NS节点也增加DDoS配置

2025-11-03 20:40:25 +08:00 · 2022-07-27 19:41:51 +08:00
parent f0080fbf6e
commit 224fce2527
3 changed files with 59 additions and 6 deletions
--- a/pkg/dnsconfigs/defaults.go
+++ b/pkg/dnsconfigs/defaults.go
@@ -0,0 +1,30 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package dnsconfigs
+
+import "github.com/iwind/TeaGo/maps"
+
+// 一组系统默认值
+// 修改单个IP相关限制值时要考虑到NAT中每个IP会代表很多个主机，并非1对1的关系
+
+const (
+	DefaultMaxThreads    = 20000   // 单节点最大线程数
+	DefaultMaxThreadsMin = 1000    // 单节点最大线程数最小值
+	DefaultMaxThreadsMax = 100_000 // 单节点最大线程数最大值
+
+	DefaultTCPMaxConnections        = 100_000 // 单节点TCP最大连接数
+	DefaultTCPMaxConnectionsPerIP   = 1000    // 单IP最大连接数
+	DefaultTCPMinConnectionsPerIP   = 5       // 单IP最小连接数
+	DefaultTCPNewConnectionsRate    = 500     // 单IP连接速率限制（按分钟）
+	DefaultTCPNewConnectionsMinRate = 5       // 单IP最小连接速率
+	DefaultTCPLinger                = 3       // 单节点TCP Linger值
+	DefaultTLSHandshakeTimeout      = 3       // TLS握手超时时间
+)
+
+var DefaultConfigs = maps.Map{
+	"tcpMaxConnections":        DefaultTCPMaxConnections,
+	"tcpMaxConnectionsPerIP":   DefaultTCPMaxConnectionsPerIP,
+	"tcpMinConnectionsPerIP":   DefaultTCPMinConnectionsPerIP,
+	"tcpNewConnectionsRate":    DefaultTCPNewConnectionsRate,
+	"tcpNewConnectionsMinRate": DefaultTCPNewConnectionsMinRate,
+}
--- a/pkg/dnsconfigs/ns_node_config.go
+++ b/pkg/dnsconfigs/ns_node_config.go
@@ -5,6 +5,7 @@ package dnsconfigs
 import (
 	"fmt"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
 )

 type NSNodeConfig struct {
@@ -14,6 +15,8 @@ type NSNodeConfig struct {
 	ClusterId       int64                         `yaml:"clusterId" json:"clusterId"`
 	AccessLogRef    *NSAccessLogRef               `yaml:"accessLogRef" json:"accessLogRef"`
 	RecursionConfig *RecursionConfig              `yaml:"recursionConfig" json:"recursionConfig"`
+	DDoSProtection  *ddosconfigs.ProtectionConfig `yaml:"ddosProtection" json:"ddosProtection"`
+	AllowedIPs      []string                      `yaml:"allowedIPs" json:"allowedIPs"`

 	TCP *serverconfigs.TCPProtocolConfig `yaml:"tcp" json:"tcp"` // TCP配置
 	TLS *serverconfigs.TLSProtocolConfig `yaml:"tls" json:"tls"` // TLS配置
@@ -33,6 +36,22 @@ func (this *NSNodeConfig) Init() error {
 		}
 	}

+	// 递归DNS
+	if this.RecursionConfig != nil {
+		err := this.RecursionConfig.Init()
+		if err != nil {
+			return err
+		}
+	}
+
+	// DDoS
+	if this.DDoSProtection != nil {
+		err := this.DDoSProtection.Init()
+		if err != nil {
+			return err
+		}
+	}
+
 	// tcp
 	if this.TCP != nil {
 		err := this.TCP.Init()
--- a/pkg/dnsconfigs/recursion_config.go
+++ b/pkg/dnsconfigs/recursion_config.go
@@ -16,3 +16,7 @@ type RecursionConfig struct {
 	AllowDomains  []string   `json:"allowDomains"`
 	DenyDomains   []string   `json:"denyDomains"`
 }
+
+func (this *RecursionConfig) Init() error {
+	return nil
+}