345
pkt_dump_bpf_filter=
pkt_dump_file_root_dir=/dev/shm/pkt_dump234
#config 'pkt_dump_total_size' means summation of all files size in 'root_dir', unit:MB.
pkt_dump_total_size=29900
#config 'pkt_dump_file_max_size' means MB per thread.
pkt_dump_file_max_size=10000
#config 'pkt_dump_thread_seq' means which thread enable this module, 'all' is total running thread.
pkt_dump_thread_seq=all
#pkt_dump_thread_seq=0,1,2,3

90
run/conf/main.conf.dumpfile
View File

@@ -1,90 +0,0 @@
[Module]
threadnum=1
#cpu_bind_core_mask=1,2,3,4,5
cpu_bind_core_mask=0xF
app_instance_name=sapp_master
MaxTcpStreams=10000
MaxUdpStreams=10000
LinkTimeout=0
UdpResetTime=0
CreatLinkMode=3
MaxUnorderNum=5
TcpAllEnable=1
IPv6_module_enable=1
IPv6_raw_socket=1
ipentry_priority_over_ipfrag=0
dictator_switch=0
load_plug_switch=1
discard_ack=0
kill_tcp_remedy=0
signal_take_over_switch=0
timestamp_record=0
#timedelay_threshold unit: CPU CYCLE
timedelay_threshold=99900000
analyse_tcp_option=1
#in linux kernel 2.6.20 and subsequent version, should enable this
use_MESAsleep=0
#skip ethernet, if you don't care MAC address
skip_ethernet_layer=0
#for dual-stack send rst
skip_not_ip_layer=0
#packet use DDP protocol
encapsulate_with_ddp=0
maxrandval=65535
randkeyval=13
#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
#(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
capdatamodlel=2
forwardpkt=0
pcapdevice=lo
#pcapdevice=eno33554992
#pcapdevice2=eno50332216
pcapfilter=
pcap_dumpfile_list=dumpfile.list
senddevice=enp2s0
gateway_mac=00:90:0b:1b:a1:2b
#max pending packet num between capture-thread and handle-thread
queue_max_num=2000
#-----network connection mode definition-----
# 0: don't send packet, only capture;
# 1: parallel mode with single card;
# 2: serial mode with two card;
# 3: logic serial mode with G device.
net_connection_mode=1
[ShowStatInfo]
showinterval=3
iknow_listen_port=65500
platform_log_level=20
[pkt_dump]
pkt_dump_switch=0
#1:local file; 2:udp socket
pkt_dump_mode=2
pkt_dump_cmd_port=12345
pkt_dump_bpf_filter=
pkt_dump_file_root_dir=/dev/shm/pkt_dump234
#config 'pkt_dump_total_size' means summation of all files size in 'root_dir', unit:MB.
pkt_dump_total_size=29900
#config 'pkt_dump_file_max_size' means MB per thread.
pkt_dump_file_max_size=10000
#config 'pkt_dump_thread_seq' means which thread enable this module, 'all' is total running thread.
pkt_dump_thread_seq=all
#pkt_dump_thread_seq=0,1,2,3

90
run/conf/main.conf.noplug
View File

@@ -1,90 +0,0 @@
[Module]
threadnum=2
#cpu_bind_core_mask=1,2,3,4,5
cpu_bind_core_mask=0xF
app_instance_name=sapp_master
MaxTcpStreams=1000
MaxUdpStreams=1000
LinkTimeout=0
UdpResetTime=0
CreatLinkMode=3
MaxUnorderNum=5
TcpAllEnable=1
IPv6_module_enable=1
IPv6_raw_socket=1
ipentry_priority_over_ipfrag=0
dictator_switch=0
load_plug_switch=1
discard_ack=0
kill_tcp_remedy=0
signal_take_over_switch=0
timestamp_record=0
#timedelay_threshold unit: CPU CYCLE
timedelay_threshold=99900000
analyse_tcp_option=1
#in linux kernel 2.6.20 and subsequent version, should enable this
use_MESAsleep=0
#skip ethernet, if you don't care MAC address
skip_ethernet_layer=0
#for dual-stack send rst
skip_not_ip_layer=0
#packet use DDP protocol
encapsulate_with_ddp=0
maxrandval=65535
randkeyval=13
#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
#(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
capdatamodlel=1
forwardpkt=0
pcapdevice=enp2s0
pcapdevice2=enp3s0
#pcapfilter=host 192.168.11.31
pcapfilter=
pcap_dumpfile_list=dumpfile.list
senddevice=enp3s0
gateway_mac=00:90:0b:1b:a1:2b
#max pending packet num between capture-thread and handle-thread
queue_max_num=2000
#-----network connection mode definition-----
# 0: don't send packet, only capture;
# 1: parallel mode with single card;
# 2: serial mode with two card;
# 3: logic serial mode with G device.
net_connection_mode=2
[ShowStatInfo]
showinterval=3
iknow_listen_port=65500
platform_log_level=20
[pkt_dump]
pkt_dump_switch=0
#1:local file; 2:udp socket
pkt_dump_mode=2
pkt_dump_cmd_port=12345
pkt_dump_bpf_filter=
pkt_dump_file_root_dir=/dev/shm/pkt_dump234
#config 'pkt_dump_total_size' means summation of all files size in 'root_dir', unit:MB.
pkt_dump_total_size=29900
#config 'pkt_dump_file_max_size' means MB per thread.
pkt_dump_file_max_size=10000
#config 'pkt_dump_thread_seq' means which thread enable this module, 'all' is total running thread.
pkt_dump_thread_seq=all
#pkt_dump_thread_seq=0,1,2,3

