From edb77878e2646fac92acb2a6a3fbc95e6da78473 Mon Sep 17 00:00:00 2001
From: fumingwei <fumingwei@geedgenetworks.com>
Date: Wed, 14 Sep 2022 15:26:29 +0800
Subject: [PATCH] =?UTF-8?q?feature:TSG-11954:TSG-X=20os=E5=AE=9E=E7=8E=B0d?=
 =?UTF-8?q?ecoders=E7=9B=B8=E5=85=B3=E9=85=8D=E7=BD=AE=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../files/helm/conf/app_sketch_local.inf      | 42 +++++++++++++++
 .../files/helm/conf/conflist.inf              | 52 ++++++++++++++++++-
 .../traffic-engine/files/helm/conf/main.conf  |  4 ++
 .../files/helm/conf/tsg_conn_sketch.inf       | 41 +++++++++++++--
 .../files/helm/templates/_config.tpl          | 13 ++++-
 .../files/helm/templates/sapp.yaml            |  1 +
 .../files/helm/templates/traffic-engine.yaml  |  3 ++
 .../traffic-engine/files/helm/values.yaml     | 20 ++++++-
 8 files changed, 168 insertions(+), 8 deletions(-)
 create mode 100644 ansible/roles/traffic-engine/files/helm/conf/app_sketch_local.inf

diff --git a/ansible/roles/traffic-engine/files/helm/conf/app_sketch_local.inf b/ansible/roles/traffic-engine/files/helm/conf/app_sketch_local.inf
new file mode 100644
index 00000000..dae114a4
--- /dev/null
+++ b/ansible/roles/traffic-engine/files/helm/conf/app_sketch_local.inf
@@ -0,0 +1,42 @@
+[PLUGINFO]
+PLUGNAME=APP_SKETCH_LOCAL
+SO_PATH=./plug/business/app_sketch_local/app_sketch_local.so
+INIT_FUNC=APP_SKETCH_LOCAL_INIT
+DESTROY_FUNC=APP_SKETCH_LOCAL_DESTROY
+
+[POLLING]
+FUNC_FLAG=ALL
+FUNC_NAME=APP_SKETCH_POLLING_ENTRY
+
+[TCP_ALL]
+FUNC_FLAG=ALL
+FUNC_NAME=APP_SKETCH_TCPALL_PLUG_ENTRY
+
+[TCP]
+FUNC_FLAG=ALL
+FUNC_NAME=APP_SKETCH_TCP_PLUG_ENTRY
+
+[UDP]
+FUNC_FLAG=ALL
+FUNC_NAME=APP_SKETCH_UDP_PLUG_ENTRY
+
+
+{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }}
+[HTTP]
+FUNC_FLAG=ALL
+FUNC_NAME=APP_SKETCH_HTTP_PLUG_ENTRY
+{{- end }}
+
+
+{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }}
+[SSL]
+FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
+FUNC_NAME=APP_SKETCH_SSL_PLUG_ENTRY
+{{- end }}
+
+
+{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }}
+[QUIC]
+FUNC_FLAG=QUIC_CLIENT_HELLO
+FUNC_NAME=APP_SKETCH_QUIC_PLUG_ENTRY
+{{- end }}
diff --git a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
index e1aaed98..18e39e1f 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
+++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf
@@ -15,23 +15,55 @@
 {{- end }}
 
