1、将sapp的配置文件分成两步作用于container,第一步作用于dockerfile的执行，第二步作用于镜像启动时文件的映射

2、增加docker-compose 执行时生成镜像的操作

dockerfile/firewall/config/sapp_run/etc/entrylist.conf

@@ -0,0 +1,19 @@
+IP
+IPV6
+IPV6_RAW
+TCP_ALL
+TCP
+UDP
+PHONY
+POLLING
+IPSEC
+L2TP
+PPTP
+DNS
+QUIC
+HTTP
+MAIL
+FTP
+SSL
+SIP
+RTP

dockerfile/firewall/config/sapp_run/etc/kni/kni.conf

@@ -0,0 +1,133 @@
+[global]
+log_path = ./log/kni/kni.log
+log_level = 10
+tfe_node_count = 3
+manage_eth = ens1f3
+deploy_mode = tun
+tun_name = tun_kni
+src_mac_addr = 00:0e:c6:d6:72:c1
+dst_mac_addr = fe:65:b7:03:50:bd
+[tfe0]
+enabled = 1
+dev_eth_symbol = ens1f5
+ip_addr = 192.168.100.2
+
+[tfe1]
+enabled = 1
+dev_eth_symbol = ens1f6
+ip_addr = 192.168.100.3
+
+[tfe2]
+enabled = 1
+dev_eth_symbol = ens1f7
+ip_addr = 192.168.100.4
+
+[tfe_cmsg_receiver]
+listen_eth = lo
+listen_port = 2475
+
+[watch_dog]
+switch = 1
+listen_eth = lo
+listen_port = 2476
+keepalive_idle = 2
+keepalive_intvl = 1
+keepalive_cnt = 3
+
+[marsio]
+appsym = knifw
+
+[dup_traffic]
+switch = 1
+action = 2
+capacity = 10000000
+error_rate = 0.00001
+expiry_time = 60
+
+[traceid2pme_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 640000
+mho_hash_max_element_num = 2560000
+mho_expire_time = 30
+mho_eliminate_type = LRU
+
+#per thread
+[tuple2stream_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 0
+mho_mutex_num = 160
+mho_hash_slot_size = 80000
+mho_hash_max_element_num = 320000
+mho_expire_time = 0
+mho_eliminate_type = LRU
+
+[field_stat]
+remote_switch = 1
+remote_ip = 127.0.0.1
+remote_port = 58100
+local_path = ./fs2_kni.status
+stat_cycle = 1
+print_mode = 1
+# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
+statsd_format = 2
+APP_NAME = fs2_kni
+
+#self test Shunt rules security policy id
+[tsg_diagnose]
+enabled = 1
+security_policy_id = 3,10
+
+
+[ssl_dynamic_bypass]
+enabled = 1
+
+#kni dynamic bypass
+[traceid2sslinfo_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 80000
+mho_hash_max_element_num = 320000
+mho_expire_time = 300
+mho_eliminate_type = FIFO
+
+[sslinfo2bypass_htable]
+mho_screen_print_ctrl = 0
+mho_thread_safe = 1
+mho_mutex_num = 160
+mho_hash_slot_size = 640000
+mho_hash_max_element_num = 2560000
+mho_expire_time = 300
+mho_eliminate_type = FIFO
+
+[proxy_tcp_option]
+enabled = 1
+maat_table_compile = PXY_TCP_OPTION_COMPILE
+maat_table_addr = PXY_TCP_OPTION_ADDR
+maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
+enable_override = 0
+client_tcp_maxseg_enable = 0
+client_tcp_maxseg = 1460
+client_tcp_nodelay =  1
+client_tcp_ttl = 70
+client_tcp_keepalive_enable = 1
+client_tcp_keepalive_keepcnt = 8
+client_tcp_keepalive_keepidle = 30
+client_tcp_keepalive_keepintvl = 15
+client_tcp_user_timeout = 600
+server_tcp_maxseg_enable = 0
+server_tcp_maxseg = 1460
+server_tcp_nodelay = 1
+server_tcp_ttl = 75
+server_tcp_keepalive_enable = 1
+server_tcp_keepalive_keepcnt = 8
+server_tcp_keepalive_keepidle = 30
+server_tcp_keepalive_keepintvl = 15
+server_tcp_user_timeout = 600
+bypass_duplicated_packet = 0
+tcp_passthrough = 0
+
+[share_session_attribute]
+SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

dockerfile/firewall/config/sapp_run/etc/project_list.conf

@@ -0,0 +1,20 @@
+tcp_flow_stat           struct
+udp_flow_stat           struct
+tcp_deduce_flow_stat    struct
+POLICY_PRIORITY	struct
+ESTABLISH_LATENCY	long
+MAIL_IDENTIFY	int
+TSG_MASTER_INTERNAL_LABEL	struct
+APP_ID_LABEL	struct
+BASIC_PROTO_LABEL	struct
+USER_DEFINED_ATTRIBUTE	struct
+SKETCH_TRANS_LAYER_CTX_LABEL    struct
+SKETCH_PROTO_CTX_LABEL   struct
+common_link_info_c2s	struct
+common_link_info_s2c	struct
+common_link_info struct
+JA3_FINGERPRINT_LABEL	struct
+DKPT_PRO_V2	struct
+DPKT_PROJECT_V2	struct
+PPROJECT_PRO_V2	struct
+DPKT_BHSTAT_PROJECT	struct