TSG-7422: firewall 插件HTTP内容关键字适配虚拟表名变更
TSG-7390: 开启static策略和dynamic策略Maat句柄的Prometheus输出 TSG-7388: 调整tsgconf/main.conf中的配置项entrance_id到data_center_id TSG-7387: 在Provision中增加计算板卡(单元)在数据中心中的顺序号的配置
This commit is contained in:
liuxueli
@@ -26,8 +26,8 @@
|
|||||||
14 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
|
14 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --
|
||||||
15 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
|
15 TSG_FIELD_HTTP_REQ_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
|
||||||
16 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
|
16 TSG_FIELD_HTTP_RES_HDR virtual TSG_OBJ_HTTP_SIGNATURE --
|
||||||
17 TSG_FIELD_HTTP_REQ_CONTENT virtual TSG_OBJ_KEYWORDS --
|
17 TSG_FIELD_HTTP_REQ_BODY virtual TSG_OBJ_KEYWORDS --
|
||||||
18 TSG_FIELD_HTTP_RES_CONTENT virtual TSG_OBJ_KEYWORDS --
|
18 TSG_FIELD_HTTP_RES_BODY virtual TSG_OBJ_KEYWORDS --
|
||||||
19 TSG_FIELD_SSL_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
|
19 TSG_FIELD_SSL_SNI virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
|
||||||
20 TSG_FIELD_SSL_CN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
|
20 TSG_FIELD_SSL_CN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
|
||||||
21 TSG_FIELD_SSL_SAN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
|
21 TSG_FIELD_SSL_SAN virtual ["TSG_OBJ_FQDN","TSG_OBJ_FQDN_CAT"] --
|
||||||
|
|||||||
@@ -143,7 +143,7 @@ static int tsg_get_sn(char *filename, char *device_sn, int device_sn_len)
|
|||||||
return flags;
|
return flags;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int get_device_id(char *command, int entrance_id)
|
static int get_device_id(char *command, int datacenter_id)
|
||||||
{
|
{
|
||||||
FILE *fp=NULL;
|
FILE *fp=NULL;
|
||||||
char buffer[128]={0};
|
char buffer[128]={0};
|
||||||
@@ -155,7 +155,7 @@ static int get_device_id(char *command, int entrance_id)
|
|||||||
pclose(fp);
|
pclose(fp);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (entrance_id<<7)+(atoi(buffer)%128);
|
return (datacenter_id<<7)+(atoi(buffer)%128);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int get_deploy_mode(void)
|
static int get_deploy_mode(void)
|
||||||
@@ -1532,14 +1532,12 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
|||||||
break;
|
break;
|
||||||
case TSG_ACTION_MONITOR:
|
case TSG_ACTION_MONITOR:
|
||||||
vlan_num=tsg_get_vlan_id_by_monitor_rule(g_tsg_maat_feather, result, hit_num, vlan, MAX_RESULT_NUM);
|
vlan_num=tsg_get_vlan_id_by_monitor_rule(g_tsg_maat_feather, result, hit_num, vlan, MAX_RESULT_NUM);
|
||||||
ret=tsg_set_vlan_id_to_tcpall(a_stream, &context, vlan, vlan_num, thread_seq);
|
ret=tsg_set_vlan_id_to_tcpall(a_stream, (struct tcpall_context**)pme, vlan, vlan_num, thread_seq);
|
||||||
if(ret<=0)
|
if(ret<=0)
|
||||||
{
|
{
|
||||||
return state;
|
return state;
|
||||||
}
|
}
|
||||||
|
context=(struct tcpall_context*)(*pme);
|
||||||
*pme=(void *)(context);
|
|
||||||
tsg_send_raw_packet(a_stream, context->vlan, context->vlan_num, thread_seq);
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
@@ -1548,9 +1546,6 @@ static unsigned char tsg_master_all_entry(const struct streaminfo *a_stream, uns
|
|||||||
|
|
||||||
Maat_clean_status(&scan_mid);
|
Maat_clean_status(&scan_mid);
|
||||||
scan_mid=NULL;
|
scan_mid=NULL;
|
||||||
case OP_STATE_DATA:
|
|
||||||
case OP_STATE_CLOSE:
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
@@ -1677,13 +1672,21 @@ extern "C" int TSG_MASTER_INIT()
|
|||||||
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;");
