20 files changed, 249 insertions, 0 deletions
diff --git a/bin/conf/flowood.conf b/bin/conf/flowood.conf
new file mode 100644
index 0000000..d270e7e
--- /dev/null
+++ b/bin/conf/flowood.conf
@@ -0,0 +1,62 @@
+[main]
+thread_num=1
+nat_htable_timeout=180
+nat_htable_max_num=10000
+global_access_gateway_num = 5
+#id start with natural number, 1
+current_access_gateway_id = 2
+
+use_static_pool_ip_if_no_dynamic=0
+use_dynamic_pool_ip_if_no_static=0
+
+[log]
+log_level=10
+
+[maat]
+json_switch=1
+json_cfg_file=./conf/maat_test.json
+table_info=./conf/maat_tableinfo.conf
+inc_dir=./soqrule/inc/index/
+full_dir=./soqrule/full/index/
+
+
+#cap_mode: (0:pag,1:pcap,2:socket,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec
+#                11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio)
+# for flowood, only support mode1, mode2, mode12!
+
+[TOPO_ACC_LINK_USER]
+cap_mode=1
+device_name=em1
+addr_para=172.18.1.229
+addr_mask=255.255.0.0
+gateway_ip=172.18.1.254
+pkt_filter=net 172.18.0.0/16 
+
+
+[TOPO_ACC_LINK_FWD]
+cap_mode=2
+device_name=em2
+addr_para=64789
+#addr_para=172.16.1.229
+#addr_mask=255.255.255.0
+gateway_ip=192.168.10.1
+pkt_filter=
+
+[TOPO_FWD_LINK_ACC]
+cap_mode=2
+device_name=em1sdf
+addr_para=64789
+#addr_para=172.16.1.201
+#addr_mask=255.255.0.0
+gateway_ip=172.16.1.201
+pkt_filter=net 172.16.0.0/16
+
+
+[TOPO_FWD_LINK_GDEV]
+cap_mode=1
+device_name=em1
+addr_para=172.17.1.203
+addr_mask=255.255.0.0
+gateway_ip=172.17.1.1
+pkt_filter=net 172.17.0.0/16
+
diff --git a/bin/conf/maat_tableinfo.conf b/bin/conf/maat_tableinfo.conf
new file mode 100644
index 0000000..6d935bd
--- /dev/null
+++ b/bin/conf/maat_tableinfo.conf
@@ -0,0 +1,16 @@
+#each collumn seperate with '\t'
+#id	(0~65535)
+#name string
+#type one of ip,expr,expr_plus,digest,intval,compile or plugin
+#src_charset one of GBK,BIG5,UNICODE,UTF8
+#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/'
+#do_merege yes or no
+#cross cache 0~max
+#quickswitch quickon or quick off
+#id	name			type	src_charset	dst_charset	do_merge cross_cache quickswitch
+0	IR_POLICY_COMPILE	compile	UTF8	UTF8	no	0
+1	IR_POLICY_GROUP		group	UTF8	UTF8	no	0
+2	IR_POLICY_IP		ip	UTF8	UTF8	no	0
+3	IR_STATIC_IP_POOL_CB	plugin	UTF8	UTF8	no	0
+4	IR_DYN_SIFT_IP_CB	plugin	UTF8	UTF8	no	0
+5	IR_DYN_CONN_IP		ip	--
diff --git a/bin/conf/maat_test.json b/bin/conf/maat_test.json
new file mode 100644
index 0000000..9be798c
--- /dev/null
+++ b/bin/conf/maat_test.json
@@ -0,0 +1,89 @@
+{
+    "compile_table": "IR_POLICY_COMPILE",
+    "group_table": "IR_POLICY_GROUP",
+    "rules": [
+		{
+            "compile_id": 1,
+            "service": 1,
+            "action": 2,
+            "do_blacklist": 1,
+            "do_log": 1,
+            "effective_rage": 0,
+            "user_region": "IR_STRATEGY:10001",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "group_name": "group_1",
+                    "regions": [
+                        {
+                            "table_name": "IR_POLICY_IP",
+                            "table_type": "ip",
+                            "table_content": {
+                                "addr_type": "ipv4",
+                                "src_ip": "172.18.1.13",
+                                "mask_src_ip": "255.255.255.255",
+                                "src_port": "0",
+                                "mask_src_port": "65535",
+                                "dst_ip": "0.0.0.0",
+                                "mask_dst_ip": "255.255.255.255",
+                                "dst_port": "0",
+                                "mask_dst_port": "65535",
+                                "protocol": 0,
+                                "direction": "double"
+                            }
+                        }
+                    ]
+                }
+            ]
+        },
+		{
+            "compile_id": 2,
+            "service": 1,
+            "action": 2,
