From 7e5d40653e1a10ed8c203ff74da52b57ee9c92ac Mon Sep 17 00:00:00 2001
From: lijia <lijia01@iie.ac.cn>
Date: Thu, 9 Sep 2021 18:31:11 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0sapp=5Fv4.2.50,=20tcpdump=5Fm?=
 =?UTF-8?q?esa=5Fv1.0.8,=20wangw=5Fv.1.3.5,=20wire=5Fgraft=5Fv1.3.6,=20TSG?=
 =?UTF-8?q?-7544=20-=20sapp=20inline=E6=A8=A1=E5=BC=8Ficmp=E4=BF=9D?=
 =?UTF-8?q?=E6=B4=BB=E5=BA=94=E7=AD=94=E5=8C=85seq=3D0=E9=94=99=E8=AF=AF;?=
 =?UTF-8?q?=20TSG-7563=20-=20=E8=87=AA=E5=BB=BAGRE=E6=B5=8B=E8=AF=95?=
 =?UTF-8?q?=E7=8E=AF=E5=A2=83sapp=E5=8F=8D=E5=90=91=E5=8F=91=E9=80=81RST?=
 =?UTF-8?q?=E5=A4=B1=E8=B4=A5;=20TSG-7440=20-=20sapp=E8=AE=BE=E7=BD=AE?=
 =?UTF-8?q?=E6=B5=81BYPASS=E4=BB=A5=E6=8A=B5=E5=BE=A1flood=E6=94=BB?=
 =?UTF-8?q?=E5=87=BB=E7=9A=84=E5=BD=B1=E5=93=8D;=20TSG-7621=20-=20sapp?=
 =?UTF-8?q?=E4=B8=8D=E6=94=AF=E6=8C=81Vxlan=E5=86=85=E5=B1=82HDLC,=20PPP?=
 =?UTF-8?q?=E5=B0=81=E8=A3=85=E6=A0=BC=E5=BC=8F;=20TSG-7542=20-=20?=
 =?UTF-8?q?=E5=9C=A8GRE=E5=8D=8F=E8=AE=AE=E4=B8=8A=E6=B5=8B=E8=AF=95ftp?=
 =?UTF-8?q?=E5=8D=8F=E8=AE=AE=E6=97=B6=EF=BC=8Csub=20action=E4=B8=BArst?=
 =?UTF-8?q?=E6=97=B6=EF=BC=8Cftp=E6=B2=A1=E6=9C=89=E9=98=BB=E6=96=AD;=20TS?=
 =?UTF-8?q?G-7561=20-=20sapp=E5=92=8Ctcpdump=5Fmesa=E6=94=AF=E6=8C=81?=
 =?UTF-8?q?=E6=8D=95=E8=8E=B7bypass=E7=9A=84=E5=8C=85;?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../install_config/group_vars/rpm_version.yml | 10 +++++-----
 ansible/roles/sapp/templates/sapp.toml.j2.j2  | 19 +++++++++++++++++++
 .../provision.yml.sample.7400MCN0P01R01       |  3 +++
 .../provision.yml.sample.9000NPBP01R01        |  3 +++
 4 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml
index d8dafcd0..057c0582 100644
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -51,8 +51,8 @@ mrzcpd_rpm_version:
   mrzcpd: mrzcpd-4.4.8.566081c
 
 sapp_rpm_version:
-  sapp: sapp-4.2.49.1c4b0a6
-  tcpdump_mesa: tcpdump_mesa-1.0.6.faa4eba
+  sapp: sapp-4.2.50.dbc910b
+  tcpdump_mesa: tcpdump_mesa-1.0.8.da3eeea
 
 tfe_rpm_version:
   tfe: tfe-4.5.13.acc67e3
@@ -70,8 +70,8 @@ http_healthcheck_rpm_version:
   http_healthcheck: http_healthcheck-21.06.01.d0685bb
 
 wannat_wangw_rpm_version:
-  libwangw: libwangw-1.3.4.893165a
+  libwangw: libwangw-1.3.5.5e6c78d
 
 wire_graft_rpm_version:  
-  wire_graft: wire_graft_plug-1.3.5.9de921b
-  libwire_graft: libwire_graft-1.3.5.9de921b
+  wire_graft: wire_graft_plug-1.3.6.2832a3c
+  libwire_graft: libwire_graft-1.3.6.2832a3c
diff --git a/ansible/roles/sapp/templates/sapp.toml.j2.j2 b/ansible/roles/sapp/templates/sapp.toml.j2.j2
index 87355789..a1aee5df 100644
--- a/ansible/roles/sapp/templates/sapp.toml.j2.j2
+++ b/ansible/roles/sapp/templates/sapp.toml.j2.j2
@@ -75,12 +75,31 @@ dictator_enable=1
 ### note, polling_priority = call sapp_recv_pkt every call polling_entry times,     
     polling_priority=1
 
+    [packet_io.under_ddos]
+### note, to reduce impact of ddos attack,set some stream bypass, all plugins will not process these streams   
+{% raw %}stream_bypass_enabled={{ sapp_stream_bypass_under_ddos.enable }}
+{% endraw %}
+	
+### note, cpu usage value is percent, for example, config value is 85, means 85%, valid range: [1,100]    
+### sapp change to bypass state immediately when realtime cpu usage > bypass_trigger_cpu_usage
+    bypass_trigger_cpu_usage=90    
+### note, unit of get_cpu_usage_interval is milliseconds(ms)     
+    get_cpu_usage_interval=500
+### note, use the average of the last $smooth_avg_window times as current realtime value 
+    smooth_avg_window=2
+
+    decrease_ratio="0.95"
+    increase_ratio="1.005"
+### note, unit of bypass_observe_time is second(s)     
+    recovery_observe_time=30
+	
 [PROTOCOL_FEATURE]
     ipv6_decapsulation_enabled=1
     ipv6_send_packet_enabled=1
     tcp_drop_pure_ack_pkt=0
     tcp_syn_option_parse_enabled=1 
     skip_not_ip_layer_over_eth=0
+	skip_gtp_seq_field_for_inject=1
 
 [DUPLICATE_PKT]
 [dup_pkt.traffic.original]
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
index ea4db871..57bafeb0 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
@@ -21,6 +21,9 @@ wannat:
 ddossketch:
   enable: 0/1
 
+sapp_stream_bypass_under_ddos
+  enable: 0/1  
+
 app:
   identify_by:
     user_defined_signature: 0/1
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
index d486a62b..c3d57496 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
@@ -17,6 +17,9 @@ wannat:
 
 ddossketch:
   enable: 0/1
+ 
+sapp_stream_bypass_under_ddos
+  enable: 0/1   
 
 data_center:
   name: City instance