1、将sapp的配置文件分成两步作用于container,第一步作用于dockerfile的执行，第二步作用于镜像启动时文件的映射

2、增加docker-compose 执行时生成镜像的操作
2021-03-11 11:51:33 +08:00
parent 103ba64265
commit 4118b841f2
19 changed files with 716 additions and 83 deletions
--- a/config/sapp_run/conf/capture_packet_plug.conf
+++ b/config/sapp_run/conf/capture_packet_plug.conf
@@ -0,0 +1,28 @@
+[MAAT]
+MAAT_MODE=2
+#EFFECTIVE_FLAG=
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=conf/capture_packet_tableinfo.conf
+STAT_FILE=capture_packet_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP=192.168.4.72
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
+JSON_CFG_FILE=conf/capture_packet_maat.json
+INC_CFG_DIR=capture_packet_rule/inc/index/
+FULL_CFG_DIR=capture_packet_rule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"beijing"}]}
+
+[LOG]
+NIC_NAME=eth0
+BROKER_LIST="127.0.0.1"
+FIELD_FILE=conf/capture_packet_log_field.conf
+
+[SYSTEM]
+LOG_LEVEL=10
+LOG_PATH=./tsglog/capture_packet_plug/capture_packet
+
--- a/config/sapp_run/etc/sapp.toml
+++ b/config/sapp_run/etc/sapp.toml
@@ -0,0 +1,145 @@
+###################################################################################################
+# NOTE:
+#    The format of this file is toml (https://github.com/cktan/tomlc99)
+#    to make vim editor display colorful easier to read, 
+#    you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini
+###################################################################################################
+
+[SYSTEM]
+instance_name = "sapp_v4.0"
+
+[CPU]
+worker_threads=4
+### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
+bind_mask=[1,2,3,4]
+[MEM]
+dictator_enable=1
+
+[PACKET_IO]
+    [overlay_tunnel_definition]
+    l2_l3_tunnel_support=1
+    [packet_io.feature]
+    inbound_route_dir=1
+#inject_mode_inline_device_sport=54789
+### note, depolyment.mode options: [mirror, inline, transparent, dumpfile]
+  [packet_io.depolyment]
+  mode=mirror
+
+### note, interface.type options: [pag,pcap,marsio]
+  [packet_io.internal.interface]
+  type=pcap
+  name=eth0
+
+  [packet_io.external.interface]
+  type=pcap
+  name=eth0
+
+[STREAM]
+### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S" 
+stream_id_base_time="2018-08-08 08:08:08"
+    [stream.tcp]
+max=10000
+timeout=60
+syn_mandatory=1
+reorder_pkt_max=50
+    analyse_option_enabled=1
+tuple4_reuse_time_interval=10
+
+meaningful_statistics_minimum_pkt=3
+meaningful_statistics_minimum_byte=5
+    
+        [stream.tcp.inject]
+        link_mss=1460
+	  
+        [stream.tcp.inject.rst]
+auto_remedy=0
+number=1
+        signature_enabled=1
+        signature_seed1=65535
+        signature_seed2=13
+        remedy_kill_tcp_by_inline_device=0
+	
+    [stream.udp]
+max=10000
+timeout=30
+meaningful_statistics_minimum_pkt=3
+meaningful_statistics_minimum_byte=5
+    
+
+[PROFILING]
+[profiling.pkt_latency]
+enabled=0
+### note, threshold unit is microseconds (us)
+    threshold=1000000
+	
+    [profiling.sanity_check]
+    raw_pkt_broken_enabled=0
+    symbol_conflict_enabled=0
+  
+    [profiling.log]
+    level=30
+    interval=5
+    
+        [profiling.log.local]
+enabled=1
+### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.	 
