gfwleak/tango-tsg-container
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、将sapp的配置文件分成两步作用于container,第一步作用于dockerfile的执行,第二步作用于镜像启动时文件的映射

Browse Source 
2、增加docker-compose 执行时生成镜像的操作
This commit is contained in:
fumingwei
2021-03-11 11:51:33 +08:00
parent 103ba64265
commit 4118b841f2
19 changed files with 716 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
config/sapp_run/conf/capture_packet_plug.conf Normal file
View File

@@ -0,0 +1,28 @@
[MAAT]
MAAT_MODE=2
#EFFECTIVE_FLAG=
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=conf/capture_packet_tableinfo.conf
STAT_FILE=capture_packet_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=192.168.4.72
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=0
JSON_CFG_FILE=conf/capture_packet_maat.json
INC_CFG_DIR=capture_packet_rule/inc/index/
FULL_CFG_DIR=capture_packet_rule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"beijing"}]}
[LOG]
NIC_NAME=eth0
BROKER_LIST="127.0.0.1"
FIELD_FILE=conf/capture_packet_log_field.conf
[SYSTEM]
LOG_LEVEL=10
LOG_PATH=./tsglog/capture_packet_plug/capture_packet

145
config/sapp_run/etc/sapp.toml Normal file
View File

@@ -0,0 +1,145 @@
###################################################################################################
# NOTE:
# The format of this file is toml (https://github.com/cktan/tomlc99)
# to make vim editor display colorful easier to read,
# you can create a symbolic links named sapp.ini to sapp.toml, ln -sf sapp.toml sapp.ini
###################################################################################################
[SYSTEM]
instance_name = "sapp_v4.0"
[CPU]
worker_threads=4
### note, bind_mask, if you do not want to bind thread to special CPU core, keep it empty as []
bind_mask=[1,2,3,4]
[MEM]
dictator_enable=1
[PACKET_IO]
[overlay_tunnel_definition]
l2_l3_tunnel_support=1
[packet_io.feature]
inbound_route_dir=1
#inject_mode_inline_device_sport=54789
### note, depolyment.mode options: [mirror, inline, transparent, dumpfile]
[packet_io.depolyment]
mode=mirror
### note, interface.type options: [pag,pcap,marsio]
[packet_io.internal.interface]
type=pcap
name=eth0
[packet_io.external.interface]
type=pcap
name=eth0
[STREAM]
### note, stream_id_base_time format is "%Y-%m-%d %H:%M:%S"
stream_id_base_time="2018-08-08 08:08:08"
[stream.tcp]
max=10000
timeout=60
syn_mandatory=1
reorder_pkt_max=50
analyse_option_enabled=1
tuple4_reuse_time_interval=10
meaningful_statistics_minimum_pkt=3
meaningful_statistics_minimum_byte=5
[stream.tcp.inject]
link_mss=1460
[stream.tcp.inject.rst]
auto_remedy=0
number=1
signature_enabled=1
signature_seed1=65535
signature_seed2=13
remedy_kill_tcp_by_inline_device=0
[stream.udp]
max=10000
timeout=30
meaningful_statistics_minimum_pkt=3
meaningful_statistics_minimum_byte=5
[PROFILING]
[profiling.pkt_latency]
enabled=0
### note, threshold unit is microseconds (us)
threshold=1000000
[profiling.sanity_check]
raw_pkt_broken_enabled=0
symbol_conflict_enabled=0
[profiling.log]
level=30
interval=5
[profiling.log.local]
enabled=1
### note, if "file_truncate_open_enabled=1", file will be truncated, otherwise open the file for appending.
file_truncate_enabled = 1
log_file_name = "fs2_sysinfo.log"
log_conf_name = "etc/sapp_log.conf"
[profiling.log.remote]
enabled=0
server_ip="192.168.11.90"
server_port=8126
[profiling.log.remote.field_stat2]
### note, is valid when "remote_send_out_type=field_stat2"
### note, metric_type option value: [default, json]
metric_type = default
app_name=sapp
[profiling.log.prometheus]
prometheus_enabled=1
prometheus_port=9273
prometheus_url_path="/metrics"
[TOOLS]
[tools.pkt_dump]
enabled=1
### note, mode options value:[storage, udp_socket]
mode=udp_socket
BSD_packet_filter=""
[tools.pkt_dump.threads]
### note, if you want enable pkt dump in all thread, set dump_thread_all_enabled=1, then 'dump_thread_id' is obsoleted.
### if dump_thread_all_enabled=0, then use dump_thread_id to specify separate specified thread index.
all_threads_enabled=1
### note, dump_thread_id start from 0, max is CPU.worker_threads-1
dump_thread_id=[0,1,2,3,4]
[tools.pkt_dump.udp]
command_port=12345
[tools.pkt_dump.storage]
### note, file path must be double quotation mark extension, for example, path="/dev/shm/pkt_dump"
path="/dev/shm/pkt_dump"
### note, file size unit: MB
file_size_max_per_thread=10000
### note:
### These configurations format is complex and difficult to describe with toml grammar,
### so, create a Independent config file to description specific information.
[SPECIAL_CONFIG_LINK]
project_list_path="./etc/project_list.conf"
plugin_path="./etc/plugin.conf"
entrylist_path="./etc/entrylist.conf"
send_raw_pkt_path="./etc/send_raw_pkt.conf"
vxlan_sport_service_map_path="./etc/vxlan_sport_service_map.conf"
[breakpad]
disable_coredump=0
enable_breakpad=0
breakpad_minidump_dir="/tmp/crashreport"
enable_breakpad_upload=0
breakpad_upload_url="http://127.0.0.1/"