89
run/conf/main.conf.pcap
View File

@@ -1,89 +0,0 @@
[Module]
threadnum=2
#cpu_bind_core_mask=1,2,3,4,5
cpu_bind_core_mask=0xF
app_instance_name=sapp_master
MaxTcpStreams=1000
MaxUdpStreams=1000
LinkTimeout=0
UdpResetTime=0
CreatLinkMode=3
MaxUnorderNum=5
TcpAllEnable=1
IPv6_module_enable=1
IPv6_raw_socket=1
ipentry_priority_over_ipfrag=0
dictator_switch=0
load_plug_switch=1
discard_ack=0
kill_tcp_remedy=0
signal_take_over_switch=0
timestamp_record=0
#timedelay_threshold unit: CPU CYCLE
timedelay_threshold=99900000
analyse_tcp_option=1
#in linux kernel 2.6.20 and subsequent version, should enable this
use_MESAsleep=0
#skip ethernet, if you don't care MAC address
skip_ethernet_layer=0
#for dual-stack send rst
skip_not_ip_layer=0
#packet use DDP protocol
encapsulate_with_ddp=0
maxrandval=65535
randkeyval=13
#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
#(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
capdatamodlel=1
forwardpkt=0
pcapdevice=enp2s0
pcapdevice2=enp3s0
pcapfilter=
pcap_dumpfile_list=dumpfile.list
senddevice=enp3s0
gateway_mac=00:90:0b:1b:a1:2b
#max pending packet num between capture-thread and handle-thread
queue_max_num=2000
#-----network connection mode definition-----
# 0: don't send packet, only capture;
# 1: parallel mode with single card;
# 2: serial mode with two card;
# 3: logic serial mode with G device.
net_connection_mode=2
[ShowStatInfo]
showinterval=3
iknow_listen_port=65500
platform_log_level=20
[pkt_dump]
pkt_dump_switch=0
#1:local file; 2:udp socket
pkt_dump_mode=2
pkt_dump_cmd_port=12345
pkt_dump_bpf_filter=
pkt_dump_file_root_dir=/dev/shm/pkt_dump234
#config 'pkt_dump_total_size' means summation of all files size in 'root_dir', unit:MB.
pkt_dump_total_size=29900
#config 'pkt_dump_file_max_size' means MB per thread.
pkt_dump_file_max_size=10000
#config 'pkt_dump_thread_seq' means which thread enable this module, 'all' is total running thread.
pkt_dump_thread_seq=all
#pkt_dump_thread_seq=0,1,2,3

16
run/conf/plugin/entrylist.conf
View File

@@ -1,16 +0,0 @@
IP
IP_FRAG
IPV6
IPV6_RAW
TCP_ALL
TCP
UDP
HTTP
SSL
MAIL
FTP
PHONY
POLLING
IPSEC
L2TP
PPTP

10
run/conf/plugin/plugin.conf
View File

@@ -1,10 +0,0 @@
[PLUGIN]
platform_config = ./plug/platform/conflist_platform.inf
protocol_config = ./plug/protocol/conflist_protocol.inf
business_config = ./plug/business/conflist_business.inf
entrylist_config = ./conf/plugin/entrylist.conf
logger_level=30
runtime_switch=1
max_interval_num=60

21
run/conf/project_list.conf
View File

@@ -1,21 +0,0 @@
#project_requirement_name value_type
#current requirement definitions:
# terminal_tag,
# ipv4_frag_list,
# ipv6_frag_list,
# stream_id,
# value type definitions
# char,
# short,
# int,
# long,
# struct
#terminal_tag struct
#ipv4_frag_list struct
#ipv6_frag_list struct
#stream_id struct
#test_project struct
tcp_flow_stat struct
udp_flow_stat struct
protocol_tag struct