+        file_truncate_enabled = 1
+        log_file_name = "fs2_sysinfo.log"
+        log_conf_name = "etc/sapp_log.conf"
+     
+        [profiling.log.remote]
+enabled=0
+        server_ip="192.168.11.90"
+        server_port=8126
+
+        [profiling.log.remote.field_stat2]
+### note, is valid when "remote_send_out_type=field_stat2"	 
+### note, metric_type option value: [default, json]
+        metric_type = default
+        app_name=sapp
+
+		[profiling.log.prometheus]
+		prometheus_enabled=1
+        prometheus_port=9273
+        prometheus_url_path="/metrics"
+     
+[TOOLS]
+[tools.pkt_dump]
+enabled=1
+### note, mode options value:[storage, udp_socket]
+mode=udp_socket
+    BSD_packet_filter=""
+   
+        [tools.pkt_dump.threads]
+### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=1, then 'dump_thread_id' is obsoleted.
+###       if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
+        all_threads_enabled=1
+   
+### note, dump_thread_id start from 0, max is CPU.worker_threads-1
+        dump_thread_id=[0,1,2,3,4]
+   
+        [tools.pkt_dump.udp]
+        command_port=12345
+
+        [tools.pkt_dump.storage]
+### note, file path must be double quotation mark extension, for example,  path="/dev/shm/pkt_dump"
+        path="/dev/shm/pkt_dump"
+### note, file size unit: MB
+        file_size_max_per_thread=10000 
+
+### note:
+### These configurations format is complex and difficult to describe with toml grammar,
+### so, create a Independent config file to description specific information.
+[SPECIAL_CONFIG_LINK]	 
+    project_list_path="./etc/project_list.conf"
+    plugin_path="./etc/plugin.conf"
+    entrylist_path="./etc/entrylist.conf"
+    send_raw_pkt_path="./etc/send_raw_pkt.conf"
+    vxlan_sport_service_map_path="./etc/vxlan_sport_service_map.conf"
+
+[breakpad]
+    disable_coredump=0
+    enable_breakpad=0
+    breakpad_minidump_dir="/tmp/crashreport"
+    enable_breakpad_upload=0
+    breakpad_upload_url="http://127.0.0.1/"
--- a/config/sapp_run/etc/sapp_log.conf
+++ b/config/sapp_run/etc/sapp_log.conf
@@ -0,0 +1,14 @@
+[global]
+default format = "%d(%c), %V, %U, %m%n"
+[levels]
+DEBUG=10
+INFO=20
+FATAL=30
+[formats]
+other = "%d(%c), %V, %F, %U, %m%n"
+plugin = "%d(%c), %m%n"
+[rules]
+__log_runtimelog.info    "./log/runtimelog.%d(%F)"
+__log_runtimelog_plugin.fatal    >stdout; plugin
+__log_runtimelog_plugin.info    "./log/plugin.log.%d(%F)"; plugin
+!.*    "./log/%c.%d(%F)"; other
--- a/config/sapp_run/tsgconf/maat.conf
+++ b/config/sapp_run/tsgconf/maat.conf
@@ -0,0 +1,50 @@
+[STATIC]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
+STAT_FILE=tsg_static_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP=192.168.44.72
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[DYNAMIC]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
+STAT_FILE=tsg_dynamic_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP=192.168.44.72
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=1
+JSON_CFG_FILE=tsgconf/tsg_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[APP_SIGNATURE_MAAT]
+MAAT_MODE=2
+STAT_SWITCH=1