14
config/sapp_run/etc/sapp_log.conf Normal file
View File

@@ -0,0 +1,14 @@
[global]
default format = "%d(%c), %V, %U, %m%n"
[levels]
DEBUG=10
INFO=20
FATAL=30
[formats]
other = "%d(%c), %V, %F, %U, %m%n"
plugin = "%d(%c), %m%n"
[rules]
__log_runtimelog.info "./log/runtimelog.%d(%F)"
__log_runtimelog_plugin.fatal >stdout; plugin
__log_runtimelog_plugin.info "./log/plugin.log.%d(%F)"; plugin
!.* "./log/%c.%d(%F)"; other

50
config/sapp_run/tsgconf/maat.conf Normal file
View File

@@ -0,0 +1,50 @@
[STATIC]
MAAT_MODE=2
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
STAT_FILE=tsg_static_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=192.168.44.72
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=0
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[DYNAMIC]
MAAT_MODE=2
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
STAT_FILE=tsg_dynamic_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=192.168.44.72
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=1
JSON_CFG_FILE=tsgconf/tsg_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[APP_SIGNATURE_MAAT]
MAAT_MODE=2
STAT_SWITCH=1
PERF_SWITCH=1
TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
STAT_FILE=app_sketch_maat.status
EFFECT_INTERVAL_S=1
REDIS_IP=192.168.44.72
REDIS_PORT_NUM=1
REDIS_PORT=7002
REDIS_INDEX=0
JSON_CFG_FILE=tsgconf/app_sketch_maat.json
INC_CFG_DIR=tsgrule/inc/index/
FULL_CFG_DIR=tsgrule/full/index/
EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
[MAAT]
ACCEPT_TAGS={"tags":[{"tag":"device_id","value":"device_1"}]}