1
run/conf/route_table.conf
View File

@@ -1 +0,0 @@
34.34.3.152

13
run/conf/send_raw_pkt.conf
View File

@@ -1,13 +0,0 @@
#<23><><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
#<23><>ƽ̨<C6BD><CCA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ͬ<EFBFBD><CDAC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>ײ<EFBFBD><D7B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2>ͬ,
#<23><><EFBFBD><EFBFBD>ͨģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, DPDKģʽ<C4A3><CABD>ʹ<EFBFBD>ö˿ں<CBBF>, PFRINGģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9>index<65><78>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ.
#target_id<69><64><EFBFBD>ڱ<EFBFBD>ʾ<EFBFBD><CABE><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD>ն˷<D5B6><CBB7><EFBFBD>,
#<23><><EFBFBD>ڷ<EFBFBD><DAB7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0>ײ<EFBFBD>MAC<41><43>Ŀ<EFBFBD><C4BF>IP<49><50>, <20><><EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, ƽֻ̨<CCA8><D6BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC>.
#target_id<69><EFBFBD><E0B5B1><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><DDBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
##(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
#target_id
0 pag p7p1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 vxlan_user smith dpdk dpdk pag
1 pag em2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 loop1 smith dpdk dpdk pag

13
run/conf/send_raw_pkt.conf.bak
View File

@@ -1,13 +0,0 @@
#<23><><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
#<23><>ƽ̨<C6BD><CCA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ͬ<EFBFBD><CDAC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>ײ<EFBFBD><D7B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2>ͬ,
#<23><><EFBFBD><EFBFBD>ͨģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, DPDKģʽ<C4A3><CABD>ʹ<EFBFBD>ö˿ں<CBBF>, PFRINGģʽ<C4A3><CABD>ʹ<EFBFBD><CAB9>index<65><78>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ.
#target_id<69><64><EFBFBD>ڱ<EFBFBD>ʾ<EFBFBD><CABE><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD>ն˷<D5B6><CBB7><EFBFBD>,
#<23><><EFBFBD>ڷ<EFBFBD><DAB7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0>ײ<EFBFBD>MAC<41><43>Ŀ<EFBFBD><C4BF>IP<49><50>, <20><><EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, ƽֻ̨<CCA8><D6BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԭʼ<D4AD><CABC>.
#target_id<69><EFBFBD><E0B5B1><EFBFBD><EFBFBD><EFBFBD>ݿ<EFBFBD><DDBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#(0:pag,1:pcap,2:dumpfile,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec,
##(11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio
#target_id
0 pag p7p1 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 vxlan_user smith dpdk dpdk pag
1 pag em2 eth1 dna0 dpdk ppf npacket qnf n95 eth1 topsec eth1 loop1 smith dpdk dpdk pag

1
run/conf/streamid.txt
View File

@@ -1 +0,0 @@
76999

10
run/conf/wangyan_keepalive.conf
View File

@@ -1,10 +0,0 @@
[main]
mode=master
#<23><>ʼ<EFBFBD>˿<EFBFBD>Ϊ60000, <20><><EFBFBD>ذ<EFBFBD><D8B0><EFBFBD>Դ<EFBFBD>˿<EFBFBD>Ϊ60000, <20><><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA>ʼ<EFBFBD>˿<EFBFBD>+<2B><><EFBFBD><EFBFBD>ID, <20><><EFBFBD><EFBFBD>2<EFBFBD>Ų<EFBFBD><C5B2><EFBFBD>, <20><><EFBFBD>󶨶˿<F3B6A8B6>Ϊ60002.
begin_listen_port=60000
#<23><><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD>Ӧ<EFBFBD>ò<EFBFBD><C3B2><EFBFBD>ID<49>б<EFBFBD>, <20><><EFBFBD>ŷָ<C5B7>
[master]
slave_plug_id_list=1,2,3
[slave]
local_plug_id=1

2
run/dpdk_cmd.txt
View File

@@ -1,2 +0,0 @@
mrtools-pdump -- --pdump "port=0,queue=*,rx-dev=lo,tx-dev=lo" &
tcpdump -i lo -n -nn

34
run/kni_set_cmd_by_policy_route
View File

@@ -1,34 +0,0 @@
#!/bin/sh
tun_iface=tun0
rtable_id_ingress=100
rtable_id_egress=101
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
sysctl -w net.ipv4.conf.default.rp_filter=0
#ethtool -K p7p1 lro off
#ethtool -K p7p1 tso off
#ethtool -K p7p1 gro off
#ethtool -K em2 lro off
#ethtool -K em2 tso off
#ethtool -K em2 gro off
# Create TUN devices
ip tuntap add dev ${tun_iface} mode tun multi_queue
#ip tuntap add dev ${tun_iface} mode tun
ifconfig ${tun_iface} up
# Ingress
ip rule add iif ${tun_iface} tab ${rtable_id_ingress}
ip route add local 0.0.0.0/0 dev lo table ${rtable_id_ingress}
# Egress
ip rule add fwmark 0x65 lookup ${rtable_id_egress}
ip route add default dev ${tun_iface} table ${rtable_id_egress}
# Flush cache
ip route flush cache

