gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature:7400,9140新增provision sip,bgp,dtls开关

Browse Source
This commit is contained in:
fumingwei
2023-09-22 17:46:40 +08:00
parent 05a69c6d99
commit abaee156ef
13 changed files with 129 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ansible/roles/firewall/tasks/main.yml
View File

@@ -44,3 +44,10 @@
src: "{{ role_path }}/templates/quic/main.conf.j2"
dest: /opt/tsg/sapp/conf/quic/main.conf
tags: template
- name: "Template the /opt/tsg/sapp/plug/business/firewall/firewall.inf"
template:
src: "{{ role_path }}/templates/firewall.inf.j2.j2"
dest: /opt/tsg/tsg-os-provision/templates/firewall.inf.j2
tags: template
when: runtime_env != 'TSG-X-P0906'

55
ansible/roles/firewall/templates/firewall.inf.j2.j2 Normal file
View File

@@ -0,0 +1,55 @@
[PLUGINFO]
PLUGNAME=FIREWEALL
SO_PATH=./plug/business/firewall/firewall.so
INIT_FUNC=firewall_init
DESTROY_FUNC=firewall_destroy
[HTTP]
FUNC_FLAG=ALL
FUNC_NAME=fw_http_plug_entry
[SSL]
FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
FUNC_NAME=fw_ssl_plug_entry
[DNS]
FUNC_FLAG=ALL
FUNC_NAME=fw_dns_plug_entry
[MAIL]
FUNC_FLAG=ALL
FUNC_NAME=fw_mail_plug_entry
[RTP]
FUNC_FLAG=ALL
FUNC_NAME=fw_rtp_plug_entry
{% raw %}{% if firewall.enable_sip == 1 %}
[SIP]
FUNC_FLAG=ALL
FUNC_NAME=fw_sip_plug_entry
{% endif %}
{% endraw %}
[FTP]
FUNC_FLAG=ALL
FUNC_NAME=fw_ftp_plug_entry
[QUIC]
FUNC_FLAG=QUIC_CLIENT_HELLO,QUIC_SERVER_HELLO,QUIC_CACHED_CERT,QUIC_COMM_CERT,QUIC_CERT_CHAIN,QUIC_VERSION,QUIC_APPLICATION_DATA
FUNC_NAME=fw_quic_plug_entry
{% raw %}{% if firewall.enable_dtls == 1 %}
[DTLS]
FUNC_FLAG=DTLS_CLIENT_HELLO,DTLS_SERVER_HELLO,DTLS_HELLO_VERIFY_REQUEST,DTLS_CLIENT_EXTENSION
FUNC_NAME=fw_dtls_plug_entry
{% endif %}
{% endraw %}
[UDP]
FUNC_FLAG=ALL
FUNC_NAME=fw_udp_plug_entry
[TCP]
FUNC_FLAG=ALL
FUNC_NAME=fw_tcp_plug_entry

11
ansible/roles/firewall/templates/main.conf.j2.j2
View File

@@ -108,6 +108,17 @@ DEVICE_SEQ_IN_DATA_CENTER={{ session_id_generator.snowflake_worker_id_offset }}
FEATURE_TAMPER=1
GENERATE_JA3_FINGERPRINT=1
{% raw %}{% if firewall.enable_dtls == 1 and firewall.enable_sip == 1 %}
IDENTIFY_PROTO_NAME="DNS;QUIC;HTTP;MAIL;FTP;SSL;RTP;SIP;SSH;RADIUS;SOCKS;STRATUM;RDP;DTLS;GTPC;"
{% elif firewall.enable_dtls == 1 %}
IDENTIFY_PROTO_NAME="DNS;QUIC;HTTP;MAIL;FTP;SSL;RTP;SSH;RADIUS;SOCKS;STRATUM;RDP;DTLS;GTPC;"
{% elif firewall.enable_sip == 1 %}
IDENTIFY_PROTO_NAME="DNS;QUIC;HTTP;MAIL;FTP;SSL;RTP;SIP;SSH;RADIUS;SOCKS;STRATUM;RDP;GTPC;"
{% else %}
IDENTIFY_PROTO_NAME="DNS;QUIC;HTTP;MAIL;FTP;SSL;RTP;SSH;RADIUS;SOCKS;STRATUM;RDP;GTPC;"
{% endif %}
{% endraw %}
[FIREWALL]
CYCLE=30
#TELEGRAF_PORT=8500

