feature:TSG-13632:OS支持渲染firewall的配置(整合firewall的业务插件)

2023-02-09 15:16:25 +08:00
parent f82dae3004
commit ea6825199b
8 changed files with 63 additions and 101 deletions
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -5,14 +5,7 @@ firewall_rpm_version:
  capture_packet_plug: capture_packet_plug-4.1.5.b9783ff
  conn_telemetry: conn_telemetry-1.0.3.4ef6df6
  fw_dns_plug: fw_dns_plug-4.0.4.7ce1b29
-  fw_ftp_plug: fw_ftp_plug-3.1.4.46f553d
-  fw_http_plug: fw_http_plug-4.1.5.647dbbe
-  fw_mail_plug: fw_mail_plug-4.1.3.8316056
-  fw_quic_plug: fw_quic_plug-4.1.2.c79dbde
-  fw_ssl_plug: fw_ssl_plug-3.2.5.fce6a4f
-  fw_dtls_plug: fw_dtls_plug-1.0.1.5f7daf5
  tsg_conn_sketch:  tsg_conn_sketch-3.3.17.68c08fb
-  fw_voip_plug: fw_voip_plug-1.0.11.301c698
  gtp_signaling_plug: gtp_signaling_plug-1.0.5.8d64946
  tsg_vulpes: tsg_vulpes-1.0.9.0d7c615
  radius_collect_plug: radius_collect_plug-2.0.8.0575ab1
--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -1,36 +1,3 @@
-[VOIP_PLUG]
-TIMEOUT=300
-LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
-LOG_LEVEL=30
-TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
-TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
-
-[FTP_PLUG]
-LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
-LOG_LEVEL=30
-TIMEOUT=600
-
-[MAIL_PLUG]
-LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
-LOG_LEVEL=30
-TIMEOUT=600
-
-[HTTP_PLUG]
-LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
-LOG_LEVEL=30
-
-[DNS_PLUG]
-LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
-LOG_LEVEL=30
-
-[QUIC_PLUG]
-LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
-LOG_LEVEL=30
-
-[CONTROL_PLUG]
-LOG_PATH="./tsglog/app_control_plug/app_control_plug"
-LOG_LEVEL=30
-
 [MAAT]
 PROFILE="./tsgconf/maat.conf"
 SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
--- a/ansible/roles/sapp/files/start.sh
+++ b/ansible/roles/sapp/files/start.sh
@@ -16,6 +16,7 @@ copyConfigmap2Dest(){
 	/usr/bin/cp /opt/tsg/config/tsg_device_tag.json     /opt/tsg/etc/tsg_device_tag.json
 	/usr/bin/cp /opt/tsg/config/app_sketch_local.inf    /opt/tsg/sapp/plug/business/app_sketch_local/app_sketch_local.inf
 	/usr/bin/cp /opt/tsg/config/vlan_flipping_map.conf  /opt/tsg/sapp/etc/vlan_flipping_map.conf
+	/usr/bin/cp /opt/tsg/config/firewall.inf            /opt/tsg/sapp/plug/business/firewall/firewall.inf
 }

 prestart(){
--- a/ansible/roles/sapp/templates/conflist.inf.j2.j2
+++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2
@@ -61,14 +61,8 @@
 ./plug/business/kni/kni.inf
 {% endif %}
 {% if firewall.enable == 1 %}
-./plug/business/fw_ssl_plug/fw_ssl_plug.inf
-./plug/business/fw_http_plug/fw_http_plug.inf
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
-./plug/business/fw_mail_plug/fw_mail_plug.inf
-./plug/business/fw_ftp_plug/fw_ftp_plug.inf
-./plug/business/fw_quic_plug/fw_quic_plug.inf
-./plug/business/fw_voip_plug/fw_voip_plug.inf
-./plug/business/fw_dtls_plug/fw_dtls_plug.inf
+./plug/business/firewall/firewall.inf
 ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
 {% endif %}
 ./plug/business/conn_telemetry/conn_telemetry.inf
--- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
+++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
@@ -80,30 +80,10 @@
 ./plug/business/kni/kni.inf
 {{- end }}
 {{- if eq .Values.firewall.enable .Values.define_enable_val_yes }}
-{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }}
-./plug/business/fw_ssl_plug/fw_ssl_plug.inf
-{{- end }}
-{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }}
-./plug/business/fw_http_plug/fw_http_plug.inf
-{{- end }}
 {{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }}
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
 {{- end }}