100
config/sapp_run/tsgconf/main.conf Normal file
View File

@@ -0,0 +1,100 @@
[VOIP_PLUG]
TABLE_TO=TSG_FIELD_SIP_TO
TABLE_FROM=TSG_FIELD_SIP_FROM
TIMEOUT=300
LOG_PATH=./tsglog/fw_voip_plug/fw_voip_plug
LOG_LEVEL=10
[HTTP_PLUG]
LOG_PATH=./tsglog/fw_http_plug/fw_http_plug
LOG_LEVEL=10
[DNS_PLUG]
LOG_PATH=./tsglog/fw_dns_plug/fw_dns_plug
LOG_LEVEL=10
[FTP_PLUG]
TIMEOUT=600
LOG_PATH=./tsglog/fw_ftp_plug/fw_ftp_plug
LOG_LEVEL=10
[MAIL_PLUG]
TIMEOUT=3600
LOG_PATH=./tsglog/fw_mail_plug/fw_mail_plug
LOG_LEVEL=10
[QUIC_PLUG]
LOG_PATH=./tsglog/fw_quic_plug/fw_quic_plug
LOG_LEVEL=10
[CONTROL_PLUG]
LOG_PATH=./tsglog/app_control_plug/app_control_plug
LOG_LEVEL=10
[TSG_CONN_SKETCH]
log_service=2
min_pkts=0
min_bytes=0
sendlog_in_tcp_close=0
local_binary_prefix=./tsglog/
local_url_ip=192.168.40.161
record_http_session_num=0
record_http_content_type_num = 1
record_http_content_type=["text"]
[MAAT]
PROFILE=./tsgconf/maat.conf
IP_ADDR_TABLE=TSG_SECURITY_ADDR
SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
[TSG_LOG]
MODE=1
NIC_NAME=eth0
LOG_LEVEL=10
LOG_PATH=./tsglog/tsglog
BROKER_LIST=192.168.44.11:9092,192.168.44.14:9092,192.168.44.15:9092
COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
[STATISTIC]
CYCLE=5
TELEGRAF_PORT=8100
TELEGRAF_IP=127.0.0.1
OUTPUT_PATH=./tsg_statistic.log
APP_NAME=statistic
[FIELD_STAT]
CYCLE=5
TELEGRAF_PORT=8100
TELEGRAF_IP=127.0.0.1
OUTPUT_PATH=./tsg_stat.log
APP_NAME=tsg_master
[SYSTEM]
ENTRANCE_ID=4
LOG_LEVEL=10
LOG_PATH=./tsglog/tsg_master
POLICY_PRIORITY_LABEL=POLICY_PRIORITY
DEVICE_ID_COMMAND=hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'
[HOS_CONF]
hos_serverip=192.168.40.223
hos_serverport=9098
hos_accesskeyid="default"
hos_secretkey="default"
hos_poolsize=100
hos_thread_sum=64
hos_cache_size=102400
hos_fs2_serverip=127.0.0.1
hos_fs2_serverport=10086
[APP_SKETCH_LOCAL]
LOG_LEVEL=10
LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
L7_PROTOCOL_LABEL="BASIC_PROTO_LABEL"
[APP_SKETCH_FEEDBACK]
QOS=1
PUBLISH_TOPIC=APP_SIGNATURE_ID
#CLIENT_ID=
BROKER_LIST=tcp://192.168.40.161:1883

28
docker-compose.yml
View File

@@ -1,28 +1,20 @@
version: '2.2' version: '3.5'
services: services:
badssl_server: firewall:
image: "centos7:sappInstalled" build:
container_name: "sapp" context: ./dockerfile/firewall
# security_opt: dockerfile: Dockerfile
# - seccomp:unconfined image: "centos7:firewallInstalled"
privileged: true container_name: "firewall"
security_opt:
- seccomp:unconfined
volumes: volumes:
- ./config/mrzcpd/etc/mrapp.sapp4.conf:/opt/mrzcpd/etc/mrapp.sapp4.conf - ./config/mrzcpd/etc/mrapp.sapp4.conf:/opt/mrzcpd/etc/mrapp.sapp4.conf
- ./config/mrzcpd/etc/mrapm.conf:/opt/mrzcpd/etc/mrapm.conf - ./config/mrzcpd/etc/mrapm.conf:/opt/mrzcpd/etc/mrapm.conf
- ./config/mrzcpd/etc/mrglobal.conf:/opt/mrzcpd/etc/mrglobal.conf - ./config/mrzcpd/etc/mrglobal.conf:/opt/mrzcpd/etc/mrglobal.conf
# - ./config/etc/tmpfiles.d/sapp_tmpfile.conf:/etc/tmpfiles.d/sapp_tmpfile.conf
- ./config/sapp_run/etc/sapp.toml:/home/mesasoft/sapp_run/etc/sapp.toml - ./config/sapp_run/etc/sapp.toml:/home/mesasoft/sapp_run/etc/sapp.toml
- ./config/sapp_run/etc/project_list.conf:/home/mesasoft/sapp_run/etc/project_list.conf - ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf
- ./config/sapp_run/etc/sapp_log.conf:/home/mesasoft/sapp_run/etc/sapp_log.conf:rw
- ./config/sapp_run/etc/kni/kni.conf:/home/mesasoft/sapp_run/etc/kni/kni.conf
- ./config/sapp_run/tsgconf/main.conf:/home/mesasoft/sapp_run/tsgconf/main.conf - ./config/sapp_run/tsgconf/main.conf:/home/mesasoft/sapp_run/tsgconf/main.conf
- ./config/sapp_run/tsgconf/maat.conf:/home/mesasoft/sapp_run/tsgconf/maat.conf - ./config/sapp_run/tsgconf/maat.conf:/home/mesasoft/sapp_run/tsgconf/maat.conf
- ./config/sapp_run/conf/capture_packet_plug.conf:/home/mesasoft/sapp_run/conf/capture_packet_plug.conf - ./config/sapp_run/conf/capture_packet_plug.conf:/home/mesasoft/sapp_run/conf/capture_packet_plug.conf
- ./config/sapp_run/tsgconf/app_l7_proto_id.conf:/home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf
- ./config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf:/home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
- ./config/sapp_run/plug/conflist.inf:/home/mesasoft/sapp_run/plug/conflist.inf
- ./config/sapp_run/etc/entrylist.conf:/home/mesasoft/sapp_run/etc/entrylist.conf
# - ./config/framework/framework.conf:/etc/ld.so.conf.d/framework.conf
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
# command: >
# bash -c "ldconfig && tail -f /dev/null"

