diff options
Diffstat (limited to 'soqconf')
| -rw-r--r-- | soqconf/t1_conflist_business.inf | 3 | ||||
| -rw-r--r-- | soqconf/t1conf/ddp.json | 142 | ||||
| -rw-r--r-- | soqconf/t1conf/http_url_filter.conf | 126 | ||||
| -rw-r--r-- | soqconf/t1conf/maat_test.json | 373 | ||||
| -rw-r--r-- | soqconf/t1conf/main.conf | 45 | ||||
| -rw-r--r-- | soqconf/t1conf/t1_tableinfo.conf | 44 | ||||
| -rw-r--r-- | soqconf/t2_conflist_business.inf | 1 | ||||
| -rw-r--r-- | soqconf/t2conf/maat_test.json | 224 | ||||
| -rw-r--r-- | soqconf/t2conf/main.conf | 30 | ||||
| -rw-r--r-- | soqconf/t2conf/t2_tableinfo.conf | 44 |
10 files changed, 1032 insertions, 0 deletions
diff --git a/soqconf/t1_conflist_business.inf b/soqconf/t1_conflist_business.inf new file mode 100644 index 0000000..06bc208 --- /dev/null +++ b/soqconf/t1_conflist_business.inf @@ -0,0 +1,3 @@ +./plug/business/soq_dns_plug/soq_dns_plug.inf +./plug/business/pg_seven_knights/pg_seven_knights.inf +./plug/business/T1_HTTP_MAIL_BIZ/T1_HTTP_MAIL_BIZ.inf diff --git a/soqconf/t1conf/ddp.json b/soqconf/t1conf/ddp.json new file mode 100644 index 0000000..33bbbcd --- /dev/null +++ b/soqconf/t1conf/ddp.json @@ -0,0 +1,142 @@ +{ + "log_info": { + "log_level": 30, + "log_path": "./log/ddp_master_log" + }, + "trans_info": { + "_comment": "0:socket udp; 1:marsio udp(DPDK); 2:unix domain socket; 3:debug", + "ddp_mode": 0, + "is_stream": 1, + "rely_call": 0, + "is_bigblock": 1, + "family": 2, + "type": 2, + "protocol": 0, + "MESA_MTU": 1800 + }, + "feedback_group": [ + { + "group_id":0, + "addrlist":[ + { + "start_ip": "10.168.8.87", + "ip_num": 1, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":1, + "addrlist":[ + { + "start_ip": "10.168.8.101", + "ip_num": 20, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":2, + "addrlist":[ + { + "start_ip": "10.168.8.88", + "ip_num": 1, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":3, + "addrlist":[ + { + "start_ip": "10.174.4.21", + "ip_num": 50, + "start_port": 60000, + "port_num": 16 + } + ] + }, + { + "group_id":4, + "addrlist":[ + { + "start_ip": "10.168.8.89", + "ip_num": 2, + "start_port": 60000, + "port_num": 32 + } + ] + }, + { + "group_id":5, + "addrlist":[ + { + "start_ip": "10.168.8.91", + "ip_num": 2, + "start_port": 60000, + "port_num": 32 + } + ] + } + ], + "proto_info": [ + { + "proto_id": 0, + "proto_name": "PROTO_IPv4", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 1, + "proto_name": "PROTO_IPv6", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 2, + "proto_name": "PROTO_TCP", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 3, + "proto_name": "PROTO_UDP", + "max_cache_size": 0, + "group_id":0 + }, + { + "proto_id": 4, + "proto_name": "PROTO_HTTP", + "max_cache_size": 100, + "group_id":1 + + }, + { + "proto_id": 5, + "proto_name": "PROTO_MAIL", + "max_cache_size": 100, + "group_id":2 + }, + { + "proto_id": 6, + "proto_name": "PROTO_DNS", + "max_cache_size": 0, + "group_id":4 + }, + { + "proto_id": 10, + "proto_name": "PROTO_SSL", + "max_cache_size": 0, + "group_id":5 + }, + { + "proto_id": 7, + "proto_name": "PROTO_AIM", + "max_cache_size": 0, + "group_id":3 + } + ] +} diff --git a/soqconf/t1conf/http_url_filter.conf b/soqconf/t1conf/http_url_filter.conf new file mode 100644 index 0000000..8a08d30 --- /dev/null +++ b/soqconf/t1conf/http_url_filter.conf @@ -0,0 +1,126 @@ +.jpg +.jpeg +.gif +.bmp +.png +.tiff +.tif +.raw +.ico +.psd +.pcd +.cad +.ttf +.txt +.exe +.cab +.ini +.inf +.dll +.lib +.chm +.bin +.cur +.c++ +.cc +.cxx +.c +.cpp +.hpp +.hxx +.h++ +.h +.asm +.inc +.java +.mak +.obj +.pl +.gzip +.deb +.zip +.rar +.msu +.jar +.imp +.docm +.docx +.doc +.pdf +.mdb +.xlsx +.xls +.pptx +.ppt +.vsd +.csv +.caj +.nh +.kdh +.pdf +.jse +.js +.css +.xml +.xsl +.asmx +.cgi +.wml +.dwr +.ashx +.dtd +.do +.shtml +.shtm +.html +.htm +.aspx +.asp +.jsp +.php +.net +.edu +.biz +.com +.edu +.biz +.com +.name +.info +.mobi +.pro +.ws +.travel +.tv +.fm +.museum +.int +.areo +.post +.rec +.asia +.cn +.net/ +.edu/ +.biz/ +.com/ +.edu/ +.biz/ +.com/ +.name/ +.info/ +.mobi/ +.pro/ +.ws/ +.travel/ +.tv/ +.fm/ +.museum/ +.int/ +.areo/ +.post/ +.rec/ +.asia/ +.cn/ +.crl +.psf diff --git a/soqconf/t1conf/maat_test.json b/soqconf/t1conf/maat_test.json new file mode 100644 index 0000000..56c32b0 --- /dev/null +++ b/soqconf/t1conf/maat_test.json @@ -0,0 +1,373 @@ +{ + "compile_table": "CONFIG_COMPILE", + "group_table": "CONFIG_GROUP", + "rules": [ + { + "compile_id": 1, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_1", + "regions": [ + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "172.30.8.1", + "mask_src_ip": "255.255.255.255", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + }, + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv6", + "src_ip": "2001:da8:205:1::101", + "mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0::0", + "mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 2, + "service": 48, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_2", + "regions": [ + { + "table_name": "DJ_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "10.0.6.201", + "mask_src_ip": "255.255.255.255", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 105, + "service": 50, + "action": 1, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_FTP_URL", + "table_type": "expr", + "table_content": { + "keywords":"!!!!!!.com", + "expr_type":"none", + "match_method":"sub", + "format":"uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 101, + "service": 50, + "action": 1, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords":"sdfghjkooooooool;mhhjkl;.com", + "expr_type":"none", + "match_method":"sub", + "format":"uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 102, + "service": 13, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "To", + "keywords": "[email protected]", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 104, + "service": 13, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "10;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "Subject", + "keywords": "董嵬去北陵", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 103, + "service": 13, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "10;", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "To", + "keywords": "[email protected]", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id":108, + "service": 6, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;0", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_DNS_REGION", + "table_type": "expr_plus", + "table_content": { + "district": "QNAME", + "keywords": ".net-test", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id":107, + "service": 6, + "action": 2, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;1801", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_DNS_REGION", + "table_type": "expr_plus", + "table_content": { + "district": "QNAME", + "keywords": ".com-test", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id":106, + "service": 6, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "100;1801", + "is_valid": "yes", + "groups": [ + { + "group_name": "Untitled", + "regions": [ + { + "table_name": "DF_DNS_REGION", + "table_type": "expr_plus", + "table_content": { + "district": "QNAME", + "keywords": ".com", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + } + ], + "plugin_table": [ + { + "table_name": "DNS_RESPONSE_STRATEGY", + "table_content": [ + "18001\t1801\tstrategy_1\t18101\t1\t18108\t1\t18308\t1\t18405\t1\t0\t0\t60\t600\t1", + "18002\t1802\tstrategy_2\t18201\t1\t18201\t1\t18301\t1\t18401\t1\t0\t0\t60\t600\t1" + ] + }, + { + "table_name": "DNS_GROUP_TYPE", + "table_content": [ + "19001\t18101\t7\t1", + "19002\t18201\t7\t1", + "19003\t18301\t0\t1", + "19004\t18401\t0\t1" + ] + }, + { + "table_name": "DNS_FAKE_IP", + "table_content": [ + "10001\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t10.10.10.10\t255.255.255.255\t0\t65535\t0\t0\t1", + "10011\t1\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t13.13.13.10\t255.255.255.255\t0\t65535\t0\t0\t1", + "10002\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t11.11.11.11\t255.255.255.255\t0\t65535\t0\t0\t1", + "10003\t0\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t12.12.12.12\t255.255.255.255\t0\t65535\t0\t0\t1", + "10004\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t50:50:50::50\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0", + "10005\t0\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t60:60:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t0", + "10006\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t70:70:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "10007\t1\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t40:40:40::40\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "20001\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t1.1.1.1\t255.255.255.255\t0\t65535\t0\t0\t1", + "20002\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t2.2.2.2\t255.255.255.255\t0\t65535\t0\t0\t1", + "20003\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t3.3.3.3\t255.255.255.255\t0\t65535\t0\t0\t0", + "20004\t18101\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t4.4.4.4\t255.255.255.255\t0\t65535\t0\t0\t1", + "20006\t18101\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t6:6:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "20007\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t7:7:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1", + "20008\t18201\t6\t0::0\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t8:8:4::4\tFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF\t0\t65535\t0\t0\t1" + ] + }, + { + "table_name": "DNS_FAKE_INFO", + "table_content": [ + "21001\t18301\twww.bdu.com\t1", + "21002\t18301\twww.bidu.com\t1", + "21003\t18301\twww.idu.com\t1", + "21004\t18401\twww.sna.com\t1", + "21005\t18401\twww.na.com\t1", + "21006\t18401\twww.sina.com\t1" + ] + }, + { + "table_name": "ENCRYPT_PROTO_RANDOM", + "table_content": [ + "1\t20\t8\t1", + "2\t34\t9\t1", + "3\t19\t11\t1", + "4\t0\t12\t1", + "5\t-2\t13\t1", + "-1\t-2\t999\t1" + ] + } + ] +} diff --git a/soqconf/t1conf/main.conf b/soqconf/t1conf/main.conf new file mode 100644 index 0000000..3b3336b --- /dev/null +++ b/soqconf/t1conf/main.conf @@ -0,0 +1,45 @@ +[SYSTEM] +NIC_NAME=enp175s0f0 +LOG_LEVEL=30 +DYN_BLACKLIST_OPEN=1 +#seconds +DYN_BLACKLIST_TIMEOUT=90 +SEND_INJECT_PKT=0 +SOQLOG_LOCAL_LEVEL=10 +SOQLOG_LOCAL_PATH=./t1log/soqlog_local.log +ENTRANCE_ID=5 +[MAAT] +MAAT_JSON_SWITCH=1 +STAT_SWITCH=1 +PERF_SWITCH=1 +EFFECT_INTERVAL_S=10 +TABLE_INFO=./t1conf/t1_tableinfo.conf +INC_CFG_DIR=./soqrule/inc/index/ +FULL_CFG_DIR=./soqrule/full/index/ +JSON_CFG_FILE=./t1conf/maat_test.json +STAT_FILE=./t1_maat.staus +[MAGELLAN] +LOG_RECEIVER_NUM=2 +LOG_RECEIVER_PORT=45678 +LOG_RECEIVER_ADDR=10.168.2.139;10.168.2.140; +LOG_LOCAL_SWITCH=1 +LOCAL_MSG_DIR=./t1log/t1_magellan_local/ +[HTTP_BIZ] +MAX_SCAN=10 +RUN_LOG_PATH=./t1log/t1_http_mail_biz.log +#----- DEBUG:10; INFO:20; FATAL:30 ---- +RUN_RLOG_LV=30 +[T1_SEVEN] +log_level=30 +log_path=./t1log/t1_seven_knights_log + +[DNS_PLUG] +CONVERT_4TO6=1 +LOG_LEVEL=10 +LOG_PATH=./t1log/soq_dns_plug/soq_dns_plug +HASH_SLOT_SIZE=1048576 +[T1_HTTP_AIM] +aim_proto=7 + +[T1_RAWPKT] +feedback_dns_switch=1 diff --git a/soqconf/t1conf/t1_tableinfo.conf b/soqconf/t1conf/t1_tableinfo.conf new file mode 100644 index 0000000..8e18cf8 --- /dev/null +++ b/soqconf/t1conf/t1_tableinfo.conf @@ -0,0 +1,44 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickoff or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 CONFIG_COMPILE compile UTF8 UTF8 no 0 +1 CONFIG_GROUP group UTF8 UTF8 no 0 +2 DF_IP_PORT ip UTF8 UTF8 no 0 +2 FX_IP_PORT ip UTF8 UTF8 no 0 +3 DJ_IP_PORT ip UTF8 UTF8 no 0 +4 UNIVERSAL_IP ip UTF8 UTF8 no 0 +5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0 +6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickoff +9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff +10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff +11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff +12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff +12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickoff +13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff +13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickoff +14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +15 DF_FTP_URL expr UTF8 UTF8 yes +15 DJ_FTP_URL expr UTF8 UTF8 yes +17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes +18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0 +19 DNS_GROUP_TYPE plugin GBK GBK no 0 +20 DNS_FAKE_IP plugin GBK GBK no 0 +21 DNS_FAKE_INFO plugin GBK GBK no 0 +22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes +22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes +23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0 diff --git a/soqconf/t2_conflist_business.inf b/soqconf/t2_conflist_business.inf new file mode 100644 index 0000000..7d7206b --- /dev/null +++ b/soqconf/t2_conflist_business.inf @@ -0,0 +1 @@ +./plug/business/T2_HTTP_MAIL_BIZ/T2_HTTP_MAIL_BIZ.inf diff --git a/soqconf/t2conf/maat_test.json b/soqconf/t2conf/maat_test.json new file mode 100644 index 0000000..956c609 --- /dev/null +++ b/soqconf/t2conf/maat_test.json @@ -0,0 +1,224 @@ +{ + "compile_table": "CONFIG_COMPILE", + "group_table": "CONFIG_GROUP", + "rules": [ + { + "compile_id": 1, + "service": 1, + "action": 0, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_1", + "regions": [ + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "121.11.151.70", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + }, + { + "table_name": "DF_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv6", + "src_ip": "2001:da8:205:1::101", + "mask_src_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0::0", + "mask_dst_ip": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 2, + "service": 48, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_2", + "regions": [ + { + "table_name": "DJ_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "10.0.6.201", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 3, + "service": 2, + "action": 2, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_3", + "regions": [ + { + "table_name": "FX_IP_PORT", + "table_type": "ip", + "table_content": { + "addr_type": "ipv4", + "src_ip": "10.0.6.201", + "mask_src_ip": "255.255.0.0", + "src_port": "0", + "mask_src_port": "65535", + "dst_ip": "0.0.0.0", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", + "protocol": 0, + "direction": "double" + } + } + ] + } + ] + }, + { + "compile_id": 4, + "service": 1, + "action": 0, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_4", + "regions": [ + { + "table_name": "CONTENT_SIZE", + "table_type": "intval", + "table_content": { + "low_boundary": 