 [protocol]
-./plug/protocol/deal_socks/deal_socks.inf 
+{{- if eq .Values.decoders.SOCKS .Values.define_enable_val_yes }}
+./plug/protocol/deal_socks/deal_socks.inf
+{{- end }}
+{{- if eq .Values.decoders.SIP .Values.define_enable_val_yes }}
 ./plug/protocol/sip/sip.inf
+{{- end }}
+{{- if eq .Values.decoders.RTP .Values.define_enable_val_yes }}
 ./plug/protocol/rtp/rtp.inf
+{{- end }}
+{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }}
 ./plug/protocol/ssl/ssl.inf
+{{- end }}
+{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }}
 ./plug/protocol/http/http.inf
+{{- end }}
+{{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }}
 ./plug/protocol/dns/dns.inf
+{{- end }}
+{{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }}
 ./plug/protocol/mail/mail.inf
+{{- end }}
+{{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }}
 ./plug/protocol/ftp/ftp.inf
+{{- end }}
+{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }}
 ./plug/protocol/quic/quic.inf
+{{- end }}
 ./plug/protocol/l2tp_protocol_plug/l2tp_protocol_plug.inf
+{{- if eq .Values.decoders.GTPC .Values.define_enable_val_yes }}
 ./plug/protocol/gtp/gtp.inf
+{{- end }}
+{{- if eq .Values.decoders.RADIUS .Values.define_enable_val_yes }}
 ./plug/protocol/radius/radius.inf
+{{- end }}
+{{- if eq .Values.decoders.SSH .Values.define_enable_val_yes }}
 ./plug/protocol/ssh/ssh.inf
+{{- end }}
+{{- if eq .Values.decoders.STRATUM .Values.define_enable_val_yes }}
 ./plug/protocol/stratum/stratum.inf
+{{- end }}
+{{- if eq .Values.decoders.RDP .Values.define_enable_val_yes }}
 ./plug/protocol/rdp/rdp.inf
+{{- end }}
+{{- if eq .Values.decoders.BGP .Values.define_enable_val_yes }}
 ./plug/protocol/bgp/bgp.inf
+{{- end }}
+{{- if eq .Values.decoders.DTLS .Values.define_enable_val_yes }}
 ./plug/protocol/dtls/dtls.inf
+{{- end }}
 
 [business]
 {{- if eq .Values.encrypt_traffic_identify.voice_bahavior_engine .Values.define_enable_val_yes }}
@@ -47,13 +79,29 @@
 ./plug/business/kni/kni.inf
 {{- end }}
 {{- if eq .Values.firewall.enable .Values.define_enable_val_yes }}
+{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }}
 ./plug/business/fw_ssl_plug/fw_ssl_plug.inf
+{{- end }}
+{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }}
 ./plug/business/fw_http_plug/fw_http_plug.inf
+{{- end }}
+{{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }}
 ./plug/business/fw_dns_plug/fw_dns_plug.inf
+{{- end }}
+{{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }}
 ./plug/business/fw_mail_plug/fw_mail_plug.inf
+{{- end }}
+{{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }}
 ./plug/business/fw_ftp_plug/fw_ftp_plug.inf
+{{- end }}
+{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }}
 ./plug/business/fw_quic_plug/fw_quic_plug.inf
+{{- end }}
+{{- if and (eq .Values.decoders.RTP .Values.define_enable_val_yes) (eq .Values.decoders.SIP .Values.define_enable_val_yes) }}
 ./plug/business/fw_voip_plug/fw_voip_plug.inf
+{{- end }}
+{{- end }}
+{{- if eq .Values.decoders.GTPC .Values.define_enable_val_yes }}
 ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
 {{- end }}
 ./plug/business/conn_telemetry/conn_telemetry.inf
@@ -62,6 +110,6 @@
 ./plug/business/app_sketch_local/app_sketch_local.inf
 {{- end }}
 {{- end }}
-{{- if eq .Values.radius_record.enable .Values.define_enable_val_yes }}
+{{- if and (eq .Values.radius_record.enable .Values.define_enable_val_yes) (eq .Values.decoders.RADIUS .Values.define_enable_val_yes) }}
 ./plug/business/radius_collect_plug/radius_collect_plug.inf
 {{- end }}
diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf
index 8e3c5f4b..3663b595 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/main.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf
@@ -73,6 +73,8 @@ L7_PROTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"
 DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'adc' '{print $2}'"
 DEVICE_SEQ_IN_DATA_CENTER={{ .Values.session_id_generator.snowflake_worker_id_offset }}
 FEATURE_TAMPER=1
+#IDENTIFY_PROTO_NAME="DNS;QUIC;HTTP;MAIL;FTP;SSL;RTP;SIP;SSH;RADIUS;SOCKS;STRATUM;RDP;BGP;DTLS;GTPC;"
+IDENTIFY_PROTO_NAME="{{- include "traffic-engine.config.identify-proto-name" . }}"
 
