CyberMind-FR
58a51eb271
- secubox-dpi-dual package with parallel MITM + Passive TAP analysis - TAP stream: tc mirred port mirroring to dummy interface for netifyd - Flow collector: Stats aggregation from netifyd, cleanup, JSON output - Correlation engine: Matches MITM WAF events with TAP flow data - Watches CrowdSec decisions and WAF alerts for threat enrichment - CLI: dpi-dualctl with start/stop/status/flows/threats/mirror commands - Procd service: manages flow-collector + correlator instances - MITM double buffer: dpi_buffer.py mitmproxy addon (Phase 2 prep) - UCI config: dual/mitm-only/tap-only mode selection Architecture: package/secubox/DUAL-STREAM-DPI.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
92 lines
2.1 KiB
Bash
92 lines
2.1 KiB
Bash
#!/bin/sh /etc/rc.common
|
|
# DPI Dual-Stream procd service
|
|
# Part of secubox-dpi-dual package
|
|
|
|
START=95
|
|
STOP=10
|
|
USE_PROCD=1
|
|
|
|
NAME="dpi-dual"
|
|
PROG="/usr/sbin/dpi-dualctl"
|
|
|
|
validate_section() {
|
|
uci_load_validate dpi-dual global "$1" "$2" \
|
|
'enabled:bool:1' \
|
|
'mode:string:dual' \
|
|
'correlation:bool:1' \
|
|
'stats_dir:string:/tmp/secubox' \
|
|
'flow_dir:string:/tmp/dpi-flows'
|
|
}
|
|
|
|
start_service() {
|
|
local enabled mode
|
|
|
|
config_load dpi-dual
|
|
config_get enabled settings enabled "1"
|
|
config_get mode settings mode "dual"
|
|
|
|
[ "$enabled" != "1" ] && {
|
|
echo "DPI Dual-Stream is disabled"
|
|
return 0
|
|
}
|
|
|
|
echo "Starting DPI Dual-Stream (mode: $mode)..."
|
|
|
|
# Create directories
|
|
local stats_dir flow_dir
|
|
config_get stats_dir settings stats_dir "/tmp/secubox"
|
|
config_get flow_dir settings flow_dir "/tmp/dpi-flows"
|
|
mkdir -p "$stats_dir" "$flow_dir"
|
|
|
|
# Start TAP stream if enabled
|
|
case "$mode" in
|
|
dual|tap-only)
|
|
/usr/lib/dpi-dual/mirror-setup.sh start
|
|
|
|
# Start flow collector as procd service
|
|
procd_open_instance flow-collector
|
|
procd_set_param command /usr/sbin/dpi-flow-collector start
|
|
procd_set_param respawn
|
|
procd_set_param stdout 1
|
|
procd_set_param stderr 1
|
|
procd_close_instance
|
|
;;
|
|
esac
|
|
|
|
# Start correlator if enabled
|
|
local correlation
|
|
config_get correlation settings correlation "1"
|
|
if [ "$correlation" = "1" ]; then
|
|
procd_open_instance correlator
|
|
procd_set_param command /usr/sbin/dpi-correlator start
|
|
procd_set_param respawn
|
|
procd_set_param stdout 1
|
|
procd_set_param stderr 1
|
|
procd_close_instance
|
|
fi
|
|
|
|
echo "DPI Dual-Stream started"
|
|
}
|
|
|
|
stop_service() {
|
|
echo "Stopping DPI Dual-Stream..."
|
|
|
|
# Stop mirror
|
|
/usr/lib/dpi-dual/mirror-setup.sh stop 2>/dev/null
|
|
|
|
echo "DPI Dual-Stream stopped"
|
|
}
|
|
|
|
reload_service() {
|
|
stop_service
|
|
start_service
|
|
}
|
|
|
|
service_triggers() {
|
|
procd_add_reload_trigger "dpi-dual"
|
|
}
|
|
|
|
status() {
|
|
/usr/sbin/dpi-dualctl status
|
|
}
|