100, + "up_boundary": 500 + } + } + ] + } + ] + }, + { + "compile_id": 5, + "service": 50, + "action": 2, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_5", + "regions": [ + { + "table_name": "DJ_HTTP_RES_BODY", + "table_type": "expr", + "table_content": { + "keywords": "ghklgfdfcom", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 6, + "service": 60, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "group_6", + "regions": [ + { + "table_name": "DF_MAIL_HDR", + "table_type": "expr_plus", + "table_content": { + "district": "FROM", + "keywords": "163.com", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + } + + ], + "plugin_table": [ + { + "table_name": "DNS_RESPONSE_STRATEGY", + "table_content": [ + "1\t192.168.0.1\t101", + "2\t192.168.0.2\t101", + "3\t192.168.1.1\t102" + ] + }, + { + "table_name": "DNS_GROUP_TYPE", + "table_content": [ + "1\t3388\t99\t1", + "2\t3355\t66\t1", + "3\tcccc\t11\t1" + ] + } + ] +} diff --git a/soqconf/t2conf/main.conf b/soqconf/t2conf/main.conf new file mode 100644 index 0000000..d34e954 --- /dev/null +++ b/soqconf/t2conf/main.conf @@ -0,0 +1,30 @@ +[SYSTEM] +NIC_NAME=mg0 +LOG_LEVEL=30 +ENTRANCE_ID=5 +SOQLOG_LOCAL_LEVEL=30 +SOQLOG_LOCAL_PATH=./t2log/soqlog_local.log +[MAAT] +MAAT_JSON_SWITCH=0 +STAT_SWITCH=1 +PERF_SWITCH=1 +TABLE_INFO=./t2conf/t2_tableinfo.conf +INC_CFG_DIR=./soqrule/inc/index/ +FULL_CFG_DIR=./soqrule/full/index/ +JSON_CFG_FILE=./t2conf/maat_test.json +STAT_FILE=./t2_maat.staus +[MAGELLAN] +LOG_RECEIVER_NUM=1 +LOG_RECEIVER_PORT=45678 +LOG_RECEIVER_ADDR=10.168.2.4; +LOG_LOCAL_SWITCH=0 +LOCAL_MSG_DIR=./t2log/t2_magellanlocal/ +[IP] +MAX_CACHE_SIZE=4096 +MAX_SAVE_SIZE=32768 +[MAIL] +MAX_CACHE_SIZE=16384 +MAX_SAVE_SIZE=20971520 +[HTTP] +MAX_CACHE_SIZE=4096 +MAX_SAVE_SIZE=327680 diff --git a/soqconf/t2conf/t2_tableinfo.conf b/soqconf/t2conf/t2_tableinfo.conf new file mode 100644 index 0000000..15fe05a --- /dev/null +++ b/soqconf/t2conf/t2_tableinfo.conf @@ -0,0 +1,44 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 CONFIG_COMPILE compile UTF8 UTF8 no 0 +1 CONFIG_GROUP group UTF8 UTF8 no 0 +2 DF_IP_PORT ip UTF8 UTF8 no 0 +2 FX_IP_PORT ip UTF8 UTF8 no 0 +3 DJ_IP_PORT ip UTF8 UTF8 no 0 +4 UNIVERSAL_IP ip UTF8 UTF8 no 0 +5 UNIVERSAL_PROTO_TYPE intval UTF8 UTF8 no 0 +6 DF_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +6 DJ_HTTP_REQ_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +7 DF_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +7 DJ_HTTP_REQ_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +8 DF_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +8 DJ_HTTP_RES_HDR expr_plus UTF8 UTF8/GBK yes 0 quickon +9 DF_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +9 DJ_HTTP_RES_BODY expr UTF8 GBK/BIG5/UNICODE/UTF8 yes 1024 +#10 DF_DNS_REGION expr_plus UTF8 UTF8 yes 0 quickoff +#10 DJ_DNS_REQ_REGION expr_plus UTF8 UTF8 yes 0 quickoff +#11 DJ_DNS_RES_REGION expr_plus UTF8 UTF8 yes 0 quickoff +#12 DF_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon +#12 DJ_SSL_REGION expr_plus UTF8 UTF8 yes 0 quickon +13 DF_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon +13 DJ_MAIL_HDR expr_plus UTF8 UTF8/GBK/BIG5/UNICODE yes 0 quickon +14 DF_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +14 DJ_MAIL_BODY expr_plus UTF8 GBK/BIG5/UNICODE/UTF8 yes +#15 DF_FTP_URL expr UTF8 UTF8 yes +#15 DJ_FTP_URL expr UTF8 UTF8 yes +#17 DJ_IP_PKT_BIN expr UTF8 UTF8 yes +#18 DNS_RESPONSE_STRATEGY plugin GBK GBK no 0 +#19 DNS_GROUP_TYPE plugin GBK GBK no 0 +#20 DNS_FAKE_IP plugin GBK GBK no 0 +#21 DNS_FAKE_INFO plugin GBK GBK no 0 +22 DJ_HTTP_URL expr UTF8 GBK/UTF8 yes +22 DF_HTTP_URL expr UTF8 GBK/UTF8 yes +#23 ENCRYPT_PROTO_RANDOM plugin GBK GBK no 0 |