 [TSG_CONN_SKETCH]
 tcp_min_pkts=3
@@ -152,6 +154,7 @@ SERVICE_ID=162
 LOG_PATH=./log/radius_collect_plug/radius_collect_plug
 LOG_LEVEL=30
 
+{{- if eq .Values.decoders.GTPC .Values.define_enable_val_yes }}
 [GTP_SIGNALING]
 {{- if eq .Values.gtpc_record.enable .Values.define_enable_val_yes }}
 SENDLOG_SWITCH=1
@@ -160,6 +163,7 @@ SENDLOG_SWITCH=0
 {{- end }}
 #NO/HASH/REDIS
 SIGNALING_ORIGIN=REDIS
+{{- end }}
 
 [CAPTURE]
 
diff --git a/ansible/roles/traffic-engine/files/helm/conf/tsg_conn_sketch.inf b/ansible/roles/traffic-engine/files/helm/conf/tsg_conn_sketch.inf
index 893c5139..ef04e29e 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/tsg_conn_sketch.inf
+++ b/ansible/roles/traffic-engine/files/helm/conf/tsg_conn_sketch.inf
@@ -17,60 +17,93 @@ FUNC_NAME=tsg_record_tcpall_entry
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_udp_entry
 
+
+{{- if eq .Values.decoders.HTTP .Values.define_enable_val_yes }}
 [HTTP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_http_entry
+{{- end }}
 
+
+{{- if eq .Values.decoders.SSL .Values.define_enable_val_yes }}
 [SSL]
 FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
 FUNC_NAME=tsg_record_ssl_entry
+{{- end }}
 
+
+{{- if eq .Values.decoders.DNS .Values.define_enable_val_yes }}
 [DNS]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_dns_entry
+{{- end }}
 
+
+{{- if eq .Values.decoders.MAIL .Values.define_enable_val_yes }}
 [MAIL]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_mail_entry
+{{- end }}
 
-{{ if eq .Values.voip_record.enable_rtp .Values.define_enable_val_yes }}
+
+{{- if and (eq .Values.voip_record.enable_rtp .Values.define_enable_val_yes) (eq .Values.decoders.RTP .Values.define_enable_val_yes ) }}
 [RTP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_rtp_entry
 {{- end }}
 
-{{ if eq .Values.voip_record.enable_sip .Values.define_enable_val_yes }}
+
+{{- if and (eq .Values.voip_record.enable_sip .Values.define_enable_val_yes) (eq .Values.decoders.SIP .Values.define_enable_val_yes ) }}
 [SIP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_sip_entry
 {{- end }}
 
+
+{{- if eq .Values.decoders.FTP .Values.define_enable_val_yes }}
 [FTP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_ftp_entry
+{{- end }}
 
+
+{{- if eq .Values.decoders.QUIC .Values.define_enable_val_yes }}
 [QUIC]
 FUNC_FLAG=QUIC_CLIENT_HELLO,QUIC_SERVER_HELLO,QUIC_CACHED_CERT,QUIC_COMM_CERT,QUIC_CERT_CHAIN,QUIC_VERSION,QUIC_APPLICATION_DATA
 FUNC_NAME=tsg_record_quic_entry
+{{- end }}
 
+
+{{- if eq .Values.decoders.SSH .Values.define_enable_val_yes }}
 [SSH]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_ssh_entry
+{{- end }}
 
+
+{{- if eq .Values.decoders.STRATUM .Values.define_enable_val_yes }}
 [STRATUM]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_stratum_entry
+{{- end }}
 
+
+{{- if eq .Values.decoders.RDP .Values.define_enable_val_yes }}
 [RDP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_rdp_entry
+{{- end }}
 
