diff --git a/common/src/tfe_scan.cpp b/common/src/tfe_scan.cpp index 7eac118..8ad76a5 100644 --- a/common/src/tfe_scan.cpp +++ b/common/src/tfe_scan.cpp @@ -85,7 +85,7 @@ int tfe_scan_internal_exteral_by_last_group(const struct tfe_stream *stream, uui { size_t array_size=256, n_hit_result = 0; int hit_cnt_group = 0, scan_ret = 0; - struct maat_hit_object last_hit_objects[128] = {0}; + struct maat_hit_object last_hit_objects[256] = {0}; const char *table_name = get_table_name(stream, table_type); if(table_name == NULL) @@ -465,8 +465,8 @@ int tfe_scan_ipv4_addr(const struct tfe_stream *stream, uuid_t *result, struct m const char *protocol_uuid =PROTOCOL_TCP_UUID_ID; memset(&objects, 0, sizeof(objects)); - uuid_parse(protocol_uuid, objects_uuid); - uuid_copy(objects.object_uuid, objects_uuid); + uuid_parse(protocol_uuid, objects_uuid); + uuid_copy(objects.object_uuid, objects_uuid); scan_ret = maat_scan_object(tfe_get_maat_handle(), "TSG_OBJ_IP_PROTOCOL", "ATTR_IP_PROTOCOL", &objects, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) @@ -529,8 +529,8 @@ int tfe_scan_ipv6_addr(const struct tfe_stream *stream, uuid_t *result, struct m const char *protocol_uuid =PROTOCOL_TCP_UUID_ID; memset(&objects, 0, sizeof(objects)); - uuid_parse(protocol_uuid, objects_uuid); - uuid_copy(objects.object_uuid, objects_uuid); + uuid_parse(protocol_uuid, objects_uuid); + uuid_copy(objects.object_uuid, objects_uuid); scan_ret = maat_scan_object(tfe_get_maat_handle(), "TSG_OBJ_IP_PROTOCOL", "ATTR_IP_PROTOCOL", &objects, 1, result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, scan_mid); if(scan_ret==MAAT_SCAN_HIT) diff --git a/plugin/business/tsg-http/src/tsg_http.cpp b/plugin/business/tsg-http/src/tsg_http.cpp index 4c0a4b3..d3443e5 100644 --- a/plugin/business/tsg-http/src/tsg_http.cpp +++ b/plugin/business/tsg-http/src/tsg_http.cpp @@ -2865,7 +2865,8 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht if ((events & EV_HTTP_REQ_HDR) || (events & EV_HTTP_RESP_HDR)) { - attribute_name= events & EV_HTTP_REQ_HDR ? "ATTR_HTTP_REQ_HDR" : "ATTR_HTTP_RES_HDR"; + attribute_name = events & EV_HTTP_REQ_HDR ? "ATTR_HTTP_REQ_HDR" : "ATTR_HTTP_RES_HDR"; + struct maat_stream *sp = maat_stream_new(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, ctx->scan_mid); http_half = events & EV_HTTP_REQ_HDR ? session->req : session->resp; while (hit_cnt < MAX_SCAN_RESULT) @@ -2876,8 +2877,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht break; } - scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, field_val, strlen(field_val), - result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + scan_ret = maat_stream_scan(sp, field_val, strlen(field_val), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; @@ -2888,9 +2888,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht { break; } - - scan_ret = maat_scan_string(g_proxy_rt->feather, "TSG_OBJ_KEYWORD", attribute_name, str_field_name, strlen(str_field_name), - result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); + scan_ret = maat_stream_scan(sp, str_field_name, strlen(str_field_name), result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt += n_hit_result; @@ -2902,6 +2900,7 @@ enum proxy_action http_scan(const struct tfe_http_session * session, enum tfe_ht { hit_cnt += n_hit_result; } + maat_stream_free(sp); } if ((events & EV_HTTP_REQ_BODY_BEGIN) | (events & EV_HTTP_RESP_BODY_BEGIN)) diff --git a/resource/pangu/doh.json b/resource/pangu/doh.json index 1927492..0a5e2ec 100644 --- a/resource/pangu/doh.json +++ b/resource/pangu/doh.json @@ -63,35 +63,35 @@ { "table_name": "TRAFFIC_MIRRORING_PROFILE", "table_content": [ - {"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1} + {"uuid":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1} ] }, { "table_name": " DECRYPTION_PROFILE", "table_content": [ - {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}, - {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1}, - {"uuid":"DECRYPT0-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1} + {"uuid":"00000000-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}, + {"uuid":"00000000-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1}, + {"uuid":"00000000-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1} ] }, { "table_name": "PXY_INTERCEPT_RULE", "table_content": [ - {"uuid":"INTERCEP-0000-0000-0000-000000000001","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1}, - {"uuid":"INTERCEP-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"TRAFFIC0-MIRR-0000-0000-000000000001"}},"is_valid":1} + {"uuid":"00000000-0000-0000-0000-000000000001","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000002","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1}, + {"uuid":"00000000-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000002","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8"}},"is_valid":1} ] }, { "table_name": "SERVICE_CHAINING_RULE", "table_content": [ - {"uuid":"SC000000-0000-0000-1111-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}, - {"uuid":"SC000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1} + {"uuid":"00000000-0000-0000-0000-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}, + {"uuid":"00000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1} ] }, { "table_name": "PROXY_TCP_OPTION_PROFILE", "table_content": [ - {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1} + {"uuid":"00000000-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1} ] }, { diff --git a/resource/pangu/pangu_http.json b/resource/pangu/pangu_http.json index 6ab23cb..9af7b23 