+PERF_SWITCH=1
+TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
+STAT_FILE=app_sketch_maat.status
+EFFECT_INTERVAL_S=1
+REDIS_IP=192.168.44.72
+REDIS_PORT_NUM=1
+REDIS_PORT=7002
+REDIS_INDEX=0
+JSON_CFG_FILE=tsgconf/app_sketch_maat.json
+INC_CFG_DIR=tsgrule/inc/index/
+FULL_CFG_DIR=tsgrule/full/index/
+EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
+
+[MAAT]
+ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"device_1"}]}
--- a/config/sapp_run/tsgconf/main.conf
+++ b/config/sapp_run/tsgconf/main.conf
@@ -0,0 +1,100 @@
+[VOIP_PLUG]
+TABLE_TO=TSG_FIELD_SIP_TO
+TABLE_FROM=TSG_FIELD_SIP_FROM
+TIMEOUT=300
+LOG_PATH=./tsglog/fw_voip_plug/fw_voip_plug
+LOG_LEVEL=10
+[HTTP_PLUG]
+LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
+LOG_LEVEL=10
+
+[DNS_PLUG]
+LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
+LOG_LEVEL=10
+
+[FTP_PLUG]
+TIMEOUT=600
+LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
+LOG_LEVEL=10
+
+[MAIL_PLUG]
+TIMEOUT=3600
+LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
+LOG_LEVEL=10
+
+[QUIC_PLUG]
+LOG_PATH=./tsglog/fw_quic_plug/fw_quic_plug
+LOG_LEVEL=10
+
+[CONTROL_PLUG]
+LOG_PATH=./tsglog/app_control_plug/app_control_plug
+LOG_LEVEL=10
+
+[TSG_CONN_SKETCH]
+log_service=2
+min_pkts=0
+min_bytes=0
+sendlog_in_tcp_close=0
+local_binary_prefix=./tsglog/
+local_url_ip=192.168.40.161
+record_http_session_num=0
+record_http_content_type_num = 1
+record_http_content_type=["text"]
+
+[MAAT]
+PROFILE=./tsgconf/maat.conf
+IP_ADDR_TABLE=TSG_SECURITY_ADDR
+SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
+CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
+
+[TSG_LOG]
+MODE=1
+NIC_NAME=eth0
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsglog
+BROKER_LIST=192.168.44.11:9092,192.168.44.14:9092,192.168.44.15:9092
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+
+[STATISTIC]
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
+
+[FIELD_STAT]
+CYCLE=5
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_stat.log
+APP_NAME=tsg_master
+
+[SYSTEM]
+ENTRANCE_ID=4
+LOG_LEVEL=10
+LOG_PATH=./tsglog/tsg_master
+POLICY_PRIORITY_LABEL=POLICY_PRIORITY
+DEVICE_ID_COMMAND=hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'
+
+[HOS_CONF]
+hos_serverip=192.168.40.223
+hos_serverport=9098
+hos_accesskeyid="default"
+hos_secretkey="default"
+hos_poolsize=100
+hos_thread_sum=64
+hos_cache_size=102400
+hos_fs2_serverip=127.0.0.1
+hos_fs2_serverport=10086
+
+[APP_SKETCH_LOCAL]
+LOG_LEVEL=10
+LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
+L7_PROTOCOL_LABEL="BASIC_PROTO_LABEL"
+
+[APP_SKETCH_FEEDBACK]
+QOS=1
+PUBLISH_TOPIC=APP_SIGNATURE_ID
+#CLIENT_ID=
+BROKER_LIST=tcp://192.168.40.161:1883
+
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,28 +1,20 @@
-version: '2.2'
+version: '3.5'
 services:
-  badssl_server:
-    image: "centos7:sappInstalled"
-    container_name: "sapp"
-#    security_opt:
-#     - seccomp:unconfined
-    privileged: true
+  firewall:
+    build:
+      context: ./dockerfile/firewall
+      dockerfile: Dockerfile
+    image: "centos7:firewallInstalled"
+    container_name: "firewall"