-{{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }}
-./plug/business/fw_mail_plug/fw_mail_plug.inf
-{{- end }}
-{{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }}
-./plug/business/fw_ftp_plug/fw_ftp_plug.inf
-{{- end }}
-{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }}
-./plug/business/fw_quic_plug/fw_quic_plug.inf
-{{- end }}
-{{- if eq .Values.decoders.DTLS .Values.define_enable_val_yes }}
-./plug/business/fw_dtls_plug/fw_dtls_plug.inf
-{{- end }}
-{{- if and (eq .Values.decoders.RTP .Values.define_enable_val_yes) (eq .Values.decoders.SIP .Values.define_enable_val_yes) }}
-./plug/business/fw_voip_plug/fw_voip_plug.inf
-{{- end }}
+./plug/business/firewall/firewall.inf
 {{- end }}
 {{- if eq .Values.decoders.GTPC .Values.define_enable_val_yes }}
 ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
--- a/ansible/roles/traffic-engine/files/helm/conf/firewall.inf
+++ b/ansible/roles/traffic-engine/files/helm/conf/firewall.inf
@@ -0,0 +1,59 @@
+[PLUGINFO]
+PLUGNAME=FIREWEALL
+SO_PATH=./plug/business/firewall/firewall.so
+INIT_FUNC=firewall_init
+DESTROY_FUNC=firewall_destroy
+
+{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }}
+[HTTP]
+FUNC_FLAG=ALL
+FUNC_NAME=fw_http_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }}
+[SSL]
+FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
+FUNC_NAME=fw_ssl_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }}
+[DNS]
+FUNC_FLAG=ALL
+FUNC_NAME=fw_dns_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }}
+[MAIL]
+FUNC_FLAG=ALL
+FUNC_NAME=fw_mail_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.RTP .Values.define_enable_val_yes }}
+[RTP]
+FUNC_FLAG=ALL
+FUNC_NAME=fw_rtp_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.SIP .Values.define_enable_val_yes }}
+[SIP]
+FUNC_FLAG=ALL
+FUNC_NAME=fw_sip_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }}
+[FTP]
+FUNC_FLAG=ALL
+FUNC_NAME=fw_ftp_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }}
+[QUIC]
+FUNC_FLAG=QUIC_CLIENT_HELLO,QUIC_SERVER_HELLO,QUIC_CACHED_CERT,QUIC_COMM_CERT,QUIC_CERT_CHAIN,QUIC_VERSION,QUIC_APPLICATION_DATA
+FUNC_NAME=fw_quic_plug_entry
+{{- end }}
+
+{{- if eq .Values.decoders.DTLS .Values.define_enable_val_yes }}
+[DTLS]
+FUNC_FLAG=DTLS_CLIENT_HELLO,DTLS_SERVER_HELLO,DTLS_HELLO_VERIFY_REQUEST,DTLS_CLIENT_EXTENSION
+FUNC_NAME=fw_dtls_plug_entry
+{{- end }}
--- a/ansible/roles/traffic-engine/files/helm/conf/main.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf
@@ -1,36 +1,3 @@
-[VOIP_PLUG]
-TIMEOUT=300
-LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug"
-LOG_LEVEL=30
-TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION
-TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION
-
-[FTP_PLUG]
-LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug"
-LOG_LEVEL=30
-TIMEOUT=600
-
-[MAIL_PLUG]
-LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug"
-LOG_LEVEL=30
-TIMEOUT=600
-
-[HTTP_PLUG]
-LOG_PATH="./tsglog/fw_http_plug/fw_http_plug"
-LOG_LEVEL=30
-
-[DNS_PLUG]
-LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug"
-LOG_LEVEL=30
-
-[QUIC_PLUG]
-LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug"
-LOG_LEVEL=30
-
-[CONTROL_PLUG]
-LOG_PATH="./tsglog/app_control_plug/app_control_plug"
-LOG_LEVEL=30
-
 [MAAT]
 PROFILE="./tsgconf/maat.conf"
 SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID"
--- a/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml
@@ -19,3 +19,4 @@ data:
  vlan_flipping_map.conf: {{ tpl (.Files.Get "conf/vlan_flipping_map.conf") . | quote }}
  tsg_device_tag.json: {{ tpl (.Files.Get "conf/tsg_device_tag.json") . | quote }}
  app_sketch_local.inf: {{ tpl (.Files.Get "conf/app_sketch_local.inf") . | quote }}
+  firewall.inf: {{ tpl (.Files.Get "conf/firewall.inf") . | quote }}