+            "do_blacklist": 1,
+            "do_log": 1,
+            "effective_rage": 0,
+            "user_region": "IR_STRATEGY:10002",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "group_name": "group_2",
+                    "regions": [
+                        {
+                            "table_name": "IR_POLICY_IP",
+                            "table_type": "ip",
+                            "table_content": {
+                                "addr_type": "ipv4",
+                                "src_ip": "172.18.1.222",
+                                "mask_src_ip": "255.255.255.255",
+                                "src_port": "0",
+                                "mask_src_port": "65535",
+                                "dst_ip": "0.0.0.0",
+                                "mask_dst_ip": "255.255.255.255",
+                                "dst_port": "0",
+                                "mask_dst_port": "65535",
+                                "protocol": 0,
+                                "direction": "double"
+                            }
+                        }
+                    ]
+                }
+            ]
+        }
+    ],
+    "plugin_table": [
+        {
+            "table_name": "IR_DYN_SIFT_IP_CB",
+            "table_content": [
+                "1\t4\t0\t192.168.10.222\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t2018-07-15"
+            ]
+        },
+        {
+            "table_name": "IR_STATIC_IP_POOL_CB",
+            "table_content": [
+                "1\t4\t0\t47.74.128.220\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t1\t1\t10001\t2018-07-15",
+                "2\t4\t0\t192.168.10.222\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t1\t1\t10002\t2018-07-15"
+            ]
+        }
+    ]
+}
diff --git a/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local b/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local
new file mode 100644
index 0000000..2fc8e5f
--- /dev/null
+++ b/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local
@@ -0,0 +1,2 @@
+0000000001
+1	4	0	192.168.10.222	0	2	gdev_ip=10.0.6.195;	0	1	2018-07-15
diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local
new file mode 100644
index 0000000..f0d8445
--- /dev/null
+++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local
@@ -0,0 +1,3 @@
+0000000002
+1	1	2	1	1	0	IR_STRATEGY:10001	1	
+2	1	2	1	1	0	IR_STRATEGY:10002	1	
diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local
new file mode 100644
index 0000000..86bfaf1
--- /dev/null
+++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local
@@ -0,0 +1,3 @@
+0000000002
+0	1	1
+1	2	1
diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local
new file mode 100644
index 0000000..57f5ad9
--- /dev/null
+++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local
@@ -0,0 +1,3 @@
+0000000002
+0	0	4	172.18.1.13	255.255.255.255	0	65535	0.0.0.0	255.255.255.255	0	65535	0	0	1	
+1	1	4	172.18.1.222	255.255.255.255	0	65535	0.0.0.0	255.255.255.255	0	65535	0	0	1	
diff --git a/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local b/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local
new file mode 100644
index 0000000..874147d
--- /dev/null
+++ b/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local
@@ -0,0 +1,3 @@
+0000000002
+1	4	0	47.74.128.220	0	2	gdev_ip=10.0.6.195;	0	1	1	1	10001	2018-07-15
+2	4	0	192.168.10.222	0	2	gdev_ip=10.0.6.195;	0	1	1	1	10002	2018-07-15
diff --git a/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 b/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001
new file mode 100644
index 0000000..ba4e23c
--- /dev/null
+++ b/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001
@@ -0,0 +1,5 @@
+IR_POLICY_COMPILE	2	./conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local
+IR_POLICY_GROUP	2	./conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local
