diff options
| author | lijia <[email protected]> | 2018-10-24 09:36:45 +0800 |
|---|---|---|
| committer | lijia <[email protected]> | 2018-10-24 09:36:45 +0800 |
| commit | 86a43b4d325ddc850fa9dc4711670880f35b11e8 (patch) | |
| tree | 8356a056ac9bfb8cf14fcf57f113dd306b4277d1 /bin | |
create new project.
Diffstat (limited to 'bin')
| -rw-r--r-- | bin/conf/flowood.conf | 62 | ||||
| -rw-r--r-- | bin/conf/maat_tableinfo.conf | 16 | ||||
| -rw-r--r-- | bin/conf/maat_test.json | 89 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local | 2 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 | 5 | ||||
| -rw-r--r-- | bin/conf/network_access.cfg | 4 | ||||
| -rw-r--r-- | bin/conf/network_connect.cfg | 6 | ||||
| -rw-r--r-- | bin/conf/network_forward.cfg | 6 | ||||
| -rw-r--r-- | bin/conf/network_gdev.cfg | 6 | ||||
| -rw-r--r-- | bin/flowood_keepalive.py | 19 | ||||
| -rw-r--r-- | bin/flwd_r2 | 3 | ||||
| -rw-r--r-- | bin/flwd_r3 | 17 | ||||
| -rw-r--r-- | bin/io_lib/flwd_io_pcap.so | bin | 0 -> 30411 bytes | |||
| -rw-r--r-- | bin/io_lib/flwd_io_socket.so | bin | 0 -> 26649 bytes | |||
| -rw-r--r-- | bin/memchk.sh | 2 | ||||
| -rw-r--r-- | bin/rulescan_tmp/rulescan_iie.log | 0 |
20 files changed, 249 insertions, 0 deletions
diff --git a/bin/conf/flowood.conf b/bin/conf/flowood.conf new file mode 100644 index 0000000..d270e7e --- /dev/null +++ b/bin/conf/flowood.conf @@ -0,0 +1,62 @@ +[main] +thread_num=1 +nat_htable_timeout=180 +nat_htable_max_num=10000 +global_access_gateway_num = 5 +#id start with natural number, 1 +current_access_gateway_id = 2 + +use_static_pool_ip_if_no_dynamic=0 +use_dynamic_pool_ip_if_no_static=0 + +[log] +log_level=10 + +[maat] +json_switch=1 +json_cfg_file=./conf/maat_test.json +table_info=./conf/maat_tableinfo.conf +inc_dir=./soqrule/inc/index/ +full_dir=./soqrule/full/index/ + + +#cap_mode: (0:pag,1:pcap,2:socket,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec +# 11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio) +# for flowood, only support mode1, mode2, mode12! + +[TOPO_ACC_LINK_USER] +cap_mode=1 +device_name=em1 +addr_para=172.18.1.229 +addr_mask=255.255.0.0 +gateway_ip=172.18.1.254 +pkt_filter=net 172.18.0.0/16 + + +[TOPO_ACC_LINK_FWD] +cap_mode=2 +device_name=em2 +addr_para=64789 +#addr_para=172.16.1.229 +#addr_mask=255.255.255.0 +gateway_ip=192.168.10.1 +pkt_filter= + +[TOPO_FWD_LINK_ACC] +cap_mode=2 +device_name=em1sdf +addr_para=64789 +#addr_para=172.16.1.201 +#addr_mask=255.255.0.0 +gateway_ip=172.16.1.201 +pkt_filter=net 172.16.0.0/16 + + +[TOPO_FWD_LINK_GDEV] +cap_mode=1 +device_name=em1 +addr_para=172.17.1.203 +addr_mask=255.255.0.0 +gateway_ip=172.17.1.1 +pkt_filter=net 172.17.0.0/16 + diff --git a/bin/conf/maat_tableinfo.conf b/bin/conf/maat_tableinfo.conf new file mode 100644 index 0000000..6d935bd --- /dev/null +++ b/bin/conf/maat_tableinfo.conf @@ -0,0 +1,16 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 IR_POLICY_COMPILE compile UTF8 UTF8 no 0 +1 IR_POLICY_GROUP group UTF8 UTF8 no 0 +2 IR_POLICY_IP ip UTF8 UTF8 no 0 +3 IR_STATIC_IP_POOL_CB plugin UTF8 UTF8 no 0 +4 IR_DYN_SIFT_IP_CB plugin UTF8 UTF8 no 0 +5 IR_DYN_CONN_IP ip -- diff --git a/bin/conf/maat_test.json b/bin/conf/maat_test.json new file mode 100644 index 0000000..9be798c --- /dev/null +++ b/bin/conf/maat_test.json @@ -0,0 +1,89 @@ +{
+ "compile_table": "IR_POLICY_COMPILE",
+ "group_table": "IR_POLICY_GROUP",
+ "rules": [
+ {
+ "compile_id": 1,
+ "service": 1,
+ "action": 2,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_rage": 0,
+ "user_region": "IR_STRATEGY:10001",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "group_name": "group_1",
+ "regions": [