11
ansible/roles/firewall/templates/session_record.inf.j2.j2
View File

@@ -43,9 +43,12 @@ FUNC_NAME=session_record_rtp_entry
{% endif %}
{% endraw %}
{% raw %}{% if firewall.enable_sip == 1 %}
[SIP]
FUNC_FLAG=ALL
FUNC_NAME=session_record_sip_entry
{% endif %}
{% endraw %}
[FTP]
FUNC_FLAG=ALL
@@ -67,10 +70,16 @@ FUNC_NAME=session_record_stratum_entry
FUNC_FLAG=ALL
FUNC_NAME=session_record_rdp_entry
{% raw %}{% if firewall.enable_bgp == 1 %}
[BGP]
FUNC_FLAG=ALL
FUNC_NAME=session_record_bgp_entry
{% endif %}
{% endraw %}
{% raw %}{% if firewall.enable_dtls == 1 %}
[DTLS]
FUNC_FLAG=DTLS_CLIENT_HELLO,DTLS_SERVER_HELLO,DTLS_HELLO_VERIFY_REQUEST,DTLS_CLIENT_EXTENSION
FUNC_NAME=session_record_dtls_entry
FUNC_NAME=session_record_dtls_entry
{% endif %}
{% endraw %}

9
ansible/roles/sapp/templates/conflist.inf.j2.j2
View File

@@ -27,7 +27,10 @@
[protocol]
./plug/protocol/deal_socks/deal_socks.inf
{% raw %}{% if firewall.enable_sip == 1 %}
./plug/protocol/sip/sip.inf
{% endif %}
{% endraw %}
./plug/protocol/rtp/rtp.inf
./plug/protocol/ssl/ssl.inf
./plug/protocol/http/http.inf
@@ -41,8 +44,14 @@
./plug/protocol/ssh/ssh.inf
./plug/protocol/stratum/stratum.inf
./plug/protocol/rdp/rdp.inf
{% raw %}{% if firewall.enable_bgp == 1 %}
./plug/protocol/bgp/bgp.inf
{% endif %}
{% endraw %}
{% raw %}{% if firewall.enable_dtls == 1 %}
./plug/protocol/dtls/dtls.inf
{% endif %}
{% endraw %}
[business]
{% raw %}{% if firewall.enable == 1 %}

3
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01
View File

@@ -10,6 +10,9 @@ firewall:
proxy:
enable: 1
enable_hos: 1
enable_dtls: 1
enable_sip: 1
enable_bgp: 1
sessionrecord:
enable: 1

3
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01
View File

@@ -9,6 +9,9 @@ firewall:
proxy:
enable: 1
enable_hos: 1
enable_dtls: 1
enable_sip: 1
enable_bgp: 1
sessionrecord:
enable: 1

4
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804
View File

@@ -6,6 +6,10 @@ firewall:
enable: 1
enable_hos: 1
rapidjson_chunk_capacity: 2048
enable_dtls: 1
enable_sip: 1
enable_bgp: 1
proxy:
enable: 1

3
ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403
View File

@@ -6,6 +6,9 @@ firewall:
enable: 1
enable_hos: 1
rapidjson_chunk_capacity: 2048
enable_dtls: 1
enable_sip: 1
enable_bgp: 1
proxy:
enable: 0

6
ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01
View File

@@ -159,6 +159,12 @@
dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf
tags: firewall
- name: "tsg-os-provision: Template the firewall.inf"
template:
src: "../templates/firewall.inf.j2"
dest: /opt/tsg/sapp/plug/business/firewall/firewall.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"

6
ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01
View File

@@ -109,6 +109,12 @@
dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf
tags: firewall
- name: "tsg-os-provision: Template the firewall.inf"
template:
src: "../templates/firewall.inf.j2"
dest: /opt/tsg/sapp/plug/business/firewall/firewall.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"

6
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804
View File

@@ -165,6 +165,12 @@
dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf
tags: firewall
- name: "tsg-os-provision: Template the firewall.inf"
template:
src: "../templates/firewall.inf.j2"
dest: /opt/tsg/sapp/plug/business/firewall/firewall.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"

6
ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403
View File

@@ -78,6 +78,12 @@
dest: /opt/tsg/sapp/plug/business/session_record/session_record.inf
tags: firewall
- name: "tsg-os-provision: Template the firewall.inf"
template:
src: "../templates/firewall.inf.j2"
dest: /opt/tsg/sapp/plug/business/firewall/firewall.inf
tags: firewall
- name: "tsg-os-provision: Template the sapp.toml"
template:
src: "../templates/sapp.toml.j2"