41
run/kni_set_cmd_by_policy_route_v6
View File

@@ -1,41 +0,0 @@
#!/bin/sh
tun_iface=tun0
rtable_id_ingress=100
rtable_id_egress=101
rtable_id_ingress6=102
rtable_id_egress6=103
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
sysctl -w net.ipv4.conf.default.rp_filter=0
ip6tables -F
ip6tables -F -t mangle
ip6tables -F -t nat
ip6tables -F -t raw
# Create TUN devices
ip tuntap add dev ${tun_iface} mode tun multi_queue
ifconfig ${tun_iface} up
# IPv6 Default GW
ip -6 route add default dev ${tun_iface}
# Ingress
ip rule add iif ${tun_iface} tab ${rtable_id_ingress}
ip route add local default dev lo table ${rtable_id_ingress}
ip -6 rule add iif ${tun_iface} tab ${rtable_id_ingress6}
ip -6 route add local default dev lo table ${rtable_id_ingress6}
# Egress
ip rule add fwmark 0x65 lookup ${rtable_id_egress}
ip route add default dev ${tun_iface} table ${rtable_id_egress}
#ip -6 rule add fwmark 0x66 lookup ${rtable_id_egress6}
#ip -6 route add default dev ${tun_iface} table ${rtable_id_egress6}
# Flush cache
ip route flush cache

92
run/kniconf/kni.conf
View File

@@ -1,92 +0,0 @@
[main]
htable_elem_num=10000000
######0:intercept;1:bypass
default_work_mode=0
######0:not replay;1:replay
replay_win_update=1
######0:G 1:two network card
sendpkt_mode=0
#####0:not join pkts in listq;1:join pkts in listq
write_listqueue_switch=0
#####0:join fds in listq;1:not join fds in listq
send_fds_mode=0
ratelimit_switch=1
replace_switch=1
domain_path=/home/server_unixsocket_file
socketopt_mark=101
logger_level=10
logger_filepath=./log/kni.log
[tun]
tun_path=/dev/net/tun
tun_name=tun0
[field_stat]
filestat2_filename=./log/kni_fs2.log
filestat2_sip=0.0.0.0
filestat2_sport=0
[dynmic_maat]
#0:iris;1:json;2:redis
dyn_maat_readconf_mode=1
dyn_redis_server=10.3.34.1
dyn_redis_port=6379
dyn_redis_db_index=5
dyn_scandir_interval=1000
dyn_effect_interval=60000
dyn_stat_file_path=./log/kni_dyn_maat_stat
dyn_table_info_path=./kniconf/maat_table_info.conf
[static_maat]
#0:iris;1:json;2:redis
maat_readconf_mode=1
redis_server=10.3.34.1
redis_port=6379
redis_db_index=4
scandir_interval=1000
effect_interval=1000
stat_file_path=./log/kni_static_maat_stat
table_info_path=./kniconf/maat_table_info.conf
full_cfg_dir=/home/mesasoft/tango_rules/full/index
inc_cfg_dir=/home/mesasoft/tango_rules/inc/index
[send_log]
send_log_switch=0
NIC_NAME=eth0
ENTRANCE_ID=0
KAFKA_BROKERLIST=192.168.10.73:9092
[Module]
table_info_path=./kniconf/maat_table_info.conf
full_cfg_dir=/home/mesasoft/tango_rules/full/index
inc_cfg_dir=/home/mesasoft/tango_rules/inc/index
logger_filepath=./log/kni.log
logger_level=10
#0:intercept;1:bypass
default_work_mode=1
#0:not replay;1:replay
replay_win_update=1
#0:iris;1:json;2:redis
maat_readconf_mode=2
redis_server=10.3.34.1
redis_port=6379
redis_db_index=4
scandir_interval=1000
effect_interval=1000
//dyn_domain
dyn_maat_readconf_mode=1
dyn_redis_server=192.168.11.243
dyn_redis_port=6379
dyn_redis_db_index=5
write_listqueue_switch=0
send_fds_mode=1

13
run/kniconf/maat_table_info.conf
View File

@@ -1,13 +0,0 @@
1 WHITE_LIST_COMPILE compile escape --
1 PXY_INTERCEPT_COMPILE compile escape --
2 WHITE_LIST_GROUP group --
2 PXY_INTERCEPT_GROUP group --
3 WHITE_LIST_IP ip --
3 PXY_INTERCEPT_IP ip --
4 WHITE_LIST_DOMAIN expr GBK GBK yes 0
4 PXY_INTERCEPT_DOMAIN expr GBK GBK yes 0
5 PXY_INTERCEPT_PKT_BIN expr GBK GBK yes 0
6 IPD_DYN_COMPILE compile GBK GBK no 0
7 IPD_DYN_GROUP group GBK GBK no 0
8 IPD_RELATED_DOMAIN expr GBK GBK yes 0
9 PXY_OBJ_SPOOFING_IP_POOL plugin {"key":11,"valid":9} --

