fbc7b5a715
* TSG-2847 - TFE 新增 cmsg 共享 TSG Master 的扫描结果 * TSG-2851 - Pangu 从 cmsg 获取 TSG Master 的扫描结果 * TSG-2852 - DOH 从 cmsg 获取 TSG Master 的扫描结果 * TSG-2849 - TFE DOH 功能支持 SUBID * 合并 pangu/doh 的 maat scan 的代码为 tfe_scan
128 lines
2.5 KiB
Plaintext
128 lines
2.5 KiB
Plaintext
[system]
|
|
nr_worker_threads=1
|
|
enable_kni_v1=0
|
|
enable_kni_v2=1
|
|
disable_coredump=0
|
|
enable_cpu_affinity=0
|
|
# ask for at least (1 + nr_worker_threads) masks
|
|
# the first mask for acceptor thread
|
|
# the others mask for worker thread
|
|
cpu_affinity_mask=1-9,10-12
|
|
# LEAST_CONN = 0; ROUND_ROBIN = 1, default 1
|
|
load_balance=1
|
|
|
|
[kni]
|
|
ip=192.168.100.1
|
|
cmsg_port=2475
|
|
watchdog_switch=1
|
|
watchdog_port=2476
|
|
|
|
[ssl]
|
|
ssl_max_version=tls13
|
|
ssl_min_version=ssl3
|
|
no_session_cache=0
|
|
no_session_ticket=0
|
|
log_master_key=0
|
|
trusted_cert_file=resource/tfe/tls-ca-bundle.pem
|
|
trusted_cert_dir=resource/tfe/trusted_storage
|
|
key_log_file=log/sslkeylog.log
|
|
no_alpn=0
|
|
stek_group_num=4
|
|
stek_rotation_time=3600
|
|
service_cache_succ_as_app_not_pinning_cnt=3
|
|
|
|
# SSL mid cert cache
|
|
# default 0
|
|
mc_cache_enable=1
|
|
# default eth0
|
|
mc_cache_eth=eth0
|
|
# default NULL
|
|
mc_cache_broker_list=192.168.40.224:9092
|
|
# default PXY-EXCH-INTERMEDIA-CERT
|
|
mc_cache_topic=PXY-EXCH-INTERMEDIA-CERT
|
|
|
|
[key_keeper]
|
|
#Mode: debug - generate cert with ca_path, normal - generate cert with cert store
|
|
#0 on cache 1 off cache
|
|
no_cache=0
|
|
mode=normal
|
|
cert_store_host=192.168.10.8
|
|
cert_store_port=9991
|
|
ca_path=resource/tfe/tango-ca-trust-ca.pem
|
|
untrusted_ca_path=resource/tfe/tango-ca-untrust-ca.pem
|
|
# health_check only for "mode=normal"
|
|
# default 1
|
|
enable_health_check=1
|
|
|
|
[debug]
|
|
# 1 : enforce tcp passthrough
|
|
# 0 : Whether to passthrough depends on the tcp_options in cmsg
|
|
passthrough_all_tcp=0
|
|
|
|
[ratelimit]
|
|
#read_rate=200000
|
|
#read_burst=200000
|
|
#write_rate=200000
|
|
#write_burst=200000
|
|
|
|
[tcp]
|
|
sz_rcv_buffer=0
|
|
sz_snd_buffer=0
|
|
|
|
# 1 : use tcp_options in tfe.conf
|
|
# 0 : use tcp_options in cmsg
|
|
enable_overwrite=0
|
|
tcp_nodelay=1
|
|
so_keepalive=1
|
|
tcp_keepcnt=8
|
|
tcp_keepintvl=15
|
|
tcp_keepidle=30
|
|
tcp_user_timeout=600
|
|
tcp_ttl_upstream=75
|
|
tcp_ttl_downstream=70
|
|
|
|
[log]
|
|
level=10
|
|
|
|
[stat]
|
|
statsd_server=192.168.10.72
|
|
statsd_port=8126
|
|
statsd_cycle=2
|
|
# FS_OUTPUT_STATSD=1, FS_OUTPUT_INFLUX_LINE=2
|
|
statsd_format=1
|
|
|
|
[http]
|
|
loglevel=20
|
|
|
|
[traffic_mirror]
|
|
device=eth4
|
|
type=1
|
|
|
|
[kafka]
|
|
enable=1
|
|
NIC_NAME=enp2s0
|
|
kafka_brokerlist=192.168.40.224:9092
|
|
kafka_topic=PROXY-EVENT-LOG
|
|
device_id_filepath=/opt/tsg/etc/tsg_sn.json
|
|
|
|
[maat]
|
|
# 0:json 1:redis 2:iris
|
|
maat_input_mode=1
|
|
stat_switch=1
|
|
perf_switch=1
|
|
table_info=resource/pangu/table_info.conf
|
|
accept_path=/opt/tsg/etc/tsg_device_tag.json
|
|
stat_file=log/pangu_scan.fs2
|
|
effect_interval_s=1
|
|
|
|
# json mode conf iterm
|
|
json_cfg_file=resource/pangu/pangu_http.json
|
|
|
|
# redis mode conf iterm
|
|
maat_redis_server=10.4.34.4
|
|
maat_redis_port_range=6380-6389
|
|
maat_redis_db_index=4
|
|
|
|
# iris mode conf iterm
|
|
full_cfg_dir=pangu_policy/full/index/
|
|
inc_cfg_dir=pangu_policy/inc/index/ |