From 0eef019a87dc3d6b9de0181a1ed723cfc20387cc Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Wed, 31 Aug 2022 10:01:00 +0800 Subject: [PATCH] =?UTF-8?q?DDoS=E9=98=B2=E6=8A=A4=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E7=A7=92=E7=BA=A7=E8=BF=9E=E6=8E=A5=E9=80=9F=E7=8E=87=E9=99=90?= =?UTF-8?q?=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkg/dnsconfigs/defaults.go | 26 ++++++++++----------- pkg/nodeconfigs/defaults.go | 26 ++++++++++----------- pkg/serverconfigs/ddosconfigs/tcp_config.go | 11 +++++---- 3 files changed, 33 insertions(+), 30 deletions(-) diff --git a/pkg/dnsconfigs/defaults.go b/pkg/dnsconfigs/defaults.go index 6565b58..a839979 100644 --- a/pkg/dnsconfigs/defaults.go +++ b/pkg/dnsconfigs/defaults.go @@ -12,14 +12,15 @@ const ( DefaultMaxThreadsMin = 1000 // 单节点最大线程数最小值 DefaultMaxThreadsMax = 100_000 // 单节点最大线程数最大值 - DefaultTCPMaxConnections = 100_000 // 单节点TCP最大连接数 - DefaultTCPMaxConnectionsPerIP = 1000 // 单IP最大连接数 - DefaultTCPMinConnectionsPerIP = 5 // 单IP最小连接数 - DefaultTCPNewConnectionsRate = 500 // 单IP连接速率限制(按分钟) - DefaultTCPNewConnectionsMinRate = 5 // 单IP最小连接速率 - DefaultTCPDenyNewConnectionsRate = 1000 // 加入黑名单的连接速率 - DefaultTCPDenyNewConnectionsMinRate = 5 // 加入黑名单的最小连接速率 - DefaultTCPDenyNewConnectionsRateTimeout = 1800 // 超过黑名单连接速率禁止时间 + DefaultTCPMaxConnections = 100_000 // 单节点TCP最大连接数 + DefaultTCPMaxConnectionsPerIP = 1000 // 单IP最大连接数 + DefaultTCPMinConnectionsPerIP = 5 // 单IP最小连接数 + + DefaultTCPNewConnectionsMinutelyRate = 500 // 单IP连接速率限制(按分钟) + DefaultTCPNewConnectionsMinMinutelyRate = 3 // 单IP最小连接速率 + + DefaultTCPNewConnectionsSecondlyRate = 300 // 单IP连接速率限制(按秒) + DefaultTCPNewConnectionsMinSecondlyRate = 3 // 单IP最小连接速率 DefaultTCPLinger = 3 // 单节点TCP Linger值 DefaultTLSHandshakeTimeout = 3 // TLS握手超时时间 @@ -29,9 +30,8 @@ var DefaultConfigs = maps.Map{ "tcpMaxConnections": DefaultTCPMaxConnections, "tcpMaxConnectionsPerIP": DefaultTCPMaxConnectionsPerIP, "tcpMinConnectionsPerIP": DefaultTCPMinConnectionsPerIP, - "tcpNewConnectionsRate": DefaultTCPNewConnectionsRate, - "tcpNewConnectionsMinRate": DefaultTCPNewConnectionsMinRate, - "tcpDenyNewConnectionsRate": DefaultTCPDenyNewConnectionsRate, - "tcpDenyNewConnectionsMinRate": DefaultTCPDenyNewConnectionsMinRate, - "tcpDenyNewConnectionsRateTimeout": DefaultTCPDenyNewConnectionsRateTimeout, + "tcpNewConnectionsMinutelyRate": DefaultTCPNewConnectionsMinutelyRate, + "tcpNewConnectionsMinMinutelyRate": DefaultTCPNewConnectionsMinMinutelyRate, + "tcpNewConnectionsSecondlyRate": DefaultTCPNewConnectionsSecondlyRate, + "tcpNewConnectionsMinSecondlyRate": DefaultTCPNewConnectionsMinSecondlyRate, } diff --git a/pkg/nodeconfigs/defaults.go b/pkg/nodeconfigs/defaults.go index 7bc28f4..2a2abd0 100644 --- a/pkg/nodeconfigs/defaults.go +++ b/pkg/nodeconfigs/defaults.go @@ -12,14 +12,15 @@ const ( DefaultMaxThreadsMin = 1000 // 