tango-kni/conf/kni/kni.conf

[global]
log_path = ./log/kni/kni.log
log_level = 10
tfe_node_count = 3
manage_eth = enp6s0
# deploy_mode: normal/tap
deploy_mode = normal
src_mac_addr = 00:0e:c6:d6:72:c1
dst_mac_addr = fe:65:b7:03:50:bd

[tap]
tap_name=tap0

# 1.tap_allow_mutilthread=1     load bpf rss obj
# 2.tap_allow_mutilthread=0 not load bpf rss obj
tap_allow_mutilthread=1
bpf_obj=/opt/tsg/sapp/plug/business/kni/bpf_tun_rss_steering.o
bpf_default_queue=-1
# tap_bpf_debug_log: cat /sys/kernel/debug/tracing/trace_pipe
bpf_debug_log=0
# 2: BPF 使用二元组分流
# 4: BPF 使用四元组分流
bpf_hash_mode=2

# 配置 tap 网卡的 RPS
tap_rps_enable=1
tap_rps_mask=0,1fffffff,c0000000,00000000

[io_uring]
enable_iouring=1
enable_debuglog=0
ring_size=1024
buff_size=2048
# io_uring_setup() flags
# IORING_SETUP_IOPOLL	(1U << 0)	/* io_context is polled */
# IORING_SETUP_SQPOLL	(1U << 1)	/* SQ poll thread */
# IORING_SETUP_SQ_AFF	(1U << 2)	/* sq_thread_cpu is valid */
# IORING_SETUP_CQSIZE	(1U << 3)	/* app defines CQ size */
# IORING_SETUP_CLAMP	(1U << 4)	/* clamp SQ/CQ ring sizes */
# IORING_SETUP_ATTACH_WQ	(1U << 5)	/* attach to existing wq */
# IORING_SETUP_R_DISABLED	(1U << 6)	/* start with ring disabled */
# IORING_SETUP_SUBMIT_ALL	(1U << 7)	/* continue submit on error */
flags=0
sq_thread_idle=0

[tfe0]
enabled = 1
dev_eth_symbol = ens1f5
ip_addr = 192.168.100.2

[tfe1]
enabled = 1
dev_eth_symbol = ens1f6
ip_addr = 192.168.100.3

[tfe2]
enabled = 1
dev_eth_symbol = ens1f7
ip_addr = 192.168.100.4

[tfe_cmsg_receiver]
listen_eth = ens1.100
listen_port = 2475

[watch_dog]
switch = 1
listen_eth = ens1.100
listen_port = 2476
keepalive_idle = 2
keepalive_intvl = 1
keepalive_cnt = 3

[marsio]
appsym = knifw

[dup_traffic]
switch = 1
action = 2
capacity = 10000000
error_rate = 0.00001
expiry_time = 60

[traceid2pme_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 30
mho_eliminate_type = LRU

#per thread
[tuple2stream_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 0
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 0
mho_eliminate_type = LRU

[field_stat]
remote_switch = 1
remote_ip = 127.0.0.1
remote_port = 58100
local_path = ./fs2_kni.status
stat_cycle = 1
print_mode = 1
# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
statsd_format = 2
APP_NAME = fs2_kni

#self test Shunt rules security policy id
[tsg_diagnose]
enabled = 1
security_policy_id = 3,10


[ssl_dynamic_bypass]
enabled = 1

#kni dynamic bypass
[traceid2sslinfo_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 80000
mho_hash_max_element_num = 320000
mho_expire_time = 300
mho_eliminate_type = FIFO

[sslinfo2bypass_htable]
mho_screen_print_ctrl = 0
mho_thread_safe = 1
mho_mutex_num = 160
mho_hash_slot_size = 640000
mho_hash_max_element_num = 2560000
mho_expire_time = 300
mho_eliminate_type = FIFO

[proxy_tcp_option]
enabled = 1
maat_table_compile = PXY_TCP_OPTION_COMPILE
maat_table_addr = PXY_TCP_OPTION_ADDR
maat_table_fqdn = PXY_TCP_OPTION_SERVER_FQDN
enable_override = 0
client_tcp_maxseg_enable = 0
client_tcp_maxseg = 1460
client_tcp_nodelay =  1
client_tcp_ttl = 70
client_tcp_keepalive_enable = 1
client_tcp_keepalive_keepcnt = 8
client_tcp_keepalive_keepidle = 30
client_tcp_keepalive_keepintvl = 15
client_tcp_user_timeout = 600
server_tcp_maxseg_enable = 0
server_tcp_maxseg = 1460
server_tcp_nodelay = 1
server_tcp_ttl = 75
server_tcp_keepalive_enable = 1
server_tcp_keepalive_keepcnt = 8
server_tcp_keepalive_keepidle = 30
server_tcp_keepalive_keepintvl = 15
server_tcp_user_timeout = 600
bypass_duplicated_packet = 0
tcp_passthrough = 0

[share_session_attribute]
SESSION_ATTRIBUTE_LABEL=TSG_MASTER_INTERNAL_LABEL

[proxy_hits]
interval_ms=1000
telegraf_port=8400
telegraf_ip=127.0.0.1
app_name="proxy_rule_hits"