diff --git a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf index 9d90a490..3cf028f0 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/conflist.inf +++ b/ansible/roles/traffic-engine/files/helm/conf/conflist.inf @@ -1,8 +1,5 @@ [platform] ./plug/stellar_on_sapp/start_loader.inf -{{- if eq .Values.ddos_event.enable .Values.define_enable_val_yes }} -./plug/platform/tsg_ddos_sketch/tsg_ddos_sketch.inf -{{- end }} [protocol] {{- if eq .Values.decoders.SOCKS .Values.define_enable_val_yes }} diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf index e78b0c43..652c6c07 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/main.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf @@ -141,20 +141,6 @@ debug_swtich=30 intput_max_packet=20 qmdpi_engine_config=injection_mode=stream;nb_workers={{- include "traffic-engine.sapp.workerthread" . }};nb_flows=8000;basic_dpi_enable=1;classification_cache_enable=0;fm_flow_table_alloc_mode=0 -[TSG_DDOS_SKETCH] -debug_swtich=30 -en_screen=1 -throughput=1 -mv_depth=4 -mv_width=13660 -timestemp=5 -max_report_num=5000 -min_report_num=0 -tcp_flood_thresh="{{ .Values.ddos_event.tcp_traffic_report_ratio }}" -udp_flood_thresh="{{ .Values.ddos_event.udp_traffic_report_ratio }}" -icmp_flood_thresh="{{ .Values.ddos_event.icmp_traffic_report_ratio }}" -dns_flood_thresh="{{ .Values.ddos_event.dns_traffic_report_ratio }}" - [TRAFFIC_MIRROR] {{- if eq .Values.traffic_mirror.enable_raw_traffic .Values.define_enable_val_yes }} TRAFFIC_MIRROR_ENABLE=1 @@ -183,7 +169,7 @@ POLICY_CYCLE_NUM_SUBMIT=4 {{ if eq .Values.dos_protector.enable .Values.define_enable_val_yes -}} [DOS_PROTECTOR] -SWARMKV_CLUSTER_NAME="tsg-dos-protector" +SWARMKV_CLUSTER_NAME="tsg-ddos-vsys{{ .Values.vsys_id }}" SWARMKV_NODE_IP="0.0.0.0" SWARMKV_NODE_PORT=8551 SWARMKV_CONSUL_IP="NODE_IP_LOCATION" diff --git a/ansible/roles/traffic-engine/files/helm/conf/spec.toml b/ansible/roles/traffic-engine/files/helm/conf/spec.toml index 137a061d..9059ce8d 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/spec.toml +++ b/ansible/roles/traffic-engine/files/helm/conf/spec.toml @@ -44,4 +44,25 @@ exit = "context_based_detector_destroy" path = "./stellar_plugin/dos_protector.so" init = "dos_protector_init" exit = "dos_protector_deinit" +{{- end }} + +{{ if eq .Values.stat_policy_enforcer.enable .Values.define_enable_val_yes -}} +[[plugin]] +path = "./stellar_plugin/stat_policy_enforcer.so" +init = "STATISTICS_INIT" +exit = "STATISTICS_EXIT" +{{- end }} + +{{ if eq .Values.traffic_sketch.enable .Values.define_enable_val_yes -}} +[[plugin]] +path = "./stellar_plugin/traffic_sketch.so" +init = "TRAFFIC_SKETCH_INIT" +exit = "TRAFFIC_SKETCH_EXIT" +{{- end }} + +{{ if eq .Values.policy_sketch.enable .Values.define_enable_val_yes -}} +[[plugin]] +path = "./stellar_plugin/policy_sketch.so" +init = "POLICY_SKETCH_INIT" +exit = "POLICY_SKETCH_EXIT" {{- end }} \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/helm/values.yaml b/ansible/roles/traffic-engine/files/helm/values.yaml index dc50123b..4e9654e7 100644 --- a/ansible/roles/traffic-engine/files/helm/values.yaml +++ b/ansible/roles/traffic-engine/files/helm/values.yaml @@ -78,13 +78,6 @@ traffic_mirror: enable_raw_traffic: yes enable_decrypted_traffic: yes -ddos_event: - enable: yes - tcp_traffic_report_ratio: 0.0008 - udp_traffic_report_ratio: 0.0008 - icmp_traffic_report_ratio: 0.0008 - dns_traffic_report_ratio: 0.0008 - packet_capture: enable: yes @@ -236,4 +229,13 @@ session_flags: enable: yes dos_protector: - enable: no \ No newline at end of file + enable: no + +stat_policy_enforcer: + enable: yes + +traffic_sketch: + enable: yes + +policy_sketch: + enable: yes \ No newline at end of file