-{{ if eq .Values.bgp_record.enable .Values.define_enable_val_yes }}
+
+{{- if and (eq .Values.bgp_record.enable .Values.define_enable_val_yes) (eq .Values.decoders.BGP .Values.define_enable_val_yes) }}
 [BGP]
 FUNC_FLAG=ALL
 FUNC_NAME=tsg_record_bgp_entry
 {{- end }}
 
+
+{{- if eq .Values.decoders.DTLS .Values.define_enable_val_yes }}
 [DTLS]
 FUNC_FLAG=DTLS_CLIENT_HELLO,DTLS_SERVER_HELLO,DTLS_HELLO_VERIFY_REQUEST,DTLS_CLIENT_EXTENSION
-FUNC_NAME=tsg_record_dtls_entry
\ No newline at end of file
+FUNC_NAME=tsg_record_dtls_entry
+{{- end }}
\ No newline at end of file
diff --git a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
index f132f7e6..c2d4fd14 100644
--- a/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
+++ b/ansible/roles/traffic-engine/files/helm/templates/_config.tpl
@@ -72,4 +72,15 @@ enable_breakpad_upload=0
 {{- define "traffic-engine.config.hos-port" -}}
 {{- $address_dict := index .Values.external_resources.olap.hos_servers.addresses 0 -}}
 {{- $address_dict.port }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
+
+{{- define "traffic-engine.config.identify-proto-name" -}}
+{{- $proto_name := "" -}}
+{{- $val_yes := .Values.define_enable_val_yes }}
+{{- range $key, $val := .Values.decoders }}
+{{- if eq $val $val_yes }}
+{{- $proto_name = print $proto_name $key ";" }}
+{{- end }}
+{{- end }}
+{{- $proto_name }}
+{{- end -}}
diff --git a/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml b/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml
index 58d6dd45..f9618a06 100644
--- a/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/sapp.yaml
@@ -16,3 +16,4 @@ data:
   wire_graft.conf: {{ tpl (.Files.Get "conf/wire_graft.conf") . | quote }}
   vlan_flipping_map.conf: {{ tpl (.Files.Get "conf/vlan_flipping_map.conf") . | quote }}
   tsg_device_tag.json: {{ tpl (.Files.Get "conf/tsg_device_tag.json") . | quote }}
+  app_sketch_local.inf: {{ tpl (.Files.Get "conf/app_sketch_local.inf") . | quote }}
diff --git a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
index 7a10190a..7d10369c 100644
--- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
+++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml
@@ -99,6 +99,9 @@ spec:
         - name: sapp
           mountPath: "/opt/tsg/etc/tsg_device_tag.json"
           subPath: "tsg_device_tag.json"
+        - name: sapp
+          mountPath: "/opt/tsg/sapp/plug/business/app_sketch_local/app_sketch_local.inf"
+          subPath: "app_sketch_local.inf"
         - name: config-volume
           mountPath: "/opt/tsg/etc/tsg_sn.json"
           subPath: "opt/tsg/etc/tsg_sn.json"
diff --git a/ansible/roles/traffic-engine/files/helm/values.yaml b/ansible/roles/traffic-engine/files/helm/values.yaml
index 5dfc8a22..a728add5 100644
--- a/ansible/roles/traffic-engine/files/helm/values.yaml
+++ b/ansible/roles/traffic-engine/files/helm/values.yaml
@@ -165,4 +165,22 @@ image:
   tsgInit:
     repository: docker.io/library/tsg-init
     pullPolicy: Never
-    tag: ""
\ No newline at end of file
+    tag: ""
+
+decoders:
+  DNS: yes
+  QUIC: yes
+  HTTP: yes
+  MAIL: yes
+  FTP: yes
+  SSL: yes
+  RTP: yes
+  SIP: yes
+  SSH: yes
+  RADIUS: yes
+  SOCKS: yes
+  STRATUM: yes
+  RDP: yes
+  BGP: yes
+  DTLS: yes
+  GTPC: yes