+    security_opt:
+     - seccomp:unconfined
    volumes:
     - ./config/mrzcpd/etc/mrapp.sapp4.conf:/opt/mrzcpd/etc/mrapp.sapp4.conf
     - ./config/mrzcpd/etc/mrapm.conf:/opt/mrzcpd/etc/mrapm.conf
     - ./config/mrzcpd/etc/mrglobal.conf:/opt/mrzcpd/etc/mrglobal.conf
-#     - ./config/etc/tmpfiles.d/sapp_tmpfile.conf:/etc/tmpfiles.d/sapp_tmpfile.conf
     - ./config/sapp_run/etc/sapp.toml:/home/mesasoft/sapp_run/etc/sapp.toml
-     - ./config/sapp_run/etc/project_list.conf:/home/mesasoft/sapp_run/etc/project_list.conf
-     - ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf:rw
-     - ./config/sapp_run/etc/kni/kni.conf:/home/mesasoft/sapp_run/etc/kni/kni.conf
+     - ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf
     - ./config/sapp_run/tsgconf/main.conf:/home/mesasoft/sapp_run/tsgconf/main.conf
     - ./config/sapp_run/tsgconf/maat.conf:/home/mesasoft/sapp_run/tsgconf/maat.conf
     - ./config/sapp_run/conf/capture_packet_plug.conf:/home/mesasoft/sapp_run/conf/capture_packet_plug.conf
-     - ./config/sapp_run/tsgconf/app_l7_proto_id.conf:/home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf
-     - ./config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf:/home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
-     - ./config/sapp_run/plug/conflist.inf:/home/mesasoft/sapp_run/plug/conflist.inf
-     - ./config/sapp_run/etc/entrylist.conf:/home/mesasoft/sapp_run/etc/entrylist.conf
-#     - ./config/framework/framework.conf:/etc/ld.so.conf.d/framework.conf
     - /etc/localtime:/etc/localtime:ro
-#    command: >
-#      bash -c "ldconfig && tail -f /dev/null"
--- a/dockerfile/firewall/Dockerfile
+++ b/dockerfile/firewall/Dockerfile
@@ -0,0 +1,75 @@
+FROM docker.io/centos:7
+
+COPY MESA-Framework.repo /etc/yum.repos.d/
+COPY framework.conf  aws.conf /etc/ld.so.conf.d/
+#COPY aws.conf /etc/ld.so.conf.d/
+COPY supervisord.conf /etc/
+
+RUN yum makecache \
+  && yum install -y \
+  libcjson \
+  libdocumentanalyze \
+  libmaatframe \
+  libMESA_field_stat \
+  libMESA_field_stat2 \
+  libMESA_handle_logger \
+  libMESA_htable\
+  libMESA_prof_load \
+  librdkafka \
+  librulescan \
+  libtsglua \
+  libwiredcfg \
+  libWiredLB \
+  lz4 \
+  libbreakpad_mini \
+  mrzcpd \
+  sapp \
+  tcpdump_mesa \
+  tsg_master \
+  kni \
+  capture_packet_plug \
+  conn_telemetry \
+  dns \
+  ftp \
+  fw_dns_plug \
+  #fw_ftp_plug \
+  fw_http_plug \
+  fw_mail_plug \
+  fw_quic_plug \
+  fw_ssl_plug \
+  http \
+  mail \
+  quic \
+  ssl \
+  tsg_conn_sketch \
+  app_control_plug \
+  app_sketch_local \
+  libwangw \
+  libwire_graft 
+#  http_healthcheck
+  
+
+RUN yum install -y \
+  fw_ftp_plug \
+  epel-release \
+  python3 \
+  gdb \
+  numactl \
+  strace \
+  tcpdump \
+  net-tools \
+  vim \
+  && pip3 install supervisor \ 
+  && yum clean all \
+  && ldconfig 
+
+COPY config/sapp_run/etc/project_list.conf /home/mesasoft/sapp_run/etc/project_list.conf
+COPY config/sapp_run/etc/kni/kni.conf /home/mesasoft/sapp_run/etc/kni/kni.conf
+COPY config/sapp_run/etc/entrylist.conf /home/mesasoft/sapp_run/etc/entrylist.conf