75
dockerfile/firewall/Dockerfile Normal file
View File

@@ -0,0 +1,75 @@
FROM docker.io/centos:7
COPY MESA-Framework.repo /etc/yum.repos.d/
COPY framework.conf aws.conf /etc/ld.so.conf.d/
#COPY aws.conf /etc/ld.so.conf.d/
COPY supervisord.conf /etc/
RUN yum makecache \
&& yum install -y \
libcjson \
libdocumentanalyze \
libmaatframe \
libMESA_field_stat \
libMESA_field_stat2 \
libMESA_handle_logger \
libMESA_htable\
libMESA_prof_load \
librdkafka \
librulescan \
libtsglua \
libwiredcfg \
libWiredLB \
lz4 \
libbreakpad_mini \
mrzcpd \
sapp \
tcpdump_mesa \
tsg_master \
kni \
capture_packet_plug \
conn_telemetry \
dns \
ftp \
fw_dns_plug \
#fw_ftp_plug \
fw_http_plug \
fw_mail_plug \
fw_quic_plug \
fw_ssl_plug \
http \
mail \
quic \
ssl \
tsg_conn_sketch \
app_control_plug \
app_sketch_local \
libwangw \
libwire_graft
# http_healthcheck
RUN yum install -y \
fw_ftp_plug \
epel-release \
python3 \
gdb \
numactl \
strace \
tcpdump \
net-tools \
vim \
&& pip3 install supervisor \
&& yum clean all \
&& ldconfig
COPY config/sapp_run/etc/project_list.conf /home/mesasoft/sapp_run/etc/project_list.conf
COPY config/sapp_run/etc/kni/kni.conf /home/mesasoft/sapp_run/etc/kni/kni.conf
COPY config/sapp_run/etc/entrylist.conf /home/mesasoft/sapp_run/etc/entrylist.conf
COPY config/sapp_run/tsgconf/app_l7_proto_id.conf /home/mesasoft/sapp_run/tsgconf/app_l7_proto_id.conf
COPY config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf /home/mesasoft/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
COPY config/sapp_run/plug/conflist.inf /home/mesasoft/sapp_run/plug/conflist.inf
WORKDIR /home/mesasoft/sapp_run/
ENTRYPOINT ["/usr/local/bin/supervisord" ,"-n","-c", "/etc/supervisord.conf"]

0
dockerfile/sapp/MESA-Framework.repo → dockerfile/firewall/MESA-Framework.repo
View File

