diff --git a/pkg/dnsconfigs/defaults.go b/pkg/dnsconfigs/defaults.go new file mode 100644 index 0000000..bc9b9c1 --- /dev/null +++ b/pkg/dnsconfigs/defaults.go @@ -0,0 +1,30 @@ +// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved. + +package dnsconfigs + +import "github.com/iwind/TeaGo/maps" + +// 一组系统默认值 +// 修改单个IP相关限制值时要考虑到NAT中每个IP会代表很多个主机,并非1对1的关系 + +const ( + DefaultMaxThreads = 20000 // 单节点最大线程数 + DefaultMaxThreadsMin = 1000 // 单节点最大线程数最小值 + DefaultMaxThreadsMax = 100_000 // 单节点最大线程数最大值 + + DefaultTCPMaxConnections = 100_000 // 单节点TCP最大连接数 + DefaultTCPMaxConnectionsPerIP = 1000 // 单IP最大连接数 + DefaultTCPMinConnectionsPerIP = 5 // 单IP最小连接数 + DefaultTCPNewConnectionsRate = 500 // 单IP连接速率限制(按分钟) + DefaultTCPNewConnectionsMinRate = 5 // 单IP最小连接速率 + DefaultTCPLinger = 3 // 单节点TCP Linger值 + DefaultTLSHandshakeTimeout = 3 // TLS握手超时时间 +) + +var DefaultConfigs = maps.Map{ + "tcpMaxConnections": DefaultTCPMaxConnections, + "tcpMaxConnectionsPerIP": DefaultTCPMaxConnectionsPerIP, + "tcpMinConnectionsPerIP": DefaultTCPMinConnectionsPerIP, + "tcpNewConnectionsRate": DefaultTCPNewConnectionsRate, + "tcpNewConnectionsMinRate": DefaultTCPNewConnectionsMinRate, +} diff --git a/pkg/dnsconfigs/ns_node_config.go b/pkg/dnsconfigs/ns_node_config.go index 38789e7..8ef68c4 100644 --- a/pkg/dnsconfigs/ns_node_config.go +++ b/pkg/dnsconfigs/ns_node_config.go @@ -5,15 +5,18 @@ package dnsconfigs import ( "fmt" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs" + "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs" ) type NSNodeConfig struct { - Id int64 `yaml:"id" json:"id"` - NodeId string `yaml:"nodeId" json:"nodeId"` - Secret string `yaml:"secret" json:"secret"` - ClusterId int64 `yaml:"clusterId" json:"clusterId"` - AccessLogRef *NSAccessLogRef `yaml:"accessLogRef" json:"accessLogRef"` - RecursionConfig *RecursionConfig `yaml:"recursionConfig" json:"recursionConfig"` + Id int64 `yaml:"id" json:"id"` + NodeId string `yaml:"nodeId" json:"nodeId"` + Secret string `yaml:"secret" json:"secret"` + ClusterId int64 `yaml:"clusterId" json:"clusterId"` + AccessLogRef *NSAccessLogRef `yaml:"accessLogRef" json:"accessLogRef"` + RecursionConfig *RecursionConfig `yaml:"recursionConfig" json:"recursionConfig"` + DDoSProtection *ddosconfigs.ProtectionConfig `yaml:"ddosProtection" json:"ddosProtection"` + AllowedIPs []string `yaml:"allowedIPs" json:"allowedIPs"` TCP *serverconfigs.TCPProtocolConfig `yaml:"tcp" json:"tcp"` // TCP配置 TLS *serverconfigs.TLSProtocolConfig `yaml:"tls" json:"tls"` // TLS配置 @@ -33,6 +36,22 @@ func (this *NSNodeConfig) Init() error { } } + // 递归DNS + if this.RecursionConfig != nil { + err := this.RecursionConfig.Init() + if err != nil { + return err + } + } + + // DDoS + if this.DDoSProtection != nil { + err := this.DDoSProtection.Init() + if err != nil { + return err + } + } + // tcp if this.TCP != nil { err := this.TCP.Init() diff --git a/pkg/dnsconfigs/recursion_config.go b/pkg/dnsconfigs/recursion_config.go index 9bd6d48..1c16154 100644 --- a/pkg/dnsconfigs/recursion_config.go +++ b/pkg/dnsconfigs/recursion_config.go @@ -16,3 +16,7 @@ type RecursionConfig struct { AllowDomains []string `json:"allowDomains"` DenyDomains []string `json:"denyDomains"` } + +func (this *RecursionConfig) Init() error { + return nil +}