更新：tsg_master app_sketch_local ssl fw_http_plug fw_mail_plug fw_ssl_plug fw_ftp_plug capture_packet_plug插件，更新内容：

TSG-7104 - 性能测试 HTTPS 新建时，tsg_stat.log 的 tcp_links speed/s 数值是仪表的 10 倍 TSG-7103 - 功能端的Deny动作支持按会话Rate Limit TSG-7051 - 功能端支持按连接执行ratelimit动作统一使用tsgconf/main.conf和tsgconf/maat.conf配置文件更新sapp，更新内容: TSG-6871 - sapp按每个插件的entry统计单包处理延时 TSG-7024 - 采用环境变量文件方式指定SAPP运行环境的Prefix TSG-7110 - sapp调用marsio.so时在代码里写死绝对路径 TSG-7132 - socks,http_proxy等代理层打印日志类型读内存越界 TSG-7167 - EAL4 DerScanner扫描结果中高风险 TSG-7168 - sapp在pcap模式支持按内层ip分流
2021-08-04 13:24:37 +08:00
parent 6097c95b77
commit e2238271ad
4 changed files with 16 additions and 48 deletions
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -2,20 +2,20 @@ certstore_rpm_version:
  certstore: certstore-2.1.8.20210604.8077136

 firewall_rpm_version:
-  capture_packet_plug: capture_packet_plug-3.0.6.a2db4a4
+  capture_packet_plug: capture_packet_plug-3.1.1.6f324e7
  conn_telemetry: conn_telemetry-1.0.2.8d6da43
  dns: dns-2.0.14.6d7e2f8
  ftp: ftp-1.0.8.13d5fda
  fw_dns_plug: fw_dns_plug-3.0.9.fdeb3ee
-  fw_ftp_plug: fw_ftp_plug-3.0.1.0a78573
-  fw_http_plug: fw_http_plug-3.2.8.41427e3
-  fw_mail_plug: fw_mail_plug-3.1.1.777fa90
+  fw_ftp_plug: fw_ftp_plug-3.1.0.6d367b3
+  fw_http_plug: fw_http_plug-4.0.0.a78765f
+  fw_mail_plug: fw_mail_plug-4.0.0.38c39d7
  fw_quic_plug: fw_quic_plug-3.0.4.947ef77
-  fw_ssl_plug: fw_ssl_plug-3.1.4.98b76c9
+  fw_ssl_plug: fw_ssl_plug-3.2.0.ec688a9
  http: http-2.0.5.c61ad9a
  mail: mail-1.0.11.48abeae
  quic: quic-1.1.18.13ba53b
-  ssl: ssl-2.0.2.1389716
+  ssl: ssl-2.0.3.44bcfa8
  tsg_conn_sketch: tsg_conn_sketch-3.0.15.710e7e7
  rtp: rtp-1.0.4.91b4ab7
  mesa_sip: mesa_sip-1.1.2.b4bc77d
@@ -49,17 +49,17 @@ mrzcpd_rpm_version:
  mrzcpd: mrzcpd-4.4.8.566081c

 sapp_rpm_version:
-  sapp: sapp-4.2.43.3177ff9
+  sapp: sapp-4.2.44.ce0dfaf
  tcpdump_mesa: tcpdump_mesa-1.0.6.faa4eba

 tfe_rpm_version:
  tfe: tfe-4.5.8.be8de2e

 tsg_app_rpm_version:
-  app_sketch_local: app_sketch_local-4.0.2.d0ba885
+  app_sketch_local: app_sketch_local-4.1.0.5c5b968
  
 tsg_master_rpm_version:
-  tsg_master: tsg_master-5.0.4.95b0519 
+  tsg_master: tsg_master-5.1.5.36397f5 

 tsg_diagnose_rpm_version:
  tsg_diagnose: tsg-diagnose-21.03.01.39beba7
--- a/ansible/roles/firewall/tasks/main.yml
+++ b/ansible/roles/firewall/tasks/main.yml
@@ -18,18 +18,11 @@
    dest: /opt/tsg/tsg-os-provision/templates/main.conf.j2
  tags: template

-
 - name: "Template the tsgconf/maat.conf"
  template:
    src: "{{ role_path }}/templates/maat.conf.j2.j2"
    dest: /opt/tsg/tsg-os-provision/templates/maat.conf.j2
  tags: template
-
- name: "Template the conf/capture_packet_plug.conf.j2"
-  template:
-    src: "{{ role_path }}/templates/capture_packet_plug.conf.j2.j2"
-    dest: /opt/tsg/tsg-os-provision/templates/capture_packet_plug.conf.j2
-  tags: template
 
 - name: "Template the /opt/tsg/sapp/plug/business/tsg_conn_sketch/tsg_conn_sketch.inf"
  template:
--- a/ansible/roles/firewall/templates/capture_packet_plug.conf.j2.j2
+++ b/ansible/roles/firewall/templates/capture_packet_plug.conf.j2.j2
@@ -1,30 +0,0 @@
-[MAAT]
-MAAT_MODE=2
-#EFFECTIVE_FLAG=
-STAT_SWITCH=1
-PERF_SWITCH=1
-TABLE_INFO=conf/capture_packet_tableinfo.conf
-STAT_FILE=capture_packet_maat.status
-EFFECT_INTERVAL_S=1
-REDIS_IP={{ cm_policy_server_ip }}
-{% raw %}REDIS_PORT_NUM={{ cm.policy_server.port_num }}
-REDIS_PORT={{ cm.policy_server.port_range }}
-REDIS_INDEX={{ cm.policy_server.db_static }}
-{% endraw %}
-JSON_CFG_FILE=conf/capture_packet_maat.json
-INC_CFG_DIR=capture_packet_rule/inc/index/
-FULL_CFG_DIR=capture_packet_rule/full/index/
-EFFECTIVE_RANGE_FILE=/opt/tsg/etc/tsg_device_tag.json
-
-{% raw %}ACCEPT_TAGS={"tags":[{"tag":"data_center","value":"{{ data_center.name }}"}]}
-{% endraw %}
-
-[LOG]
-NIC_NAME={{ firewall.capture_packet_plug_conf.LOG.NIC_NAME }}
-{% raw %}BROKER_LIST={{ olap.kafka_broker.address_list | join(",") }}
-{% endraw %}
-FIELD_FILE=conf/capture_packet_log_field.conf
-
-[SYSTEM]
-LOG_LEVEL=30
-LOG_PATH=./tsglog/capture_packet_plug/capture_packet
--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -98,7 +98,7 @@ LOG_PATH="./tsglog/app_sketch_local/app_sketch_local"
 SENDBACK_SWITCH=0

 [APP_SKETCH_FEEDBACK]
-QOS=1
+QOS=0
 PUBLISH_TOPIC="APP_SIGNATURE_ID"
 #CLIENT_ID=
 {% raw %}BROKER_IP="{{ app_sketch.broker.address }}"
@@ -109,4 +109,9 @@ BROKER_PORT="{{ app_sketch.broker.port }}"
 nb_workers=60000
 classification_cache_enable=2
 basic_dpi_enable=1
-license_path=/data/app_proto_engine/license
+license_path=/data/app_proto_engine/license
+
+[TRAFFIC_MIRROR]
+TRAFFIC_MIRROR_ENABLE=1
+NIC_NAME=eth_vf_mirr
+DEFAULT_VLAN_ID=2