|
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "IDENTIFY_PROTO_NAME", identify_proto_name, sizeof(identify_proto_name), "HTTP;SSL;DNS;FTP;BGP;SIP;MAIL;STREAMING_MEDIA;QUIC;SIP;");
|
||||||
tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag);
|
tsg_proto_name2flag(identify_proto_name, &g_tsg_para.proto_flag);
|
||||||
|
|
||||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "ENTRANCE_ID", &g_tsg_para.entrance_id, 0);
|
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DATACENTER_ID", &g_tsg_para.datacenter_id, 0);
|
||||||
MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
|
MESA_load_profile_short_def(tsg_conffile, "SYSTEM", "TIMEOUT", (short *)&g_tsg_para.timeout, 300);
|
||||||
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
|
MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_TIME_INTERVAL", &g_tsg_para.scan_time_interval, 120);
|
||||||
|
|
||||||
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL);
|
ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
|
||||||
g_tsg_para.device_id=get_device_id(g_tsg_para.device_id_command, g_tsg_para.entrance_id);
|
if(ret<0)
|
||||||
|
{
|
||||||
|
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_ID_COMMAND", g_tsg_para.device_id_command, sizeof(g_tsg_para.device_id_command), NULL);
|
||||||
|
g_tsg_para.device_seq_in_dc=get_device_id(g_tsg_para.device_id_command, g_tsg_para.datacenter_id);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
g_tsg_para.device_seq_in_dc=(g_tsg_para.datacenter_id<<7)+((g_tsg_para.device_seq_in_dc)%128);
|
||||||
|
}
|
||||||
|
|
||||||
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json");
|
MESA_load_profile_string_def(tsg_conffile, "SYSTEM", "DEVICE_SN_FILENAME", device_sn_filename, sizeof(device_sn_filename), "/opt/tsg/etc/tsg_sn.json");
|
||||||
ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn));
|
ret=tsg_get_sn(device_sn_filename, g_tsg_para.device_sn, sizeof(g_tsg_para.device_sn));
|
||||||
if(ret==0)
|
if(ret==0)
|
||||||
|
|||||||
@@ -219,8 +219,8 @@ typedef struct tsg_para
|
|||||||
short mirror_switch;
|
short mirror_switch;
|
||||||
unsigned short timeout;
|
unsigned short timeout;
|
||||||
int app_dict_field_num;
|
int app_dict_field_num;
|
||||||
int device_id;
|
int device_seq_in_dc;
|
||||||
int entrance_id;
|
int datacenter_id;
|
||||||
int hash_timeout;
|
int hash_timeout;
|
||||||
int hash_slot_size;
|
int hash_slot_size;
|
||||||
enum DEPLOY_MODE deploy_mode;
|
enum DEPLOY_MODE deploy_mode;
|
||||||
|
|||||||
@@ -1303,6 +1303,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
|
|||||||
char effective_tag_key[128]={0};
|
char effective_tag_key[128]={0};
|
||||||
char effective_range_filename[1024]={0};
|
char effective_range_filename[1024]={0};
|
||||||
char redis_ip[16]={0}, effective_flag[1024]={0};
|
char redis_ip[16]={0}, effective_flag[1024]={0};
|
||||||
|
int output_prometheus=0;
|
||||||
int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0;
|
int maat_mode=0,maat_stat_on=0,maat_perf_on=0,thread_max=0;
|
||||||
char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0};
|
char json_cfg_file[MAX_PATH_LEN]={0},maat_stat_file[MAX_PATH_LEN]={0};
|
||||||
char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
|
char table_info[MAX_PATH_LEN]={0},inc_cfg_dir[MAX_PATH_LEN]={0},ful_cfg_dir[MAX_PATH_LEN]={0};
|
||||||
@@ -1329,6 +1330,7 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
|
|||||||
MESA_load_profile_int_def(conffile, module,"MAAT_MODE", &(maat_mode),0);
|