+ {
+ "table_name": "IR_POLICY_IP",
+ "table_type": "ip",
+ "table_content": {
+ "addr_type": "ipv4",
+ "src_ip": "172.18.1.13",
+ "mask_src_ip": "255.255.255.255",
+ "src_port": "0",
+ "mask_src_port": "65535",
+ "dst_ip": "0.0.0.0",
+ "mask_dst_ip": "255.255.255.255",
+ "dst_port": "0",
+ "mask_dst_port": "65535",
+ "protocol": 0,
+ "direction": "double"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 2,
+ "service": 1,
+ "action": 2,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_rage": 0,
+ "user_region": "IR_STRATEGY:10002",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "group_name": "group_2",
+ "regions": [
+ {
+ "table_name": "IR_POLICY_IP",
+ "table_type": "ip",
+ "table_content": {
+ "addr_type": "ipv4",
+ "src_ip": "172.18.1.222",
+ "mask_src_ip": "255.255.255.255",
+ "src_port": "0",
+ "mask_src_port": "65535",
+ "dst_ip": "0.0.0.0",
+ "mask_dst_ip": "255.255.255.255",
+ "dst_port": "0",
+ "mask_dst_port": "65535",
+ "protocol": 0,
+ "direction": "double"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "plugin_table": [
+ {
+ "table_name": "IR_DYN_SIFT_IP_CB",
+ "table_content": [
+ "1\t4\t0\t192.168.10.222\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t2018-07-15"
+ ]
+ },
+ {
+ "table_name": "IR_STATIC_IP_POOL_CB",
+ "table_content": [
+ "1\t4\t0\t47.74.128.220\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t1\t1\t10001\t2018-07-15",
+ "2\t4\t0\t192.168.10.222\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t1\t1\t10002\t2018-07-15"
+ ]
+ }
+ ]
+}
diff --git a/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local b/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local new file mode 100644 index 0000000..2fc8e5f --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local @@ -0,0 +1,2 @@ +0000000001 +1 4 0 192.168.10.222 0 2 gdev_ip=10.0.6.195; 0 1 2018-07-15 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local new file mode 100644 index 0000000..f0d8445 --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local @@ -0,0 +1,3 @@ +0000000002 +1 1 2 1 1 0 IR_STRATEGY:10001 1 +2 1 2 1 1 0 IR_STRATEGY:10002 1 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local new file mode 100644 index 0000000..86bfaf1 --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local @@ -0,0 +1,3 @@ +0000000002 +0 1 1 +1 2 1 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local new file mode 100644 index 0000000..57f5ad9 --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local @@ -0,0 +1,3 @@ +0000000002 +0 0 4 172.18.1.13 255.255.255.255 0 65535 0.0.0.0 255.255.255.255 0 65535 0 0 1 +1 1 4 172.18.1.222 255.255.255.255 0 65535 0.0.0.0 255.255.255.255 0 65535 0 0 1 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local b/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local new file mode 100644 index 0000000..874147d --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local @@ -0,0 +1,3 @@ +0000000002 +1 4 0 47.74.128.220 0 2 gdev_ip=10.0.6.195; 0 1 1 1 10001 2018-07-15 +2 4 0 192.168.10.222 0 2 gdev_ip=10.0.6.195; 0 1 1 1 10002 2018-07-15 diff --git a/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 b/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 new file mode 100644 index 0000000..ba4e23c --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 @@ -0,0 +1,5 @@ +IR_POLICY_COMPILE 2 ./conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local +IR_POLICY_GROUP 2 ./conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local +IR_DYN_SIFT_IP_CB 1 ./conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local +IR_STATIC_IP_POOL_CB 2 ./conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local +IR_POLICY_IP 2 ./conf/maat_test.json_iris_tmp/IR_POLICY_IP.local diff --git a/bin/conf/network_access.cfg b/bin/conf/network_access.cfg new file mode 100644 index 0000000..f88daa0 --- /dev/null +++ b/bin/conf/network_access.cfg @@ -0,0 +1,4 @@ +#global_id access_manage_ip access_feedback_ip +#for example: +1 10.0.6.229 172.16.0.229 +1 10.0.6.203 172.16.0.203 diff --git a/bin/conf/network_connect.cfg b/bin/conf/network_connect.cfg new file mode 100644 index 0000000..23f5b9c --- /dev/null +++ b/bin/conf/network_connect.cfg @@ -0,0 +1,6 @@ +#region vlan_id gdev_redirect_ip forward_manage_ip forward_feedback_ip +#for example: +#beijing 1 10.0.0.1 10.0.0.101 172.16.0.1 +#shanghai 1 10.0.1.1 10.0.1.103 172.16.1.3 +#guangzhou 1 10.0.2.3 10.0.2.101 172.16.2.1 +alamutu 1 10.0.6.201 10.0.6.201 10.0.6.201 diff --git a/bin/conf/network_forward.cfg b/bin/conf/network_forward.cfg new file mode 100644 index 0000000..e41d4a5 --- /dev/null +++ b/bin/conf/network_forward.cfg @@ -0,0 +1,6 @@ +#region vlan_id forward_ip +#for example: +#beijing 1 10.0.0.101 +#shanghai 1 10.0.1.103 +#guangzhou 1 10.0.2.101 +huayan 1 10.0.6.201 diff --git a/bin/conf/network_gdev.cfg b/bin/conf/network_gdev.cfg new file mode 100644 index 0000000..f57988d --- /dev/null +++ b/bin/conf/network_gdev.cfg @@ -0,0 +1,6 @@ +#region vlan_id gdev_redirect_ip +#for example: +#beijing 1 10.0.0.1 +#shanghai 1 10.0.1.1 +#guangzhou 1 10.0.2.3 +huayan 1 10.0.6.195 diff --git a/bin/flowood_keepalive.py b/bin/flowood_keepalive.py new file mode 100644 index 0000000..9fbf312 --- /dev/null +++ b/bin/flowood_keepalive.py @@ -0,0 +1,19 @@ +#!/usr/bin/python
+# 因某些NAT, 外网出口源端口会变化, 即便绑定了客户端的源端口也不行
+# 所以使用一个脚本, 让数据包源源不断的发送, 就可以维持住NAT的连接表,
+#
+from scapy import *
+from scapy.all import *
+import random
+
+while 1:
+ ip_pkt = IP(dst='47.75.205.197',src='192.168.10.214')
+ udp_pkt = UDP(dport=64789,sport=64789)
+ #dns_pkt = DNS(id=1,qr=0,opcode=0,tc=0,rd=1,qdcount=1,ancount=0,nscount=0,arcount=0)
+ #dns_pkt.qd=DNSQR(qname='www.keepalive.com',qtype=255,qclass=1)
+ #send_pkt = ip_pkt/udp_pkt/dns_pkt
+ payload = 'test';
+ send_pkt = ip_pkt/udp_pkt/payload
+ send(send_pkt)
+ time.sleep(0.33)
+pass
\ No newline at end of file diff --git a/bin/flwd_r2 b/bin/flwd_r2 new file mode 100644 index 0000000..dcdcbb8 --- /dev/null +++ b/bin/flwd_r2 @@ -0,0 +1,3 @@ +killall flwd_r3 flowood_access +./flwd_r3 &> /dev/null & +#./kill_sapp_by_mem.sh &> /dev/null & diff --git a/bin/flwd_r3 b/bin/flwd_r3 new file mode 100644 index 0000000..45b7d54 --- /dev/null +++ b/bin/flwd_r3 @@ -0,0 +1,17 @@ +#!/bin/sh + +while [ 1 ]; do + count=`ls -l core.* |wc -l` + echo $count + if [ $count -lt 5 ] + then + echo "set unlimited" + ulimit -c unlimited + else + ulimit -c 0 + fi + + ./flowood_access > /dev/null + echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log + sleep 10 +done diff --git a/bin/io_lib/flwd_io_pcap.so b/bin/io_lib/flwd_io_pcap.so Binary files differnew file mode 100644 index 0000000..7af3822 --- /dev/null +++ b/bin/io_lib/flwd_io_pcap.so diff --git a/bin/io_lib/flwd_io_socket.so b/bin/io_lib/flwd_io_socket.so Binary files differnew file mode 100644 index 0000000..7db273b --- /dev/null +++ b/bin/io_lib/flwd_io_socket.so diff --git a/bin/memchk.sh b/bin/memchk.sh new file mode 100644 index 0000000..5ce6bfb --- /dev/null +++ b/bin/memchk.sh @@ -0,0 +1,2 @@ +#!/bin/sh +valgrind --tool=memcheck --leak-check=full --leak-resolution=high --error-limit=no --undef-value-errors=yes --log-file=valgrind.log $1 diff --git a/bin/rulescan_tmp/rulescan_iie.log b/bin/rulescan_tmp/rulescan_iie.log new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/bin/rulescan_tmp/rulescan_iie.log |