gfwleak/tsg-tsg-os-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,571 Commits 92 Branches 330 Tags
3902bcaf2fd8ebf88b125ff537a22e44b8f793bf
Commit Graph

1571 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lu Qiuwen
3902bcaf2f update mrzcpd to 4.6.39 
(cherry picked from commit 166ebaf3a6)
 2023-08-03 15:10:26 +08:00
liuxueli
fa3e810e8e 更新tsg_master、firewall、session_record、quic、ssl、http,修复: 
tsg_master: 规范变量的定义; 支持关闭FS的相关统计,便于valgrind/asan定位内存的相关问题
tsg_master: 增加sni长度判断,同时解析结果异常时,增加释放已申请sni内存的操作
tsg_master: 修复application metrics更新包数时可能存在内存越界
quic: 增加长度判断,修复长度异常时造成的内存非法读
http: 修复strncasecmp时未对待查找串长度保护,可能读越界的错误
session_record/firewall/ssl: Debug版本链接ASAN,用于定位问题


(cherry picked from commit 29e1910607)
 2023-08-03 15:09:50 +08:00
yangwei
ea223f7ac1 🐞 fix(sapp-pr-4.3.20.73cf957): update to sapp-pr-4.3.20.73cf957 
(cherry picked from commit c6d3e860ff)
 2023-08-03 15:07:32 +08:00
yangwei
40e701e9f3 🐞 fix(sapp rpm update): 更新至sapp-pr-4.3.19.1c9045b 
1、修复读包模式结束时,线程同步可能造成内存泄露的问题
2、修复4.3.17更新引入的流表满时的边界判断条件,可能导致启动后持续高新建流时导致段错误
3、调整进程退出时的输出格式,方便展示进度


(cherry picked from commit a6a52a2ec0)
 2023-08-03 15:04:40 +08:00
linxin
c96a9c14d3 TSG-16401: 
为9140环境provision-config-apply增加重启telegraf相关组件
 2023-08-02 17:59:14 +08:00
linxin
fc5aae23fe TSG-16020: 通过kexec进行快速内核切换跳过硬件检查加快升级流程 v23.08-rc0 2023-07-28 08:19:18 +00:00
liuchang
e68336b2be session flags add feature random looking 2023-07-28 03:51:06 +00:00
luwenpeng
f139884eef TSG-16291 更新SCE适配库表变更 2023-07-26 16:35:37 +08:00
liuxueli
4195728f23 更新tsg_master, application metrics更新包数时存在内存越界 v23.07.8 2023-07-25 12:59:59 +00:00
fumingwei
280fdea3ca bugfix:TSG-16319:修改k3s service env文件位置 2023-07-25 20:53:24 +08:00
fumingwei
0999494140 bugfix:TSG-16319:修改k3s的service安装目录为/usr/lib/systemd/system 2023-07-25 18:57:52 +08:00
fumingwei
5693f753bb bugfix:TSG-16286:在安装os的过程中删除/data/var/lib/cni目录 2023-07-25 16:06:10 +08:00
liuxueli
9935f126f9 9140/7400设备配置文件增加GENERATE_JA3_FINGERPRINT=1 v23.07.7 2023-07-24 12:35:22 +00:00
yangwei
e3bd565a2e 🐞 fix(rpm update): update maat4 and spp 
sapp
1、更新检测到死锁触发退出条件,并增加相关日志
2、调整默认tcp timeout值,tcp data timeout 180s, opening timeout 60s, closing timeout 30s