+COPY config/sapp_run/tsgconf/app_l7_proto_id.conf /home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf
+COPY config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+COPY config/sapp_run/plug/conflist.inf /home/mesasoft/sapp_run/plug/conflist.inf
+
+WORKDIR /home/mesasoft/sapp_run/
+ENTRYPOINT ["/usr/local/bin/supervisord" ,"-n","-c", "/etc/supervisord.conf"]
+
--- a/dockerfile/firewall/MESA-Framework.repo
+++ b/dockerfile/firewall/MESA-Framework.repo
--- a/dockerfile/firewall/aws.conf
+++ b/dockerfile/firewall/aws.conf
@@ -0,0 +1 @@
+/usr/local/lib64
--- a/dockerfile/firewall/config/sapp_run/etc/entrylist.conf
+++ b/dockerfile/firewall/config/sapp_run/etc/entrylist.conf
@@ -0,0 +1,19 @@
+IP
+IPV6
+IPV6_RAW
+TCP_ALL
+TCP
+UDP
+PHONY
+POLLING
+IPSEC
+L2TP
+PPTP
+DNS
+QUIC
+HTTP
+MAIL
+FTP
+SSL
+SIP
+RTP
--- a/dockerfile/firewall/config/sapp_run/etc/kni/kni.conf
+++ b/dockerfile/firewall/config/sapp_run/etc/kni/kni.conf
@@ -0,0 +1,133 @@
+[global]
+log_path = ./log/kni/kni.log
+log_level = 10
+tfe_node_count = 3
+manage_eth = ens1f3
+deploy_mode = tun
+tun_name = tun_kni
+src_mac_addr = 00:0e:c6:d6:72:c1
+dst_mac_addr = fe:65:b7:03:50:bd
+[tfe0]
+enabled = 1
+dev_eth_symbol = ens1f5
+ip_addr = 192.168.100.2
+
+[tfe1]
+enabled = 1
+dev_eth_symbol = ens1f6
+ip_addr = 192.168.100.3
+
+[tfe2]
+enabled = 1
+dev_eth_symbol = ens1f7
+ip_addr = 192.168.100.4
+
+[tfe_cmsg_receiver]
+listen_eth = lo
+listen_port = 2475
+
+[watch_dog]
+switch = 1
+listen_eth = lo
+listen_port = 2476
+keepalive_idle = 2
+keepalive_intvl = 1
+keepalive_cnt = 3
+
+[marsio]
+appsym = knifw
+
+[dup_traffic]
+switch = 1
+action = 2
+capacity = 10000000
+error_rate = 0.00001
+expiry_time = 60
+
+[traceid2pme_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 640000
+mho_hash_max_element_num = 2560000
+mho_expire_time = 30
+mho_eliminate_type = LRU
+
+#per thread
+[tuple2stream_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 0
+mho_mutex_num = 160
+mho_hash_slot_size = 80000
+mho_hash_max_element_num = 320000
+mho_expire_time = 0
+mho_eliminate_type = LRU
+
+[field_stat]
+remote_switch = 1
+remote_ip = 127.0.0.1
+remote_port = 58100
+local_path = ./fs2_kni.status
+stat_cycle = 1
+print_mode = 1
+# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
+statsd_format = 2
+APP_NAME = fs2_kni
+
+#self test Shunt rules security policy id
+[tsg_diagnose]
+enabled = 1
+security_policy_id = 3,10
+
+
+[ssl_dynamic_bypass]
+enabled = 1
+
+#kni dynamic bypass
+[traceid2sslinfo_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 80000
+mho_hash_max_element_num = 320000
+mho_expire_time = 300
+mho_eliminate_type = FIFO
+
+[sslinfo2bypass_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 640000
+mho_hash_max_element_num = 2560000
+mho_expire_time = 300
+mho_eliminate_type = FIFO
+
+[proxy_tcp_option]
+enabled = 1
+maat_table_compile = PXY_TCP_OPTION_COMPILE
+maat_table_addr = PXY_TCP_OPTION_ADDR
+maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
+enable_override = 0
+client_tcp_maxseg_enable = 0
+client_tcp_maxseg = 1460
+client_tcp_nodelay =  1
+client_tcp_ttl = 70
+client_tcp_keepalive_enable = 1
