[system]
nr_worker_threads=1
enable_kni_v1=0
enable_kni_v2=1
disable_coredump=0
enable_cpu_affinity=0
# ask for at least (1 + nr_worker_threads) masks
# the first  mask for acceptor thread
# the others mask for worker   thread
cpu_affinity_mask=1-9,10-12
# LEAST_CONN = 0; ROUND_ROBIN = 1, default 1
load_balance=1

[kni]
ip=192.168.100.1
cmsg_port=2475
watchdog_switch=1
watchdog_port=2476

[ssl]
ssl_max_version=tls13
ssl_min_version=ssl3
no_session_cache=0
no_session_ticket=0
log_master_key=0
trusted_cert_file=resource/tfe/tls-ca-bundle.pem
trusted_cert_dir=resource/tfe/trusted_storage
key_log_file=log/sslkeylog.log
no_alpn=0
stek_group_num=4
stek_rotation_time=3600
service_cache_succ_as_app_not_pinning_cnt=3

# SSL mid cert cache
# default 0
mc_cache_enable=1
# default eth0
mc_cache_eth=eth0
# default NULL
mc_cache_broker_list=192.168.40.224:9092
# default PXY-EXCH-INTERMEDIA-CERT
mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT

[key_keeper]
#Mode: debug - generate cert with ca_path, normal - generate cert with cert store
#0 on cache 1 off cache
no_cache=0
mode=normal
cert_store_host=192.168.10.8
cert_store_port=9991
ca_path=resource/tfe/tango-ca-trust-ca.pem
untrusted_ca_path=resource/tfe/tango-ca-untrust-ca.pem
# health_check only for "mode=normal"
# default 1
enable_health_check=1

[debug]
# 1 : enforce tcp passthrough
# 0 : Whether to passthrough depends on the tcp_options in cmsg
passthrough_all_tcp=0

[ratelimit]
#read_rate=200000
#read_burst=200000
#write_rate=200000
#write_burst=200000

[tcp]
sz_rcv_buffer=0
sz_snd_buffer=0

# 1 : use tcp_options in tfe.conf
# 0 : use tcp_options in cmsg
enable_overwrite=0
tcp_nodelay=1
so_keepalive=1
tcp_keepcnt=8
tcp_keepintvl=15
tcp_keepidle=30
tcp_user_timeout=600
tcp_ttl_upstream=75
tcp_ttl_downstream=70

[log]
level=10

[stat]
statsd_server=192.168.10.72
statsd_port=8126
statsd_cycle=2
# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
statsd_format=1

[http]
loglevel=20

[traffic_mirror]
device=eth4
type=1

[kafka]
enable=1
NIC_NAME=enp2s0
kafka_brokerlist=192.168.40.224:9092
kafka_topic=PROXY-EVENT-LOG
device_id_filepath=/opt/tsg/etc/tsg_sn.json

[maat]
# 0:json 1:redis 2:iris
maat_input_mode=1
stat_switch=1
perf_switch=1
table_info=resource/pangu/table_info.conf
accept_path=/opt/tsg/etc/tsg_device_tag.json
stat_file=log/pangu_scan.fs2
effect_interval_s=1

# json mode conf iterm
json_cfg_file=resource/pangu/pangu_http.json

# redis mode conf iterm
maat_redis_server=10.4.34.4
maat_redis_port_range=6380-6389
maat_redis_db_index=4

# iris mode conf iterm
full_cfg_dir=pangu_policy/full/index/
inc_cfg_dir=pangu_policy/inc/index/