maat4
[BUGFIX]false hit 0.0.0.0
[BUGFIX]scan miss for same filter referenced by one compile: TSG-15339
 2023-07-24 20:32:32 +08:00
wangmenglan
5dfc68827f Clixon更新至1.0.61 
TSG-16300: clixon新增TCP的opening timeout和closing timeout参数
 2023-07-24 12:20:19 +00:00
fumingwei
5f8d5cec28 feature:TSG-16300:适配clixon新增sapp opening_timeout和closing_timeout配置项 2023-07-24 20:14:46 +08:00
wangmenglan
a63dd0414a Clixon更新至1.0.60; HAL支持修改mrglobal.conf模板中sz_data,sz_tunnel,check_buffer_leak字段 
TSG-16295: Clixon增加生成JA3指纹的开关
 2023-07-24 11:47:48 +00:00
liuxueli
01d6fd3903 更新tsg_master, 支持不依赖ssl解析层生成ja3_fingerprint,增加是否生成ja3_fingerprint的开关, GENERATE_JA3_FINGERPRINT=1 2023-07-24 11:47:12 +00:00
linxin
95be2f533e TSG-16295: 在provision和clixon中增加是否生成JA3指纹的开关 2023-07-24 11:45:55 +00:00
songyanchao
e4c49d67ff 🎈 perf: Enable dropless rq 
Enable dropless rq
 2023-07-24 11:45:26 +00:00
songyanchao
79ab3ccfbd 🎈 perf: mrzcpd update to v4.6.38 
mrzcpd update to v4.6.38
 2023-07-21 23:58:05 +05:00
liuxueli
f31633e718 更新session record, 修复: TSG-16183 - Security http协议的Session日志中http字段数值异常 v23.07.6 2023-07-20 19:46:41 +08:00
liuxueli
3730dd8c4e 更新BGP, 修复 OMPUB-840: 增强校验BGP协议的逻辑,避免误识别导致CPU消耗 v23.07.5 2023-07-19 12:11:13 +00:00
fumingwei
8a277feada bugfix:TSG-16265:新增telegraf aggregators grace和delay配置项 2023-07-19 11:19:07 +00:00
fumingwei
21c9d1ab63 feature:TSG-16271:在provision和clixon中增加开关 2023-07-19 11:18:05 +00:00
wangmenglan
1b562ba86a Clixon更新至1.0.59 
TSG-16271: Clixon中增加日志字段开关
 2023-07-19 11:15:53 +00:00
linxin
d34a8eff2b TSG-16258: 修复部分core文件无法查到info信息 2023-07-19 18:05:12 +08:00
liuxueli
f678dad09f 更新sapp, 支持: 
调整ipv6判断上层承载协议的逻辑,对于未知类型默认执行pass
无systemd时,检测到死锁直接exit(-1)
修复未正确更新SAPP_STAT_TCP_STREAM_DEL的bug
增加tcp.opening_timeout参数,默认10s
移除新设置超时时间必须大于已有的限制
v23.07.4 		2023-07-18 15:58:34 +00:00
liuxueli
8b4aa1f056 修正RAPIDJSON_CHUNK_CAPACITY变量默认值,由8192改为2048 2023-07-18 23:52:48 +08:00
fumingwei
43d0dab59e bugfix:修改安装PrettyTable使用清华源 2023-07-18 11:41:14 +00:00
fumingwei
89bffe2be6 feature:TSG-16254:os适配clixon SSL decode certificate开关 2023-07-18 11:35:26 +00:00
wangmenglan
3ac8136443 Clixon更新至1.0.58 
TSG-16254: Clixon增加SSL decode certificate的开关
 2023-07-18 11:35:09 +00:00
liuxueli
2703ce5306 更新ssl, 增加是否解析证书的开关: PARSE_CERTIFICATE_DETAIL 2023-07-18 19:22:41 +08:00
wangmenglan
27b3f65ef2 HAL调整k3s config.yaml配置, 调整系统预留内存资源 v23.07.3 2023-07-18 16:17:00 +08:00
liuxueli
fdbd3b36b1 更新tsg_master, 修复: OMPUB-965 - 【P19现场】tsg-os打开日志压缩开关,无压缩效果 v23.07.2 2023-07-17 11:49:15 +08:00
杨威
29d73abb7f 更新tsg_master-6.0.38.613bc2b,修复 OMPUB-963,发送日志时单核死锁 v23.07.1 2023-07-16 07:34:59 +00:00
liuxueli
feac7f001b 更新app_proto_identify-2.1.10.222e48e, OMPUB-960 - P19现场: 基础协议识别插件(app_proto_identify)占用CPU较高(15%左右) v23.07 2023-07-14 23:13:44 +08:00
liuxueli
2359b01529 更新tsg_master、app_proto_identify, 修复: 
OMPUB-961 - P19现场: TSG MASTER解析SYN/SYN_ACK占用CPU2.6%左右
OMPUB-960 - P19现场: 基础协议识别插件(app_proto_identify)占用CPU较高(15%左右)
 2023-07-14 21:08:12 +08:00
liuchang
1ad7863d30 shaping borrow profile do not drop packet 2023-07-14 10:39:55 +00:00
wangmenglan
d0cd8e8ca8 HAL支持mrglobal.conf模板中poll_wait_throttle字段调整 2023-07-14 17:51:25 +08:00
liuxueli
859e5c0607 更新: tsg_master、session_record,修复: 
TSG-15999 - 日志中的app_full_path出现异常内容
TSG-15855 - Session Records存在大量重复Session ID
发送日志时开启KAFKA压缩 COMPRESSION_TYPE="snappy"
v23.07-rc2 		2023-07-13 11:03:55 +00:00
wangmenglan
d47065b2b3 bugfix: SCE更新至1.0.14 
TSG-14170: Service Function的Health Check为None时,未获取到SF状态和MAC Address
 2023-07-13 11:02:35 +00:00
陆秋文
925b4a88eb disable the collection of mount service. 2023-07-13 07:14:57 +00:00
Lu Qiuwen
38541f4433 disable firmware upgrade at os install. 2023-07-13 12:08:39 +05:00
liuxueli
079e9646db 更新http、session_record、firewall, 修复: 
firewall: TCP/UDP未注册FS Line ID, 使用FS-operate函数操作可能会导致重启
http,session_record: 修正输出本地日志的级别
v23.07-rc1 		2023-07-12 23:43:26 +08:00
liuchang
069ecd24a0 没有缓存报文时,减少CPU使用率 v23.07-rc0 2023-07-12 12:03:02 +00:00
yangwei
53c8a6bc7d feat(rpm and sapp.toml update): sapp.toml & mail.so 
1、sapp.toml 默认polling_priority=100
2、update to mail-1.0.19.e982b44, Fix TSG-12082 and Fix TSG-11013
 2023-07-12 14:50:23 +08:00
liuxueli
7b3dcefe5d 更新tsg_master、firewall、session_record,修复: 
TSG-13811 - 策略条件为flag+application,日志中出现其他application的日志
TSG-15779 - 建议SSL协议日志中增加ECH相关字段
TSG-16028 - 功能端未按照0号策略配置发送reset、icmp包
TSG-15934 - Security Events中的Request body文件下载时提示失败,未发现文件
 2023-07-11 13:51:49 +00:00
fengweihao
cf4df8a18b 更新tfe到v4.8.32, 版本修改: TSG-16056 修复deny动作 2023-07-11 18:11:54 +08:00
wangmenglan
2b90184a7b Clixon更新至1.0.57 
修复Clixon加载failsafe_db时, 配置带有默认值的字段不生效
 2023-07-10 18:24:31 +08:00