59
run/kniconf/maat_test.json
View File

@@ -1,59 +0,0 @@
{
"compile_table": "PXY_INTERCEPT_COMPILE",
"group_table": "PXY_INTERCEPT_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action":120,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "zone=pkt_payload;substitute=/AAAA/BBBB",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "PXY_INTERCEPT_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.192.135",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
},
{
"table_name": "PXY_INTERCEPT_PKT_BIN",
"table_type": "string",
"table_content": {
"keywords": "AAAA",
"expr_type": "regex",
"match_method": "sub",
"format":"uncase plain"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "PXY_OBJ_SPOOFING_IP_POOL",
"table_content": [
"1\t4\t0\t192.168.11.127\t0\t0\t\t0\t0\t1\t123\t10\t{}\t20181217-0:22"
]
}
]
}

48
run/kniconf/maat_test.json.dnat
View File

@@ -1,48 +0,0 @@
{
"compile_table": "PXY_INTERCEPT_COMPILE",
"group_table": "PXY_INTERCEPT_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action":48,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "spoofing_ip_pool=10;nat_type=dnat;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "PXY_INTERCEPT_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.11.80",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "61.135.169.125",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "PXY_OBJ_SPOOFING_IP_POOL",
"table_content": [
"1\t4\t0\t123.57.35.217\t0\t0\t\t0\t0\t1\t123\t10\t{}\t20181217-0:22"
]
}
]
}

40
run/kniconf/maat_test.json.right
View File

@@ -1,40 +0,0 @@
{
"compile_table": "PXY_INTERCEPT_COMPILE",
"group_table": "PXY_INTERCEPT_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action":48,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "spoofing_ip_pool=10;nat_type=snat;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "PXY_INTERCEPT_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.11.80",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
}
]
}

48
run/kniconf/maat_test.json.snat
View File

@@ -1,48 +0,0 @@
{
"compile_table": "PXY_INTERCEPT_COMPILE",
"group_table": "PXY_INTERCEPT_GROUP",
"rules": [
{
"compile_id": 1,
"service": 1,
"action":48,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "spoofing_ip_pool=10;nat_type=snat;",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "PXY_INTERCEPT_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.11.80",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "PXY_OBJ_SPOOFING_IP_POOL",
"table_content": [
"1\t4\t0\t192.168.11.127\t0\t0\t\t0\t0\t1\t123\t10\t{}\t20181217-0:22"
]
}
]
}

2
run/memchk.sh
View File

@@ -1,2 +0,0 @@
#!/bin/sh
valgrind --tool=memcheck --leak-check=full --leak-resolution=high --error-limit=no --undef-value-errors=yes --log-file=valgrind.log ./sapp

2
run/memchk.sh.full
View File

@@ -1,2 +0,0 @@
#!/bin/sh
valgrind --tool=memcheck --leak-check=full --show-leak-kinds=all --leak-resolution=high --error-limit=no --undef-value-errors=yes --track-origins=yes --show-reachable=yes --log-file=valgrind.log --max-stackframe=7418264 --valgrind-stacksize=1048576 --malloc-fill=AA --free-fill=FE ./sapp

2
run/memchk.sh.quick
View File

@@ -1,2 +0,0 @@
#!/bin/sh
valgrind --tool=memcheck --leak-check=full --leak-resolution=high --error-limit=no --undef-value-errors=yes --log-file=valgrind.log ./sapp

6
run/pag.conf
View File

@@ -1,6 +0,0 @@
[pag]
dev_name=vxlan_user
app_name=sapp_master
burst_rx=32
burst_tx=32
cpu_id=1-8

BIN
run/platform_lib/packet_io_ipfile.so
View File

Binary file not shown.

BIN
run/platform_lib/packet_io_marsio.so
View File

Binary file not shown.

BIN
run/platform_lib/packet_io_marsio.so.no_forward
View File

Binary file not shown.

BIN
run/platform_lib/packet_io_marsio.so.normal
View File

Binary file not shown.

BIN
run/platform_lib/packet_io_pag_marsio.so
View File

Binary file not shown.

BIN
run/platform_lib/packet_io_pcap.so
View File

Binary file not shown.

4
run/plug/business/conflist_business.inf
View File

@@ -1,4 +0,0 @@
./plug/business/kni/kni.inf
#./plug/business/deliver/deliver.inf
#./plug/business/hid/hid.inf

25
run/plug/business/kni/kni.inf
View File

@@ -1,25 +0,0 @@
[PLUGINFO]
PLUGNAME=KNI
SO_PATH=./plug/business/kni/kni.so
INIT_FUNC=kni_init
DESTROY_FUNC=
#[IP]
#FUNC_FLAG=all
#FUNC_NAME=kni_ipv4_entry
[UDP]
FUNC_FLAG=all
FUNC_NAME=kni_udp_entry
[TCP_ALL]
FUNC_FLAG=all
FUNC_NAME=kni_tcpall_entry
[HTTP]
FUNC_FLAG=HTTP_HOST
FUNC_NAME=kni_http_entry

BIN
run/plug/business/kni/kni.so
View File

Binary file not shown.