MESA_load_profile_int_def(conffile, module,"MAAT_MODE", &(maat_mode),0);
|
||||||
MESA_load_profile_int_def(conffile, module,"STAT_SWITCH", &(maat_stat_on),1);
|
MESA_load_profile_int_def(conffile, module,"STAT_SWITCH", &(maat_stat_on),1);
|
||||||
MESA_load_profile_int_def(conffile, module,"PERF_SWITCH", &(maat_perf_on),1);
|
MESA_load_profile_int_def(conffile, module,"PERF_SWITCH", &(maat_perf_on),1);
|
||||||
|
MESA_load_profile_int_def(conffile, module,"OUTPUT_PROMETHEUS", &(output_prometheus), 1);
|
||||||
|
|
||||||
MESA_load_profile_string_def(conffile,module,"TABLE_INFO",table_info, sizeof(table_info), "");
|
MESA_load_profile_string_def(conffile,module,"TABLE_INFO",table_info, sizeof(table_info), "");
|
||||||
MESA_load_profile_string_def(conffile,module,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file), "");
|
MESA_load_profile_string_def(conffile,module,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file), "");
|
||||||
@@ -1361,7 +1363,9 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
|
|||||||
Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
|
Maat_set_feather_opt(_maat_feather, MAAT_OPT_PERF_ON, NULL, 0);
|
||||||
Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index));
|
Maat_set_feather_opt(_maat_feather, MAAT_OPT_REDIS_INDEX, &redis_index, sizeof(redis_index));
|
||||||
Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
|
Maat_set_feather_opt(_maat_feather, MAAT_OPT_SCAN_DETAIL, &scan_detail, sizeof(scan_detail));
|
||||||
Maat_set_feather_opt(_maat_feather, MAAT_OPT_FOREIGN_CONT_DIR, "./alerts_files", strlen("./alerts_files")+1);
|
Maat_set_feather_opt(_maat_feather, MAAT_OPT_FOREIGN_CONT_DIR, "./alerts_files", strlen("./alerts_files")+1);
|
||||||
|
Maat_set_feather_opt(_maat_feather, MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1);
|
||||||
|
Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -1374,7 +1378,8 @@ static Maat_feather_t init_maat_feather(const char* conffile, char* instance_nam
|
|||||||
{
|
{
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "EFFECTIVE_RANGE", "Effective range is empty, please check %s", effective_range_filename);
|
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, "EFFECTIVE_RANGE", "Effective range is empty, please check %s", effective_range_filename);
|
||||||
}
|
}
|
||||||
Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1);
|
Maat_set_feather_opt(_maat_feather,MAAT_OPT_INSTANCE_NAME,instance_name, strlen(instance_name)+1);
|
||||||
|
Maat_set_feather_opt(_maat_feather, MAAT_OPT_STATUS_OUTPUT_PROMETHEUS, &output_prometheus, sizeof(output_prometheus));
|
||||||
if(maat_mode==1)
|
if(maat_mode==1)
|
||||||
{
|
{
|
||||||
MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
|
MESA_load_profile_string_def(conffile,module,"JSON_CFG_FILE",json_cfg_file, sizeof(json_cfg_file),"");
|
||||||
|
|||||||
@@ -1081,7 +1081,7 @@ unsigned long long tsg_get_stream_id(struct streaminfo * a_stream)
|
|||||||
{
|
{
|
||||||
int ret=0;
|
int ret=0;
|
||||||
int device_id_size=sizeof(unsigned long long);
|
int device_id_size=sizeof(unsigned long long);
|
||||||
unsigned long long device_id=(unsigned long long)g_tsg_para.device_id;
|
unsigned long long device_id=(unsigned long long)g_tsg_para.device_seq_in_dc;
|
||||||
|
|
||||||
ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size);
|
ret=MESA_get_stream_opt(a_stream, MSO_GLOBAL_STREAM_ID, (void *)&device_id, &device_id_size);
|
||||||
if(ret==0)
|
if(ret==0)
|
||||||
|
|||||||
Reference in New Issue
Block a user