[system]
nr_worker_threads={{ tfe.nr_threads }}
enable_breakpad=0
enable_breakpad_upload=0
breakpad_minidump_dir=/run/tfe/crashreport/
breakpad_upload_url=http://127.0.0.1:9000/
disable_coredump=0


[kni]
ip=192.168.100.1
cmsg_port=2475
watchdog_switch=1
watchdog_port=2476

[ssl]
ssl_max_version=tls13
ssl_min_version=ssl3
no_session_cache=0
no_session_ticket=0
log_master_key=0
trusted_cert_load_local=1
trusted_cert_file=resource/tfe/tls-ca-bundle.pem
trusted_cert_dir=resource/tfe/trusted_storage
key_log_file=log/sslkeylog.log
no_alpn=0
stek_group_num=4
stek_rotation_time=3600
service_cache_expire_seconds=600

# SSL mid cert cache
# default 0
mc_cache_enable=1
# default eth0
mc_cache_eth={{ nic_inner_ctrl.name }}
# default NULL
mc_cache_broker_list={{ log_kafkabrokers.address }}
# default PXY-EXCH-INTERMEDIA-CERT
mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT

[key_keeper]
#Mode: debug - generate cert with ca_path, normal - generate cert with cert store
#0 on cache 1 off cache
mode= normal
no_cache=0
cert_store_host= {{ cert_store_server.address }}
cert_store_port= {{ cert_store_server.port }}
ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
# health_check only for "mode=normal"
# default 1
enable_health_check=1

[debug]
passthrough_all_tcp=0

[traffic_mirror]
{% if tsg_running_type != 2 %}
device=lo
type=0
{% else %}
device={{ nic_traffic_mirror.name }}
type=1
{% endif %}


[ratelimit]
#read_rate=200000
#read_burst=200000
#write_rate=200000
#write_burst=200000

[tcp]
so_keepalive=1
tcp_keepcnt=8
tcp_keepintvl=15
tcp_keepidle=30
tcp_user_timeout=600
tcp_ttl_upstream=75
tcp_ttl_downstream=70

[log]
level={{ tfe_log_level }}

[stat]
statsd_server=127.0.0.1
statsd_port=8100
statsd_cycle=5
# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
statsd_format=2

[http]
loglevel={{ tfe_http_log_level }}

[kafka]
enable=1
nic_name={{ nic_mgr.name }}
kafka_brokerlist={{ log_kafkabrokers.address }}
kafka_topic=PROXY-EVENT-LOG
device_id_filepath=/opt/tsg/etc/tsg_sn.json

[maat]
# 0:json 1: redis 2: iris
maat_input_mode=1
table_info=resource/pangu/table_info.conf
json_cfg_file=resource/pangu/pangu_http.json
stat_file=log/pangu_scan.status
full_cfg_dir=pangu_policy/full/index/
inc_cfg_dir=pangu_policy/inc/index/

maat_redis_server={{ maat_redis_server.address }}
maat_redis_port_range={{ maat_redis_server.port }}
maat_redis_db_index={{ maat_redis_server.db }}
effect_interval_s=1
#accept_tags={"tags":[{"tag":"location","value":"Astana"}]}
accept_path=/opt/tsg/etc/tsg_device_tag.json

[dynamic_maat]
maat_input_mode=1
table_info=resource/pangu/dynamic_maat_table_info.conf
maat_redis_server={{ dynamic_maat_redis_server.address }}
maat_redis_port_range={{ dynamic_maat_redis_server.port }}
maat_redis_db_index={{ dynamic_maat_redis_server.db }}
effect_interval_s=1