1
dockerfile/firewall/aws.conf Normal file
View File

@@ -0,0 +1 @@
/usr/local/lib64

19
dockerfile/firewall/config/sapp_run/etc/entrylist.conf Normal file
View File

@@ -0,0 +1,19 @@
IP
IPV6
IPV6_RAW
TCP_ALL
TCP
UDP
PHONY
POLLING
IPSEC
L2TP
PPTP
DNS
QUIC
HTTP
MAIL
FTP
SSL
SIP
RTP

133
dockerfile/firewall/config/sapp_run/etc/kni/kni.conf Normal file
View File

@@ -0,0 +1,133 @@
[global]
log_path = ./log/kni/kni.log
log_level = 10
tfe_node_count = 3
manage_eth = ens1f3
deploy_mode = tun
tun_name = tun_kni
src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd
[tfe0]
enabled = 1
dev_eth_symbol = ens1f5
ip_addr = 192.168.100.2
[tfe1]
enabled = 1
dev_eth_symbol = ens1f6
ip_addr = 192.168.100.3
[tfe2]
enabled = 1
dev_eth_symbol = ens1f7
ip_addr = 192.168.100.4
[tfe_cmsg_receiver]
listen_eth = lo
listen_port = 2475
[watch_dog]
switch = 1
listen_eth = lo
listen_port = 2476
keepalive_idle = 2
keepalive_intvl = 1
keepalive_cnt = 3
[marsio]
appsym = knifw
[dup_traffic]
switch = 1
action = 2
capacity = 10000000
error_rate = 0.00001
expiry_time = 60
[traceid2pme_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 30
mho_eliminate_type = LRU
#per thread
[tuple2stream_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 0
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 0
mho_eliminate_type = LRU
[field_stat]
remote_switch = 1
remote_ip = 127.0.0.1
remote_port = 58100
local_path = ./fs2_kni.status
stat_cycle = 1
print_mode = 1
# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
statsd_format = 2
APP_NAME = fs2_kni
#self test Shunt rules security policy id
[tsg_diagnose]
enabled = 1
security_policy_id = 3,10
[ssl_dynamic_bypass]
enabled = 1
#kni dynamic bypass
[traceid2sslinfo_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 300
mho_eliminate_type = FIFO
[sslinfo2bypass_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 300
mho_eliminate_type = FIFO
[proxy_tcp_option]
enabled = 1
maat_table_compile = PXY_TCP_OPTION_COMPILE
maat_table_addr = PXY_TCP_OPTION_ADDR
maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
enable_override = 0
client_tcp_maxseg_enable = 0
client_tcp_maxseg = 1460
client_tcp_nodelay = 1
client_tcp_ttl = 70
client_tcp_keepalive_enable = 1
client_tcp_keepalive_keepcnt = 8
client_tcp_keepalive_keepidle = 30
client_tcp_keepalive_keepintvl = 15
client_tcp_user_timeout = 600
server_tcp_maxseg_enable = 0
server_tcp_maxseg = 1460
server_tcp_nodelay = 1
server_tcp_ttl = 75
server_tcp_keepalive_enable = 1
server_tcp_keepalive_keepcnt = 8
server_tcp_keepalive_keepidle = 30
server_tcp_keepalive_keepintvl = 15
server_tcp_user_timeout = 600
bypass_duplicated_packet = 0
tcp_passthrough = 0
[share_session_attribute]
SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

20
dockerfile/firewall/config/sapp_run/etc/project_list.conf Normal file
View File

@@ -0,0 +1,20 @@
tcp_flow_stat struct
udp_flow_stat struct
tcp_deduce_flow_stat struct
POLICY_PRIORITY struct
ESTABLISH_LATENCY long
MAIL_IDENTIFY int
TSG_MASTER_INTERNAL_LABEL struct
APP_ID_LABEL struct
BASIC_PROTO_LABEL struct
USER_DEFINED_ATTRIBUTE struct
SKETCH_TRANS_LAYER_CTX_LABEL struct
SKETCH_PROTO_CTX_LABEL struct
common_link_info_c2s struct
common_link_info_s2c struct
common_link_info struct
JA3_FINGERPRINT_LABEL struct
DKPT_PRO_V2 struct
DPKT_PROJECT_V2 struct
PPROJECT_PRO_V2 struct
DPKT_BHSTAT_PROJECT struct

38
dockerfile/firewall/config/sapp_run/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf Normal file
View File

@@ -0,0 +1,38 @@
[PLUGINFO]
PLUGNAME=TSG_CONN_SKETCH
SO_PATH=./plug/business/tsg_conn_sketch/tsg_conn_sketch.so
INIT_FUNC=tsg_conn_record_init
DESTROY_FUNC=tsg_conn_record_destroy
[TCP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_tcp_entry
[TCP_ALL]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_tcpall_entry
[UDP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_udp_entry
[HTTP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_http_entry
[SSL]
FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
FUNC_NAME=tsg_record_ssl_entry
[DNS]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_dns_entry
[MAIL]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_mail_entry
[FTP]
FUNC_FLAG=ALL
FUNC_NAME=tsg_record_ftp_entry