1
run/plug/platform/conflist_platform.inf
View File

@@ -1 +0,0 @@
./plug/platform/g_device_plug/g_device_plug.inf

9
run/plug/platform/g_device_plug/g_device_plug.inf
View File

@@ -1,9 +0,0 @@
[PLUGINFO]
PLUGNAME=g_device_udp_plug
SO_PATH=./plug/platform/g_device_plug/g_device_plug.so
INIT_FUNC=gdev_keepalive_plug_init
[UDP]
FUNC_FLAG=ALL
FUNC_NAME=gdev_keepalive_udp_entry

BIN
run/plug/platform/g_device_plug/g_device_plug.so
View File

Binary file not shown.

1
run/plug/protocol/conflist_protocol.inf
View File

@@ -1 +0,0 @@
./plug/protocol/http/http.inf

15
run/plug/protocol/http/http.inf
View File

@@ -1,15 +0,0 @@
[PLUGINFO]
PLUGNAME=HTTP
SO_PATH=./plug/protocol/http/http.so
INIT_FUNC=HTTP_INIT
DESTROY_FUNC=HTTP_DESTROY
GETPLUGID_FUNC=HTTP_GETPLUGID
FLAGCHANGE_FUNC=HTTP_FLAG_CHANGE
FLAGSTATE_FUNC=HTTP_PROT_FUNSTAT
[TCP]
FUNC_FLAG=ALL
FUNC_NAME=HTTP_ENTRY

BIN
run/plug/protocol/http/http.so
View File

Binary file not shown.

3
run/r2
View File

@@ -1,3 +0,0 @@
killall r3 sapp
./r3 &> /dev/null &
#./kill_sapp_by_mem.sh &> /dev/null &

17
run/r3
View File

@@ -1,17 +0,0 @@
#!/bin/sh
while [ 1 ]; do
count=`ls -l core.* |wc -l`
echo $count
if [ $count -lt 5 ]
then
echo "set unlimited"
ulimit -c unlimited
else
ulimit -c 0
fi
./sapp > /dev/null
echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
sleep 10
done

BIN
run/sapp
View File

Binary file not shown.

40
run/update.conf
View File

@@ -1,40 +0,0 @@
"isakmp_protocol_plug={ IS_VALID=YES
MAKE_DIR=./sapp/
DST_LOG_DIR=./log/
#CONF_DIR=./
#DST_CONF_DIR=./
INF_DIR=./sapp/run/plug/protocol/isakmp_protocol_plug/isakmp_protocol_plug.inf
DST_INF_DIR=./plug/protocol/isakmp_protocol_plug/isakmp_protocol_plug.inf
SO_DIR=./sapp/run/plug/protocol/isakmp_protocol_plug/isakmp_protocol_plug.so
DST_SO_DIR=./plug/protocol/isakmp_protocol_plug/isakmp_protocol_plug.so
#HEADER_DIR=./
#DST_HEADER_DIR=/opt/MESA/soq/
}"
"l2tp_protocol_plug={ IS_VALID=YES
MAKE_DIR=./sapp/
DST_LOG_DIR=./log/
#CONF_DIR=./
#DST_CONF_DIR=./
INF_DIR=./sapp/run/plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
DST_INF_DIR=./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
SO_DIR=./sapp/run/plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.so
DST_SO_DIR=./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.so
#HEADER_DIR=./
#DST_HEADER_DIR=/opt/MESA/soq/
}"
"pptp_protocol_plug={ IS_VALID=YES
MAKE_DIR=./sapp/
DST_LOG_DIR=./log/
#CONF_DIR=./soq_master/t1_bin/t1conf/
#DST_CONF_DIR=./
INF_DIR=./sapp/run/plug/protocol/pptp_protocol_plug/pptp_protocol_plug.inf
DST_INF_DIR=./plug/protocol/pptp_protocol_plug/pptp_protocol_plug.inf
SO_DIR=./sapp/run/plug/protocol/pptp_protocol_plug/pptp_protocol_plug.so
DST_SO_DIR=./plug/protocol/pptp_protocol_plug/pptp_protocol_plug.so
#HEADER_DIR=./soq_master/inc/
#DST_HEADER_DIR=/opt/MESA/soq/
}"

