TSG-2994 将 TFE 支持的配置项补充到 tfe.conf 中

conf/tfe/future.conf

@@ -3,6 +3,7 @@ no_stats=0
 statsd_server=192.168.10.72
 statsd_port=8092
 histogram_bins=0.50,0.80,0.9,0.95
-statsd_cycle=2
+statsd_cycle=5
 # FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=1
+statsd_format=2
+print_diff=1

conf/tfe/tfe.conf

@@ -1,44 +1,83 @@
 [system]
-nr_worker_threads=1
+nr_worker_threads=8
 enable_kni_v1=0
 enable_kni_v2=1
+
+# Only when (disable_coredump == 1 || (enable_breakpad == 1 && enable_breakpad_upload == 1)) is satisfied, the core will not be generated locally
 disable_coredump=0
-enable_cpu_affinity=0
+enable_breakpad=1
+enable_breakpad_upload=1
+breakpad_upload_url=http://sentry.mesalab.cn:9000/api/3/minidump/?sentry_key=e8e446bb3bd8435c97f4c01770ca7025
+# must be /run/tfe/crashreport，due to tmpfile limit
+breakpad_minidump_dir=/run/tfe/crashreport
+
 # ask for at least (1 + nr_worker_threads) masks
 # the first  mask for acceptor thread
 # the others mask for worker   thread
-cpu_affinity_mask=1-9,10-12
-# LEAST_CONN = 0; ROUND_ROBIN = 1, default 1
+enable_cpu_affinity=0
+cpu_affinity_mask=1-9
+# LEAST_CONN = 0; ROUND_ROBIN = 1
 load_balance=1
 
 [kni]
+# kni v1
+#uxdomain=/var/run/.tfe_kni_acceptor_handler
+# kni v2
+#scm_socket_file=/var/run/.tfe_kmod_scm_socket
+
+# send cmsg
+send_switch=1
 ip=192.168.100.1
 cmsg_port=2475
+
+# watch dog
 watchdog_switch=1
 watchdog_port=2476
 
 [ssl]
 ssl_max_version=tls13
 ssl_min_version=ssl3
-no_session_cache=0
+ssl_compression=1
+no_ssl2=1
+no_ssl3=0
+no_tls10=0
+no_tls11=0
+no_tls12=0
+default_ciphers=ALL:-aNULL
+no_cert_verify=0
+
+# session ticket
 no_session_ticket=0
-log_master_key=0
-trusted_cert_file=resource/tfe/tls-ca-bundle.pem
-trusted_cert_dir=resource/tfe/trusted_storage
-key_log_file=log/sslkeylog.log
-no_alpn=0
 stek_group_num=4
 stek_rotation_time=3600
-service_cache_succ_as_app_not_pinning_cnt=3
 
-# SSL mid cert cache
-# default 0
+# session cache
+no_session_cache=0
+session_cache_slots=4194304
+session_cache_expire_seconds=1800
+
+# service cache
+service_cache_slots=4194304
+service_cache_expire_seconds=300
+service_cache_fail_as_pinning_cnt=4
+service_cache_fail_as_proto_err_cnt=5
+service_cache_succ_as_app_not_pinning_cnt=0
+service_cache_fail_time_window=30
+
+# cert
+check_cert_crl=0
+trusted_cert_load_local=1
+trusted_cert_file=resource/tfe/tls-ca-bundle.pem
+trusted_cert_dir=resource/tfe/trusted_storage
+
+# master key
+log_master_key=0
+key_log_file=log/sslkeylog.log
+
+# mid cert cache
 mc_cache_enable=1
-# default eth0
 mc_cache_eth=eth0
-# default NULL
 mc_cache_broker_list=192.168.40.224:9092
-# default PXY-EXCH-INTERMEDIA-CERT
 mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
 
 [key_keeper]
@@ -50,8 +89,11 @@ cert_store_host=192.168.10.8
 cert_store_port=9991
 ca_path=resource/tfe/tango-ca-trust-ca.pem
 untrusted_ca_path=resource/tfe/tango-ca-untrust-ca.pem
-# health_check only for "mode=normal"
-# default 1
+hash_slot_size=131072
+hash_expire_seconds=300
+cert_expire_time=24
+
+# health_check only for "mode=normal" default 1
 enable_health_check=1
 
