From ea6825199bc821f9f55e44b015c2cd690ffbb6e5 Mon Sep 17 00:00:00 2001 From: fumingwei Date: Thu, 9 Feb 2023 15:16:25 +0800 Subject: [PATCH] =?UTF-8?q?feature:TSG-13632:OS=E6=94=AF=E6=8C=81=E6=B8=B2?= =?UTF-8?q?=E6=9F=93firewall=E7=9A=84=E9=85=8D=E7=BD=AE(=E6=95=B4=E5=90=88?= =?UTF-8?q?firewall=E7=9A=84=E4=B8=9A=E5=8A=A1=E6=8F=92=E4=BB=B6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../install_config/group_vars/rpm_version.yml | 7 --- .../roles/firewall/templates/main.conf.j2.j2 | 33 ----------- ansible/roles/sapp/files/start.sh | 1 + .../roles/sapp/templates/conflist.inf.j2.j2 | 8 +-- .../files/helm/conf/conflist.inf | 22 +------ .../files/helm/conf/firewall.inf | 59 +++++++++++++++++++ .../traffic-engine/files/helm/conf/main.conf | 33 ----------- .../files/helm/templates/sapp.yaml | 1 + 8 files changed, 63 insertions(+), 101 deletions(-) create mode 100644 ansible/roles/traffic-engine/files/helm/conf/firewall.inf diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml index 5acf2c26..62131c5e 100644 --- a/ansible/install_config/group_vars/rpm_version.yml +++ b/ansible/install_config/group_vars/rpm_version.yml @@ -5,14 +5,7 @@ firewall_rpm_version: capture_packet_plug: capture_packet_plug-4.1.5.b9783ff conn_telemetry: conn_telemetry-1.0.3.4ef6df6 fw_dns_plug: fw_dns_plug-4.0.4.7ce1b29 - fw_ftp_plug: fw_ftp_plug-3.1.4.46f553d - fw_http_plug: fw_http_plug-4.1.5.647dbbe - fw_mail_plug: fw_mail_plug-4.1.3.8316056 - fw_quic_plug: fw_quic_plug-4.1.2.c79dbde - fw_ssl_plug: fw_ssl_plug-3.2.5.fce6a4f - fw_dtls_plug: fw_dtls_plug-1.0.1.5f7daf5 tsg_conn_sketch: tsg_conn_sketch-3.3.17.68c08fb - fw_voip_plug: fw_voip_plug-1.0.11.301c698 gtp_signaling_plug: gtp_signaling_plug-1.0.5.8d64946 tsg_vulpes: tsg_vulpes-1.0.9.0d7c615 radius_collect_plug: radius_collect_plug-2.0.8.0575ab1 diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2 index d6ae8844..64fb7526 100644 --- a/ansible/roles/firewall/templates/main.conf.j2.j2 +++ b/ansible/roles/firewall/templates/main.conf.j2.j2 @@ -1,36 +1,3 @@ -[VOIP_PLUG] -TIMEOUT=300 -LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug" -LOG_LEVEL=30 -TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION -TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION - -[FTP_PLUG] -LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug" -LOG_LEVEL=30 -TIMEOUT=600 - -[MAIL_PLUG] -LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug" -LOG_LEVEL=30 -TIMEOUT=600 - -[HTTP_PLUG] -LOG_PATH="./tsglog/fw_http_plug/fw_http_plug" -LOG_LEVEL=30 - -[DNS_PLUG] -LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug" -LOG_LEVEL=30 - -[QUIC_PLUG] -LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug" -LOG_LEVEL=30 - -[CONTROL_PLUG] -LOG_PATH="./tsglog/app_control_plug/app_control_plug" -LOG_LEVEL=30 - [MAAT] PROFILE="./tsgconf/maat.conf" SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID" diff --git a/ansible/roles/sapp/files/start.sh b/ansible/roles/sapp/files/start.sh index 3922b1ce..6ce35806 100644 --- a/ansible/roles/sapp/files/start.sh +++ b/ansible/roles/sapp/files/start.sh @@ -16,6 +16,7 @@ copyConfigmap2Dest(){ /usr/bin/cp /opt/tsg/config/tsg_device_tag.json /opt/tsg/etc/tsg_device_tag.json /usr/bin/cp /opt/tsg/config/app_sketch_local.inf /opt/tsg/sapp/plug/business/app_sketch_local/app_sketch_local.inf /usr/bin/cp /opt/tsg/config/vlan_flipping_map.conf /opt/tsg/sapp/etc/vlan_flipping_map.conf + /usr/bin/cp /opt/tsg/config/firewall.inf /opt/tsg/sapp/plug/business/firewall/firewall.inf } prestart(){ diff --git a/ansible/roles/sapp/templates/conflist.inf.j2.j2 b/ansible/roles/sapp/templates/conflist.inf.j2.j2 index b05584c1..95585fc2 100644 --- a/ansible/roles/sapp/templates/conflist.inf.j2.j2 +++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2 @@ -61,14 +61,8 @@ ./plug/business/kni/kni.inf {% endif %} {% if firewall.enable == 1 %} -./plug/business/fw_ssl_plug/fw_ssl_plug.inf -./plug/business/fw_http_plug/fw_http_plug.inf ./plug/business/fw_dns_plug/fw_dns_plug.inf -./plug/business/fw_mail_plug/fw_mail_plug.inf -./plug/business/fw_ftp_plug/fw_ftp_plug.inf -./plug/business/fw_quic_plug/fw_quic_plug.inf -./plug/business/fw_voip_plug/fw_voip_plug.inf -./plug/business/fw_dtls_plug/fw_dtls_plug.inf +./plug/business/firewall/firewall.inf ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf {% endif %} ./plug/business/conn_telemetry/conn_telemetry.inf diff --git a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf index 040b94f4..35177fdd 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf +++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf @@ -80,30 +80,10 @@ ./plug/business/kni/kni.inf {{- end }} {{- if eq .Values.firewall.enable .Values.define_enable_val_yes }} -{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }} -./plug/business/fw_ssl_plug/fw_ssl_plug.inf -{{- end }} -{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }} -./plug/business/fw_http_plug/fw_http_plug.inf -{{- end }} {{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }} ./plug/business/fw_dns_plug/fw_dns_plug.inf {{- end }} -{{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }} -./plug/business/fw_mail_plug/fw_mail_plug.inf -{{- end }} -{{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }} -./plug/business/fw_ftp_plug/fw_ftp_plug.inf -{{- end }} -{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }} -./plug/business/fw_quic_plug/fw_quic_plug.inf -{{- end }} -{{- if eq .Values.decoders.DTLS .Values.define_enable_val_yes }} -./plug/business/fw_dtls_plug/fw_dtls_plug.inf -{{- end }} -{{- if and (eq .Values.decoders.RTP .Values.define_enable_val_yes) (eq .Values.decoders.SIP .Values.define_enable_val_yes) }} -./plug/business/fw_voip_plug/fw_voip_plug.inf -{{- end }} +./plug/business/firewall/firewall.inf {{- end }} {{- if eq .Values.decoders.GTPC .Values.define_enable_val_yes }} ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf diff --git a/ansible/roles/traffic-engine/files/helm/conf/firewall.inf b/ansible/roles/traffic-engine/files/helm/conf/firewall.inf new file mode 100644 index 00000000..a3a18dd0 --- /dev/null +++ b/ansible/roles/traffic-engine/files/helm/conf/firewall.inf @@ -0,0 +1,59 @@ +[PLUGINFO] +PLUGNAME=FIREWEALL +SO_PATH=./plug/business/firewall/firewall.so +INIT_FUNC=firewall_init +DESTROY_FUNC=firewall_destroy + +{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }} +[HTTP] +FUNC_FLAG=ALL +FUNC_NAME=fw_http_plug_entry +{{- end }} + +{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }} +[SSL] +FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL +FUNC_NAME=fw_ssl_plug_entry +{{- end }} + +{{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }} +[DNS] +FUNC_FLAG=ALL +FUNC_NAME=fw_dns_plug_entry +{{- end }} + +{{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }} +[MAIL] +FUNC_FLAG=ALL +FUNC_NAME=fw_mail_plug_entry +{{- end }} + +{{- if eq .Values.decoders.RTP .Values.define_enable_val_yes }} +[RTP] +FUNC_FLAG=ALL +FUNC_NAME=fw_rtp_plug_entry +{{- end }} + +{{- if eq .Values.decoders.SIP .Values.define_enable_val_yes }} +[SIP] +FUNC_FLAG=ALL +FUNC_NAME=fw_sip_plug_entry +{{- end }} + +{{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }} +[FTP] +FUNC_FLAG=ALL +FUNC_NAME=fw_ftp_plug_entry +{{- end }} + +{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }} +[QUIC] +FUNC_FLAG=QUIC_CLIENT_HELLO,QUIC_SERVER_HELLO,QUIC_CACHED_CERT,QUIC_COMM_CERT,QUIC_CERT_CHAIN,QUIC_VERSION,QUIC_APPLICATION_DATA +FUNC_NAME=fw_quic_plug_entry +{{- end }} + +{{- if eq .Values.decoders.DTLS .Values.define_enable_val_yes }} +[DTLS] +FUNC_FLAG=DTLS_CLIENT_HELLO,DTLS_SERVER_HELLO,DTLS_HELLO_VERIFY_REQUEST,DTLS_CLIENT_EXTENSION +FUNC_NAME=fw_dtls_plug_entry +{{- end }} diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf index 85332e06..7ded33dc 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/main.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf @@ -1,36 +1,3 @@ -[VOIP_PLUG] -TIMEOUT=300 -LOG_PATH="./tsglog/fw_voip_plug/fw_voip_plug" -LOG_LEVEL=30 -TABLE_TO=TSG_FIELD_SIP_RESPONDER_DESCRIPTION -TABLE_FROM=TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION - -[FTP_PLUG] -LOG_PATH="./tsglog/fw_ftp_plug/fw_ftp_plug" -LOG_LEVEL=30 -TIMEOUT=600 - -[MAIL_PLUG] -LOG_PATH="./tsglog/fw_mail_plug/fw_mail_plug" -LOG_LEVEL=30 -TIMEOUT=600 - -[HTTP_PLUG] -LOG_PATH="./tsglog/fw_http_plug/fw_http_plug" -LOG_LEVEL=30 - -[DNS_PLUG] -LOG_PATH="./tsglog/fw_dns_plug/fw_dns_plug" -LOG_LEVEL=30 - -[QUIC_PLUG] -LOG_PATH="./tsglog/fw_quic_plug/fw_quic_plug" -LOG_LEVEL=30 - -[CONTROL_PLUG] -LOG_PATH="./tsglog/app_control_plug/app_control_plug" -LOG_LEVEL=30 - [MAAT] PROFILE="./tsgconf/maat.conf" SUBSCRIBER_ID_TABLE="TSG_OBJ_SUBSCRIBER_ID" diff --git a/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml b/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml index b322f2ed..0ca138e8 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml @@ -19,3 +19,4 @@ data: vlan_flipping_map.conf: {{ tpl (.Files.Get "conf/vlan_flipping_map.conf") . | quote }} tsg_device_tag.json: {{ tpl (.Files.Get "conf/tsg_device_tag.json") . | quote }} app_sketch_local.inf: {{ tpl (.Files.Get "conf/app_sketch_local.inf") . | quote }} + firewall.inf: {{ tpl (.Files.Get "conf/firewall.inf") . | quote }}