0
run/version.conf
View File

124
run/vv.py
View File

@@ -1,124 +0,0 @@
import os
import sys
import subprocess
from optparse import OptionParser
from ftplib import FTP
from pprint import pprint #del later
dic={}
contact={}
date={}
filename_default="version.conf"
ftpserver='10.0.6.235'
directory='./MESA/'
def getconf(confname):
with open(confname) as f:
for line in f.readlines():
if line.startswith('#'):
continue
parts=line.split()
if len(parts)>=3:
name=parts[0].strip().replace('version','')
name=name.replace('VERSION','')
name=name.replace('_','')
dic[name]=parts[1]
contact[name]=parts[2]
date[name]=parts[3]
def getfile(path):
for root,dirs,files in os.walk(path):
for f in files:
if f.endswith('.so'):
#print(f)
fname=os.path.join(root,f)
yield fname
def getversion(f):
vers=subprocess.Popen('nm '+f+'|grep VERSION',shell=True,stdout=subprocess.PIPE)
for line in vers.stdout.readlines():
i=line.split()
#print(i[-1])
yield(i[-1])
def checkversion(v):
name=v.strip().replace('version','')
name=name.replace('VERSION','')
name=name.replace('_','')
name=filter(lambda ch:ch not in '0123456789',name)
#newv=dic[name]
newv=dic.get(name,None)
if newv==None:
print('\033[1;33m %s \033[1;m' % ('\t+++'+name+' is not found in your config file.'))
return None
if newv==v:
print('\t\033[1;32m%-120s\033[1;32m%s \033[1;m' % (v,'[LASTEST]'))
else:
vnow=v.strip().split()
vnew=newv.strip().split()
if vnow[-1]<vnew[-1]:
print('\t\033[1;31m%-120s\033[1;31m%s \033[1;m' % (v,'[OUTDATED]'))
print('\t[+]The latest version is '+vnew[-1]+', build in '+ date[name]+'. Please contact '+contact[name]+' to verifiy the version.')
elif vnow[-1]>vnew[-1]:
print('\t\033[1;33m%-120s\033[1;33m%s \033[1;m' % (v,'[WARNING]'))
print('\t[+]Newer than your latest config version!')
else:
print('\033[1;33m %s \033[1;m' % ('#####cannot check '+v))
def ftp_down(fname=filename_default):
try:
ftp=FTP(ftpserver)
ftp.login()
ftp.cwd(directory)
#version.conf->version.conf.bak
if os.path.exists(filename_default):
#os.name(filename_default,filename_default+'.bak')
if os.system('mv '+filename_default+' '+filename_default+'.bak')==0:
print(filename_default+' has been renamed as '+filename_default+'.bak')
file_handler=open(filename_default,'wb').write
ftp.retrbinary("RETR %s" % os.path.basename(filename_default),file_handler,1024)
ftp.close()
print("get "+filename_default+" from "+ftpserver+" successfully.")
except:
print("get "+filename_default+" from "+ftpserver+" failed.")
'''def main(argv):
getconf()
if len(argv)==1:
print("arg error")
print("please input the dir path!")
exit()
for f in getfile(argv[1]):
print(f)
for i in getversion(f):
#print('\t'+i)
checkversion(i)
#print('------')
#pprint(dic)'''
def main():
useage="usage:%prog [options arg]"
parser=OptionParser(useage)
parser.add_option("-f","--file",dest="filename",default=filename_default,help="FILENAME of your config. Default file is "+filename_default)
parser.add_option("-p","--path",dest="path",default="./",help="lib PATH that you want to verifiy. Default path is ./")
parser.add_option("-u","--update",dest="update",action="store_true",default=False,help="update config from ftp.")
(options,args)=parser.parse_args()
#print(options.filename)
#print(options.path)
if options.update:
ftp_down()
else:
if not os.path.exists(options.filename):
print(options.filename+" not exists")
exit()
getconf(options.filename)
for f in getfile(options.path):
print(f)
for i in getversion(f):
#print('\t'+i)
checkversion(i)
if __name__=="__main__":
#main(sys.argv)
main()

9
run/wyconf/hid.conf
View File

@@ -1,9 +0,0 @@
[MOUDLE]
table_info_path=./wyconf/maat_table_info.conf
ful_cfg_dir=/home/liuyang/run/sapp_run/config/index
inc_cfg_dir=/home/liuyang/run/sapp_run/config/inc/index
logger_filepath=./log/hid.log
logger_level=10
maat_json_switch=1

94
run/wyconf/hid_maat_test.json
View File

@@ -1,94 +0,0 @@
{
"compile_table": "MATT_CONFIG_COMPILE",
"group_table": "MATT_CONFIG_GROUP",
"rules": [
{
"compile_id": 123,
"service": 1,
"action": 2,
"do_blacklist": 1,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "IP_group",
"regions": [
{
"table_name": "HID_IP",
"table_type": "ip",
"table_content": {
"addr_type": "ipv4",
"src_ip": "114.114.114.114",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 0,
"direction": "double"
}
}
]
}
]
},
{
"compile_id": 125,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "123.56.104.218",
"is_valid": "yes",
"groups": [
{
"group_name": "group1",
"regions": [
{
"table_name": "HID_CONTENT",
"table_type": "string",
"table_content": {
"keywords": "3d87a97d",
"expr_type": "none",
"match_method": "sub",
"format":"hexbin"
}
}
]
}
]
},
{
"compile_id": 127,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"user_region": "123.56.104.218",
"is_valid": "yes",
"groups": [
{
"group_name": "group2",
"regions": [
{
"table_name": "HID_CONTENT",
"table_type": "string",
"table_content": {
"keywords": "3d87a979",
"expr_type": "none",
"match_method": "sub",
"format":"hexbin"
}
}
]
}
]
}
]
}