+client_tcp_keepalive_keepcnt = 8
+client_tcp_keepalive_keepidle = 30
+client_tcp_keepalive_keepintvl = 15
+client_tcp_user_timeout = 600
+server_tcp_maxseg_enable = 0
+server_tcp_maxseg = 1460
+server_tcp_nodelay = 1
+server_tcp_ttl = 75
+server_tcp_keepalive_enable = 1
+server_tcp_keepalive_keepcnt = 8
+server_tcp_keepalive_keepidle = 30
+server_tcp_keepalive_keepintvl = 15
+server_tcp_user_timeout = 600
+bypass_duplicated_packet = 0
+tcp_passthrough = 0
+
+[share_session_attribute]
+SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL
--- a/dockerfile/firewall/config/sapp_run/etc/project_list.conf
+++ b/dockerfile/firewall/config/sapp_run/etc/project_list.conf
@@ -0,0 +1,20 @@
+tcp_flow_stat           struct
+udp_flow_stat           struct
+tcp_deduce_flow_stat    struct
+POLICY_PRIORITY	struct
+ESTABLISH_LATENCY	long
+MAIL_IDENTIFY	int
+TSG_MASTER_INTERNAL_LABEL	struct
+APP_ID_LABEL	struct
+BASIC_PROTO_LABEL	struct
+USER_DEFINED_ATTRIBUTE	struct
+SKETCH_TRANS_LAYER_CTX_LABEL    struct
+SKETCH_PROTO_CTX_LABEL   struct
+common_link_info_c2s	struct
+common_link_info_s2c	struct
+common_link_info struct
+JA3_FINGERPRINT_LABEL	struct
+DKPT_PRO_V2	struct
+DPKT_PROJECT_V2	struct
+PPROJECT_PRO_V2	struct
+DPKT_BHSTAT_PROJECT	struct
--- a/dockerfile/firewall/config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+++ b/dockerfile/firewall/config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
@@ -0,0 +1,38 @@
+[PLUGINFO]
+PLUGNAME=TSG_CONN_SKETCH
+SO_PATH=./plug/business/tsg_conn_sketch/tsg_conn_sketch.so
+INIT_FUNC=tsg_conn_record_init
+DESTROY_FUNC=tsg_conn_record_destroy
+
+
+[TCP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_tcp_entry
+
+[TCP_ALL]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_tcpall_entry
+
+[UDP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_udp_entry
+
+[HTTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_http_entry
+
+[SSL]
+FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
+FUNC_NAME=tsg_record_ssl_entry
+
+[DNS]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_dns_entry
+
+[MAIL]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_mail_entry
+
+[FTP]
+FUNC_FLAG=ALL
+FUNC_NAME=tsg_record_ftp_entry
--- a/dockerfile/firewall/config/sapp_run/plug/conflist.inf
+++ b/dockerfile/firewall/config/sapp_run/plug/conflist.inf
@@ -0,0 +1,31 @@
+[platform]
+#./plug/platform/g_device_plug/g_device_plug.inf
+./plug/platform/wannat/wangw.inf
+./plug/platform/wire_graft/wire_graft.inf
+./plug/platform/http_healthcheck/http_healthcheck.inf
+./plug/platform/app_proto_identify/app_proto_identify.inf
+./plug/platform/tsg_master/tsg_master.inf
+
+[protocol]
+./plug/protocol/radius/radius.inf
+./plug/protocol/ssl/ssl.inf
+./plug/protocol/http/http.inf
+./plug/protocol/dns/dns.inf
+./plug/protocol/mail/mail.inf
+./plug/protocol/ftp/ftp.inf
+./plug/protocol/quic/quic.inf
+./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
+
+[business]
+./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
+./plug/business/capture_packet_plug/capture_packet_plug.inf
+#./plug/business/kni/kni.inf
+./plug/business/fw_ssl_plug/fw_ssl_plug.inf