+IR_DYN_SIFT_IP_CB	1	./conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local
+IR_STATIC_IP_POOL_CB	2	./conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local
+IR_POLICY_IP	2	./conf/maat_test.json_iris_tmp/IR_POLICY_IP.local
diff --git a/bin/conf/network_access.cfg b/bin/conf/network_access.cfg
new file mode 100644
index 0000000..f88daa0
--- /dev/null
+++ b/bin/conf/network_access.cfg
@@ -0,0 +1,4 @@
+#global_id		access_manage_ip	access_feedback_ip
+#for example:
+1		10.0.6.229	172.16.0.229
+1		10.0.6.203	172.16.0.203
diff --git a/bin/conf/network_connect.cfg b/bin/conf/network_connect.cfg
new file mode 100644
index 0000000..23f5b9c
--- /dev/null
+++ b/bin/conf/network_connect.cfg
@@ -0,0 +1,6 @@
+#region	vlan_id		gdev_redirect_ip	forward_manage_ip	forward_feedback_ip
+#for example:
+#beijing 1		10.0.0.1	10.0.0.101	172.16.0.1
+#shanghai 1		10.0.1.1	10.0.1.103	172.16.1.3
+#guangzhou 1	10.0.2.3	10.0.2.101	172.16.2.1
+alamutu	1	10.0.6.201	10.0.6.201	10.0.6.201
diff --git a/bin/conf/network_forward.cfg b/bin/conf/network_forward.cfg
new file mode 100644
index 0000000..e41d4a5
--- /dev/null
+++ b/bin/conf/network_forward.cfg
@@ -0,0 +1,6 @@
+#region	vlan_id		forward_ip	
+#for example:
+#beijing 1		10.0.0.101	
+#shanghai 1		10.0.1.103	
+#guangzhou 1	10.0.2.101	
+huayan	1		10.0.6.201
diff --git a/bin/conf/network_gdev.cfg b/bin/conf/network_gdev.cfg
new file mode 100644
index 0000000..f57988d
--- /dev/null
+++ b/bin/conf/network_gdev.cfg
@@ -0,0 +1,6 @@
+#region	vlan_id		gdev_redirect_ip	
+#for example:
+#beijing 1		10.0.0.1	
+#shanghai 1		10.0.1.1	
+#guangzhou 1	10.0.2.3	
+huayan	   1	10.0.6.195
diff --git a/bin/flowood_keepalive.py b/bin/flowood_keepalive.py
new file mode 100644
index 0000000..9fbf312
--- /dev/null
+++ b/bin/flowood_keepalive.py
@@ -0,0 +1,19 @@
+#!/usr/bin/python
+# 因某些NAT, 外网出口源端口会变化, 即便绑定了客户端的源端口也不行
+# 所以使用一个脚本, 让数据包源源不断的发送, 就可以维持住NAT的连接表,
+# 
+from scapy import *
+from scapy.all import *
+import random
+
+while 1:
+	ip_pkt = IP(dst='47.75.205.197',src='192.168.10.214')
+	udp_pkt = UDP(dport=64789,sport=64789)
+	#dns_pkt = DNS(id=1,qr=0,opcode=0,tc=0,rd=1,qdcount=1,ancount=0,nscount=0,arcount=0)
+	#dns_pkt.qd=DNSQR(qname='www.keepalive.com',qtype=255,qclass=1)
+	#send_pkt = ip_pkt/udp_pkt/dns_pkt
+	payload = 'test';
+	send_pkt = ip_pkt/udp_pkt/payload
+	send(send_pkt)
+	time.sleep(0.33)
+pass
+\ No newline at end of file
diff --git a/bin/flwd_r2 b/bin/flwd_r2
new file mode 100644
index 0000000..dcdcbb8
--- /dev/null
+++ b/bin/flwd_r2
@@ -0,0 +1,3 @@
+killall flwd_r3  flowood_access
+./flwd_r3 &> /dev/null &
+#./kill_sapp_by_mem.sh &> /dev/null &
diff --git a/bin/flwd_r3 b/bin/flwd_r3
new file mode 100644
index 0000000..45b7d54
--- /dev/null
+++ b/bin/flwd_r3
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+while [ 1 ]; do
+	count=`ls -l core.* |wc -l`
+        echo $count
+        if [ $count -lt 5 ]
+        then
+                echo "set unlimited"
+                ulimit -c unlimited
+        else
+                ulimit -c 0
+        fi
+
+    ./flowood_access > /dev/null
+	echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
+    sleep 10
+done
diff --git a/bin/io_lib/flwd_io_pcap.so b/bin/io_lib/flwd_io_pcap.so
new file mode 100644
index 0000000..7af3822
--- /dev/null
+++ b/bin/io_lib/flwd_io_pcap.so
diff --git a/bin/io_lib/flwd_io_socket.so b/bin/io_lib/flwd_io_socket.so
new file mode 100644
index 0000000..7db273b
--- /dev/null
+++ b/bin/io_lib/flwd_io_socket.so
diff --git a/bin/memchk.sh b/bin/memchk.sh
new file mode 100644
index 0000000..5ce6bfb
--- /dev/null
+++ b/bin/memchk.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+valgrind --tool=memcheck --leak-check=full --leak-resolution=high --error-limit=no --undef-value-errors=yes  --log-file=valgrind.log  $1
diff --git a/bin/rulescan_tmp/rulescan_iie.log b/bin/rulescan_tmp/rulescan_iie.log
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/bin/rulescan_tmp/rulescan_iie.log