 [debug]
@@ -60,14 +102,15 @@ enable_health_check=1
 passthrough_all_tcp=0
 
 [ratelimit]
-#read_rate=200000
-#read_burst=200000
-#write_rate=200000
-#write_burst=200000
+read_rate=0
+read_burst=0
+write_rate=0
+write_burst=0
 
 [tcp]
-sz_rcv_buffer=0
-sz_snd_buffer=0
+# read rcv_buff/snd_buff options from tfe conf
+sz_rcv_buffer=-1
+sz_snd_buffer=-1
 
 # 1 : use tcp_options in tfe.conf
 # 0 : use tcp_options in cmsg
@@ -83,19 +126,23 @@ tcp_ttl_downstream=70
 
 [log]
 level=10
+location=log/tfe.log
 
 [stat]
 statsd_server=192.168.10.72
 statsd_port=8126
-statsd_cycle=2
-# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
-statsd_format=1
+statsd_cycle=5
+# 1:FS_OUTPUT_STATSD; 2:FS_OUTPUT_INFLUX_LINE
+statsd_format=2
+histogram_bins=0.5,0.8,0.9,0.95
 
 [http]
 loglevel=20
 
 [traffic_mirror]
+enable=1
 device=eth4
+# 0:TRAFFIC_MIRROR_ETHDEV_AF_PACKET; 1:TRAFFIC_MIRROR_ETHDEV_MARSIO
 type=1
 
 [kafka]
@@ -114,6 +161,14 @@ table_info=resource/pangu/table_info.conf
 accept_path=/opt/tsg/etc/tsg_device_tag.json
 stat_file=log/pangu_scan.fs2
 effect_interval_s=1
+deferred_load_on=0
+
+# Pangu uses accept_tags to support the effective range of the device.
+# Traffic mirroring does not need to support the effective range of the device,
+# but pangu and traffic mirroring use the same maat configuration file.
+# Therefore, there is no need to set accept_tags in tfe.conf,
+# just set accept_tags in the tfe_resource_init() code
+# accept_tags={"tags":[{"tag":"device_id","value":"device_1"}]}
 
 # json mode conf iterm
 json_cfg_file=resource/pangu/pangu_http.json

platform/include/internal/proxy.h

@@ -101,9 +101,6 @@ struct tfe_proxy
 	unsigned int nr_work_threads;
 	struct tfe_thread_ctx * work_threads[TFE_THREAD_MAX];
 
-	/* buffer options */
-	unsigned int buffer_output_limit;
-
 	unsigned int nr_modules;
 	struct tfe_plugin * modules;
 

platform/src/acceptor_kni_v2.cpp

@@ -193,7 +193,7 @@ struct acceptor_kni_v2 * acceptor_kni_v2_create(struct tfe_proxy * proxy, const
 	__ctx->logger = logger;
 
 	/* Read the unix domain socket file, this file is used to recieve fds from KNI */
-	MESA_load_profile_string_def(profile, "acceptor_kni_v2", "scm_socket_file", __ctx->str_scm_socket,
+	MESA_load_profile_string_def(profile, "kni", "scm_socket_file", __ctx->str_scm_socket,
 		sizeof(__ctx->str_scm_socket), TFE_CONFIG_SCM_SOCKET_FILE);
 
 	__sockaddr_un.sun_family = AF_UNIX;

platform/src/proxy.cpp

@@ -335,7 +335,6 @@ int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile)
 {
 	/* Worker threads */
 	MESA_load_profile_uint_def(profile, "system", "nr_worker_threads", &proxy->nr_work_threads, 1);
-	MESA_load_profile_uint_def(profile, "system", "buffer_output_limit", &proxy->buffer_output_limit, 0);
 	MESA_load_profile_uint_def(profile, "system", "enable_cpu_affinity", &proxy->enable_cpu_affinity, 0);
 	MESA_load_profile_uint_range(profile, "system", "cpu_affinity_mask", TFE_THREAD_MAX, proxy->cpu_affinity_mask);
 	// LEAST_CONN = 0; ROUND_ROBIN = 1,