+./plug/business/fw_http_plug/fw_http_plug.inf
+./plug/business/fw_dns_plug/fw_dns_plug.inf
+./plug/business/fw_mail_plug/fw_mail_plug.inf
+./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+./plug/business/fw_quic_plug/fw_quic_plug.inf
+./plug/business/conn_telemetry/conn_telemetry.inf
+#./plug/business/app_control_plug/app_control_plug.inf
+./plug/business/app_sketch_local/app_sketch_local.inf
--- a/dockerfile/firewall/config/sapp_run/tsgconf/app_l7_proto_id.conf
+++ b/dockerfile/firewall/config/sapp_run/tsgconf/app_l7_proto_id.conf
@@ -0,0 +1,51 @@
+#TYPE：1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
+#TYPE	FIELD		VALUE
+STRING	UNCATEGORIZED	100
+STRING	UNCATEGORIZED	101
+STRING	UNKNOWN_OTHER	102
+STRING	DNS		103
+STRING	FTP		104
+STRING	FTPS		105
+STRING	HTTP		106
+STRING	HTTPS		107
+STRING	ICMP		108
+STRING	IKE		109
+STRING	MAIL		110
+STRING	IMAPS		111
+STRING	IPSEC		112
+STRING	XMPP		113
+STRING	L2TP		114
+STRING	NTP		115
+STRING	POP3S		117
+STRING	PPTP		118
+STRING	QUIC		119
+STRING	SIP		120
+STRING	SMB		121
+STRING	SMTPS		123
+STRING	SPDY		124
+STRING	SSH		125
+STRING	SSL		126
+STRING	SOCKS		127
+STRING	TELNET		128
+STRING	DHCP		129
+STRING	RADIUS		130
+STRING	OPENVPN		131
+STRING	STUN		132
+STRING	TEREDO		133
+STRING	DTLS		134
+STRING	DoH		135
+STRING	ISAKMP		136
+STRING	MDNS		137
+STRING	NETBIOS		138
+STRING	NETFLOW		139
+STRING	RDP		140
+STRING	RTCP		141
+STRING	RTP		142
+STRING	SLP		143
+STRING	SNMP		144
+STRING	SSDP		145
+STRING	TFTP		146
+STRING	BJNP		147
+STRING	LDAP		148
+STRING	RTMP		149
+STRING	RTSP		150
--- a/dockerfile/firewall/framework.conf
+++ b/dockerfile/firewall/framework.conf
@@ -1 +1 @@
-/opt/MESA/lib/
+/opt/MESA/lib/
--- a/dockerfile/firewall/supervisord.conf
+++ b/dockerfile/firewall/supervisord.conf
--- a/dockerfile/sapp/Dockerfile
+++ b/dockerfile/sapp/Dockerfile
@@ -1,63 +0,0 @@
-FROM centos:7
-
-COPY  MESA-Framework.repo /etc/yum.repos.d/
-COPY  framework.conf /etc/ld.so.conf.d/
-COPY  supervisord.conf /etc/
-
-RUN yum makecache && yum install  -y \
-  libcjson \
-  libdocumentanalyze \
-  libmaatframe \
-  libMESA_field_stat \
-  libMESA_field_stat2 \
-  libMESA_handle_logger \
-  libMESA_htable\
-  libMESA_prof_load \
-  librdkafka \
-  librulescan \
-  libtsglua \
-  libwiredcfg \
-  libWiredLB \
-  lz4 \
-  libbreakpad_mini \
-  mrzcpd \
-  sapp \
-  tcpdump_mesa \
-  tsg_master \
-  kni \
-  capture_packet_plug \
-  conn_telemetry \
-  dns \
-  ftp \
-  fw_dns_plug \
-  #fw_ftp_plug \
-  fw_http_plug \
-  fw_mail_plug \
-  fw_quic_plug \
-  fw_ssl_plug \
-  http \
-  mail \
-  quic \
-  ssl \
-  tsg_conn_sketch \
-  app_control_plug \
-  tcpdump \ 
-  net-tools \
-  vim  
-
-RUN yum install -y fw_ftp_plug \
-  epel-release \
-  python3 \
-  gdb \
-  numactl \
-  && pip3 install supervisor \ 
-  && yum clean all \
-  && ldconfig 
-
-RUN  yum install -y strace
-
-
-WORKDIR /home/mesasoft/sapp_run/
-ENTRYPOINT ["/usr/local/bin/supervisord" ,"-n","-c", "/etc/supervisord.conf"]
-
-#CMD tail -f /dev/null
--- a/dockerfile/sapp/framework.conf
+++ b/dockerfile/sapp/framework.conf
@@ -1 +0,0 @@
-/opt/MESA/lib/