100644 --- a/resource/pangu/pangu_http.json +++ b/resource/pangu/pangu_http.json @@ -5,10 +5,10 @@ { "uuid": "00001021-0000-0000-0000-000000000000", "service": 1, - "action": "manipulate", + "action": "redirect", "blacklist_option": 1, "log_option": "all", - "action_parameter": {"protocol":"http","method":"redirect","code":302,"to":"https://www.jd.com"}, + "action_parameter": {"code":302,"to":"https://www.jd.com"}, "is_valid": "yes", "and_conditions": [ { @@ -40,10 +40,10 @@ { "uuid": "00001023-0000-0000-0000-000000000000", "service": 1, - "action": "manipulate", + "action": "modify", "blacklist_option": 1, - "log_option": "all", - "action_parameter": {"protocol":"http","method":"replace","rules":[{"search_in":"http_resp_body","find":"邮箱","replace_with":"test"}]}, + "log_option": "all", + "action_parameter": {"rules":[{"search_in":"http_resp_body","find":"邮箱","replace_with":"test"}],"vsys_id":1,"sub_action":"replace_text"}, "is_valid": "yes", "and_conditions": [ { @@ -55,7 +55,7 @@ "table_name": "TSG_OBJ_FQDN", "table_type": "expr", "table_content": { - "expression": "baidu.com", + "expression": "126.com", "expr_type": "and" } } @@ -68,10 +68,10 @@ { "uuid": "00001026-0000-0000-0000-000000000000", "service": 1, - "action": "manipulate", + "action": "deny", "blacklist_option": 1, "log_option": "all", - "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"}, + "action_parameter":{"sub_action":"block","message":"E33F01E50AFE043191931DD40190B09B","code":404,"vsys_id":1}, "is_valid": "yes", "and_conditions": [ { @@ -113,10 +113,10 @@ { "uuid": "00001028-0000-0000-0000-000000000000", "service": 1, - "action": "manipulate", + "action": "deny", "blacklist_option": 1, "log_option": "all", - "action_parameter": {"protocol":"http","method":"block","code":403,"message":"error"}, + "action_parameter": {"sub_action":"block","message":"E33F01E50AFE043191931DD40190B09B","code":404,"vsys_id":1}, "is_valid": "yes", "and_conditions": [ { @@ -143,7 +143,7 @@ { "table_name": "TRAFFIC_MIRRORING_PROFILE", "table_content": [ - {"uuid":"TRAFFIC0-MIRR-0000-0000-000000000001","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1} + {"uuid":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8","vlan_ids":[1,2,3,4,5,6,7,8,9],"is_valid":1} ] }, { @@ -165,31 +165,31 @@ ] }, { - "table_name": " DECRYPTION_PROFILE", + "table_name": "DECRYPTION_PROFILE", "table_content": [ - {"uuid":"DECRYPT0-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}, - {"uuid":"DECRYPT0-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1}, - {"uuid":"DECRYPT0-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1} + {"uuid":"00000000-0000-0000-0000-000000000001","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":1},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":0},"fail_action":"pass-through"}},"is_valid":1}, + {"uuid":"00000000-0000-0000-0000-000000000003","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"is_valid":1}, + {"uuid":"00000000-0000-0000-0000-000000000004","decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0,"trusted_root_cert_is_not_installed_on_client":0},"protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}},"is_valid":1} ] }, { "table_name": "PXY_INTERCEPT_RULE", "table_content": [ - {"uuid":"INTERCEP-0000-0000-0000-000000000001","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1}, - {"uuid":"INTERCEP-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"KERING00-TRUS-0000-0000-000000000001","keyring_for_untrusted":"KERING00-UNTR-0000-0000-000000000001","decryption_profile":"DECRYPT0-0000-0000-0000-000000000001","tcp_option_profile":"TCPOPT00-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"TRAFFIC0-MIRR-0000-0000-000000000001"}},"is_valid":1} + {"uuid":"37828c5a-bbb7-42d2-87fa-2c29b91f22c3","action":"intercept", "log_option":"none", "action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000001","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":0}},"is_valid":1}, + {"uuid":"00000000-0000-0000-0000-000000000002","action":"intercept", "log_option":"none","action_parameter":{"vsys_id":1,"keyring_for_trusted":"00000000-0000-0000-0000-000000000002","keyring_for_untrusted":"00000000-0000-0000-0000-000000000000","decryption_profile":"00000000-0000-0000-0000-000000000001","tcp_option_profile":"00000000-0000-0000-0000-000000000001","traffic_mirroring":{"enable":1,"mirroring_profile":"0192dc7e-a87b-7ce9-a1c6-80974e6de3d8"}},"is_valid":1} ] }, { "table_name": "SERVICE_CHAINING_RULE", "table_content": [ - {"uuid":"SC000000-0000-0000-1111-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}, - {"uuid":"SC000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1} + {"uuid":"00000000-0000-0000-0000-000000000001","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"raw","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1}, + {"uuid":"00000000-0000-0000-1111-000000000011","effective_range":{},"action_parameter":{"vsys_id":1,"targeted_traffic":"decrypted","sff_profiles":["00000000-0000-0000-2222-000000000001"]},"is_valid":1} ] }, { "table_name": "PROXY_TCP_OPTION_PROFILE", "table_content": [ - {"uuid":"TCPOPT00-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1} + {"uuid":"00000000-0000-0000-0000-000000000001","tcp_passthrough":0,"bypass_duplicated_packet":0,"client_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"server_side_conn_param":{"tcp_maxseg":{"enable":0,"maxseg":1500},"nodelay":1,"keep_alive":{"enable":1,"tcp_keepcnt":8,"tcp_keepidle":30,"tcp_keepintvl":15},"ttl":70,"user_timeout":{"enable":1,"timeout_ms":600}},"is_valid":1} ] }, {