4
run/wyconf/hid_maat_test.json_iris_tmp/.local
View File

@@ -1,4 +0,0 @@
0000000003
0 123 1
1 125 1
2 127 1

3
run/wyconf/hid_maat_test.json_iris_tmp/HID_CONTENT.local
View File

@@ -1,3 +0,0 @@
0000000002
1 1 3d87a97d 0 0 1 1
2 2 3d87a979 0 0 1 1

2
run/wyconf/hid_maat_test.json_iris_tmp/HID_IP.local
View File

@@ -1,2 +0,0 @@
0000000001
0 0 4 114.114.114.114 255.255.255.255 0 65535 0.0.0.0 255.255.255.255 0 65535 0 0 1

4
run/wyconf/hid_maat_test.json_iris_tmp/MATT_CONFIG_COMPILE.local
View File

@@ -1,4 +0,0 @@
0000000003
123 1 2 1 1 0 anything 1
125 1 1 1 1 0 123.56.104.218 1
127 1 1 1 1 0 123.56.104.218 1

4
run/wyconf/hid_maat_test.json_iris_tmp/MATT_CONFIG_GROUP.local
View File

@@ -1,4 +0,0 @@
0000000003
0 123 1
1 125 1
2 127 1

4
run/wyconf/hid_maat_test.json_iris_tmp/index/full_config_index.0000000001
View File

@@ -1,4 +0,0 @@
MATT_CONFIG_COMPILE 3 ./wyconf/hid_maat_test.json_iris_tmp/MATT_CONFIG_COMPILE.local
MATT_CONFIG_GROUP 3 ./wyconf/hid_maat_test.json_iris_tmp/MATT_CONFIG_GROUP.local
HID_IP 1 ./wyconf/hid_maat_test.json_iris_tmp/HID_IP.local
HID_CONTENT 2 ./wyconf/hid_maat_test.json_iris_tmp/HID_CONTENT.local

4
run/wyconf/maat_table_info.conf
View File

@@ -1,4 +0,0 @@
1 MATT_CONFIG_COMPILE compile GBK GBK no 0
2 MATT_CONFIG_GROUP group GBK GBK no 0
3 HID_IP ip GBK GBK no 0
4 HID_CONTENT expr GBK GBK yes 0

BIN
run/wyconf/p7p1.pcap
View File

Binary file not shown.

11
script/run.sh Executable file
View File

@@ -0,0 +1,11 @@
SAPP_RUN="/home/tsg/kni"
/bin/cp -f ../conf/sapp/conflist_business.inf $SAPP_RUN/plug/business/conflist_business.inf
/bin/cp -rf ../conf/sapp/kni/ $SAPP_RUN/plug/business
/bin/cp -f ../build/entry/libkni.so $SAPP_RUN/plug/business/kni/libkni.so
mkdir -p $SAPP_RUN/conf/kni
/bin/cp -f ../conf/kni.conf $SAPP_RUN/conf/kni/kni.conf
/bin/cp -f ../conf/maat/maat_test.json $SAPP_RUN/conf/kni/maat_test.json
/bin/cp -f ../conf/maat/maat_tableinfo.conf $SAPP_RUN/conf/kni/maat_tableinfo.conf
cat $SAPP_RUN/conf/project_list.conf | grep "kni_http_tag" >/dev/null 2>&1 && exit
echo "kni_http_tag struct" >> $SAPP_RUN/conf/project_list.conf

26
vendor/CMakeLists.txt vendored
View File

@@ -2,22 +2,22 @@
include(ExternalProject)
### IPLocator
ExternalProject_Add(IPLocator
PREFIX IPLocator
URL ${CMAKE_CURRENT_SOURCE_DIR}/IPLocator-master.tar.gz
URL_MD5 685979caaa2b309221a21d5aab5e9cd5
CONFIGURE_COMMAND ./configure --prefix=<INSTALL_DIR> --disable-shared
BUILD_IN_SOURCE 1)
ExternalProject_Get_Property(IPLocator INSTALL_DIR)
### cJSON
ExternalProject_Add(cJSON PREFIX cJSON
URL ${CMAKE_CURRENT_SOURCE_DIR}/cJSON-1.7.7.tar.gz
URL_MD5 715009c99728bf81d6c97352718650ff
CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=<INSTALL_DIR>
-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
-DBUILD_SHARED_AND_STATIC_LIBS=1)
ExternalProject_Get_Property(cJSON INSTALL_DIR)
file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
add_library(IPLocator-static STATIC IMPORTED GLOBAL)
set_property(TARGET IPLocator-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libmaxminddb.a)
set_property(TARGET IPLocator-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
add_library(cjson SHARED IMPORTED GLOBAL)
add_dependencies(cjson cJSON)
set_property(TARGET cjson PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib64/libcjson.a)
set_property(TARGET cjson PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
### MESA Framework