单节点最大线程数最小值 DefaultMaxThreadsMax = 100_000 // 单节点最大线程数最大值 - DefaultTCPMaxConnections = 100_000 // 单节点TCP最大连接数 - DefaultTCPMaxConnectionsPerIP = 1000 // 单IP最大连接数 - DefaultTCPMinConnectionsPerIP = 5 // 单IP最小连接数 - DefaultTCPNewConnectionsRate = 500 // 单IP连接速率限制(按分钟) - DefaultTCPNewConnectionsMinRate = 5 // 单IP最小连接速率 - DefaultTCPDenyNewConnectionsRate = 1000 // 加入黑名单的连接速率 - DefaultTCPDenyNewConnectionsMinRate = 5 // 加入黑名单的最小连接速率 - DefaultTCPDenyNewConnectionsRateTimeout = 1800 // 超过黑名单连接速率禁止时间 + DefaultTCPMaxConnections = 100_000 // 单节点TCP最大连接数 + DefaultTCPMaxConnectionsPerIP = 1000 // 单IP最大连接数 + DefaultTCPMinConnectionsPerIP = 5 // 单IP最小连接数 + + DefaultTCPNewConnectionsMinutelyRate = 500 // 单IP连接速率限制(按分钟) + DefaultTCPNewConnectionsMinMinutelyRate = 3 // 单IP最小连接速率 + + DefaultTCPNewConnectionsSecondlyRate = 300 // 单IP连接速率限制(按秒) + DefaultTCPNewConnectionsMinSecondlyRate = 3 // 单IP最小连接速率 DefaultTCPLinger = 3 // 单节点TCP Linger值 DefaultTLSHandshakeTimeout = 3 // TLS握手超时时间 @@ -29,9 +30,8 @@ var DefaultConfigs = maps.Map{ "tcpMaxConnections": DefaultTCPMaxConnections, "tcpMaxConnectionsPerIP": DefaultTCPMaxConnectionsPerIP, "tcpMinConnectionsPerIP": DefaultTCPMinConnectionsPerIP, - "tcpNewConnectionsRate": DefaultTCPNewConnectionsRate, - "tcpNewConnectionsMinRate": DefaultTCPNewConnectionsMinRate, - "tcpDenyNewConnectionsRate": DefaultTCPDenyNewConnectionsRate, - "tcpDenyNewConnectionsMinRate": DefaultTCPDenyNewConnectionsMinRate, - "tcpDenyNewConnectionsRateTimeout": DefaultTCPDenyNewConnectionsRateTimeout, + "tcpNewConnectionsMinutelyRate": DefaultTCPNewConnectionsMinutelyRate, + "tcpNewConnectionsMinMinutelyRate": DefaultTCPNewConnectionsMinMinutelyRate, + "tcpNewConnectionsSecondlyRate": DefaultTCPNewConnectionsSecondlyRate, + "tcpNewConnectionsMinSecondlyRate": DefaultTCPNewConnectionsMinSecondlyRate, } diff --git a/pkg/serverconfigs/ddosconfigs/tcp_config.go b/pkg/serverconfigs/ddosconfigs/tcp_config.go index 48c9e7a..b026188 100644 --- a/pkg/serverconfigs/ddosconfigs/tcp_config.go +++ b/pkg/serverconfigs/ddosconfigs/tcp_config.go @@ -7,11 +7,14 @@ type TCPConfig struct { IsOn bool `json:"isOn"` MaxConnections int32 `json:"maxConnections"` MaxConnectionsPerIP int32 `json:"maxConnectionsPerIP"` - NewConnectionsRate int32 `json:"newConnectionsRate"` - // 自动加入黑名单连接速率 - DenyNewConnectionsRate int32 `json:"denyNewConnectionsRate"` - DenyNewConnectionsRateTimeout int32 `json:"denyNewConnectionsRateTimeout"` + // 分钟级速率 + NewConnectionsMinutelyRate int32 `json:"newConnectionsRate"` // 分钟 + NewConnectionsMinutelyRateBlockTimeout int32 `json:"newConnectionsRateBlockTimeout"` // 拦截时间 + + // 秒级速率 + NewConnectionsSecondlyRate int32 `json:"newConnectionsSecondlyRate"` + NewConnectionsSecondlyRateBlockTimeout int32 `json:"newConnectionsSecondlyRateBlockTimeout"` AllowIPList []*IPConfig `json:"allowIPList"` Ports []*PortConfig `json:"ports"`