31
dockerfile/firewall/config/sapp_run/plug/conflist.inf Normal file
View File

@@ -0,0 +1,31 @@
[platform]
#./plug/platform/g_device_plug/g_device_plug.inf
./plug/platform/wannat/wangw.inf
./plug/platform/wire_graft/wire_graft.inf
./plug/platform/http_healthcheck/http_healthcheck.inf
./plug/platform/app_proto_identify/app_proto_identify.inf
./plug/platform/tsg_master/tsg_master.inf
[protocol]
./plug/protocol/radius/radius.inf
./plug/protocol/ssl/ssl.inf
./plug/protocol/http/http.inf
./plug/protocol/dns/dns.inf
./plug/protocol/mail/mail.inf
./plug/protocol/ftp/ftp.inf
./plug/protocol/quic/quic.inf
./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
[business]
./plug/business/tsg_conn_sketch/tsg_conn_sketch.inf
./plug/business/capture_packet_plug/capture_packet_plug.inf
#./plug/business/kni/kni.inf
./plug/business/fw_ssl_plug/fw_ssl_plug.inf
./plug/business/fw_http_plug/fw_http_plug.inf
./plug/business/fw_dns_plug/fw_dns_plug.inf
./plug/business/fw_mail_plug/fw_mail_plug.inf
./plug/business/fw_ftp_plug/fw_ftp_plug.inf
./plug/business/fw_quic_plug/fw_quic_plug.inf
./plug/business/conn_telemetry/conn_telemetry.inf
#./plug/business/app_control_plug/app_control_plug.inf
./plug/business/app_sketch_local/app_sketch_local.inf

51
dockerfile/firewall/config/sapp_run/tsgconf/app_l7_proto_id.conf Normal file
View File

@@ -0,0 +1,51 @@
#TYPE1:UCHAR,2:USHORT,3:USTRING,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
#TYPE FIELD VALUE
STRING UNCATEGORIZED 100
STRING UNCATEGORIZED 101
STRING UNKNOWN_OTHER 102
STRING DNS 103
STRING FTP 104
STRING FTPS 105
STRING HTTP 106
STRING HTTPS 107
STRING ICMP 108
STRING IKE 109
STRING MAIL 110
STRING IMAPS 111
STRING IPSEC 112
STRING XMPP 113
STRING L2TP 114
STRING NTP 115
STRING POP3S 117
STRING PPTP 118
STRING QUIC 119
STRING SIP 120
STRING SMB 121
STRING SMTPS 123
STRING SPDY 124
STRING SSH 125
STRING SSL 126
STRING SOCKS 127
STRING TELNET 128
STRING DHCP 129
STRING RADIUS 130
STRING OPENVPN 131
STRING STUN 132
STRING TEREDO 133
STRING DTLS 134
STRING DoH 135
STRING ISAKMP 136
STRING MDNS 137
STRING NETBIOS 138
STRING NETFLOW 139
STRING RDP 140
STRING RTCP 141
STRING RTP 142
STRING SLP 143
STRING SNMP 144
STRING SSDP 145
STRING TFTP 146
STRING BJNP 147
STRING LDAP 148
STRING RTMP 149
STRING RTSP 150

2
config/framework/framework.conf → dockerfile/firewall/framework.conf
View File

@@ -1 +1 @@
/opt/MESA/lib/ /opt/MESA/lib/

0
dockerfile/sapp/supervisord.conf → dockerfile/firewall/supervisord.conf
View File

63
dockerfile/sapp/Dockerfile
View File

@@ -1,63 +0,0 @@
FROM centos:7
COPY MESA-Framework.repo /etc/yum.repos.d/
COPY framework.conf /etc/ld.so.conf.d/
COPY supervisord.conf /etc/
RUN yum makecache && yum install -y \
libcjson \
libdocumentanalyze \
libmaatframe \
libMESA_field_stat \
libMESA_field_stat2 \
libMESA_handle_logger \
libMESA_htable\
libMESA_prof_load \
librdkafka \
librulescan \
libtsglua \
libwiredcfg \
libWiredLB \
lz4 \
libbreakpad_mini \
mrzcpd \
sapp \
tcpdump_mesa \
tsg_master \
kni \
capture_packet_plug \
conn_telemetry \
dns \
ftp \
fw_dns_plug \
#fw_ftp_plug \
fw_http_plug \
fw_mail_plug \
fw_quic_plug \
fw_ssl_plug \
http \
mail \
quic \
ssl \
tsg_conn_sketch \
app_control_plug \
tcpdump \
net-tools \
vim
RUN yum install -y fw_ftp_plug \
epel-release \
python3 \
gdb \
numactl \
&& pip3 install supervisor \
&& yum clean all \
&& ldconfig
RUN yum install -y strace
WORKDIR /home/mesasoft/sapp_run/
ENTRYPOINT ["/usr/local/bin/supervisord" ,"-n","-c", "/etc/supervisord.conf"]
#CMD tail -f /dev/null

1
dockerfile/sapp/framework.conf
View File

@@ -1 +0,0 @@
/opt/MESA/lib/