mirror of
https://github.com/TeaOSLab/EdgeCommon.git
synced 2025-11-04 13:10:24 +08:00
实现基础的DDoS防护
This commit is contained in:
GoEdgeLab
@@ -11,6 +11,7 @@ const (
|
|||||||
MessageCodeCleanCache MessageCode = "cleanCache" // 清理缓存
|
MessageCodeCleanCache MessageCode = "cleanCache" // 清理缓存
|
||||||
MessageCodePreheatCache MessageCode = "preheatCache" // 预热缓存
|
MessageCodePreheatCache MessageCode = "preheatCache" // 预热缓存
|
||||||
MessageCodeCheckSystemdService MessageCode = "checkSystemdService" // 检查Systemd服务
|
MessageCodeCheckSystemdService MessageCode = "checkSystemdService" // 检查Systemd服务
|
||||||
|
MessageCodeCheckLocalFirewall MessageCode = "checkLocalFirewall" // 检查本地防火墙
|
||||||
MessageCodeNewNodeTask MessageCode = "newNodeTask" // 有新的节点任务产生
|
MessageCodeNewNodeTask MessageCode = "newNodeTask" // 有新的节点任务产生
|
||||||
MessageCodeChangeAPINode MessageCode = "changeAPINode" // 改变新的API节点
|
MessageCodeChangeAPINode MessageCode = "changeAPINode" // 改变新的API节点
|
||||||
)
|
)
|
||||||
@@ -69,6 +70,11 @@ type PreheatCacheMessage struct {
|
|||||||
type CheckSystemdServiceMessage struct {
|
type CheckSystemdServiceMessage struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CheckLocalFirewallMessage 检查本地防火墙
|
||||||
|
type CheckLocalFirewallMessage struct {
|
||||||
|
Name string `json:"name"`
|
||||||
|
}
|
||||||
|
|
||||||
// NewNodeTaskMessage 有新的节点任务
|
// NewNodeTaskMessage 有新的节点任务
|
||||||
type NewNodeTaskMessage struct {
|
type NewNodeTaskMessage struct {
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,14 +2,29 @@
|
|||||||
|
|
||||||
package nodeconfigs
|
package nodeconfigs
|
||||||
|
|
||||||
|
import "github.com/iwind/TeaGo/maps"
|
||||||
|
|
||||||
// 一组系统默认值
|
// 一组系统默认值
|
||||||
|
// 修改单个IP相关限制值时要考虑到NAT中每个IP会代表很多个主机,并非1对1的关系
|
||||||
|
|
||||||
const (
|
const (
|
||||||
DefaultMaxThreads = 20000 // 单节点最大线程数
|
DefaultMaxThreads = 20000 // 单节点最大线程数
|
||||||
DefaultMaxThreadsMin = 1000 // 单节点最大线程数最小值
|
DefaultMaxThreadsMin = 1000 // 单节点最大线程数最小值
|
||||||
DefaultMaxThreadsMax = 100_000 // 单节点最大线程数最大值
|
DefaultMaxThreadsMax = 100_000 // 单节点最大线程数最大值
|
||||||
|
|
||||||
DefaultTCPMaxConnections = 100_000 // 单节点TCP最大连接数
|
DefaultTCPMaxConnections = 100_000 // 单节点TCP最大连接数
|
||||||
DefaultTCPLinger = 3 // 单节点TCP Linger值
|
DefaultTCPMaxConnectionsPerIP = 1000 // 单IP最大连接数
|
||||||
DefaultTLSHandshakeTimeout = 3 // TLS握手超时时间
|
DefaultTCPMinConnectionsPerIP = 5 // 单IP最小连接数
|
||||||
|
DefaultTCPNewConnectionsRate = 500 // 单IP连接速率限制(按分钟)
|
||||||
|
DefaultTCPNewConnectionsMinRate = 5 // 单IP最小连接速率
|
||||||
|
DefaultTCPLinger = 3 // 单节点TCP Linger值
|
||||||
|
DefaultTLSHandshakeTimeout = 3 // TLS握手超时时间
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var DefaultConfigs = maps.Map{
|
||||||
|
"tcpMaxConnections": DefaultTCPMaxConnections,
|
||||||
|
"tcpMaxConnectionsPerIP": DefaultTCPMaxConnectionsPerIP,
|
||||||
|
"tcpMinConnectionsPerIP": DefaultTCPMinConnectionsPerIP,
|
||||||
|
"tcpNewConnectionsRate": DefaultTCPNewConnectionsRate,
|
||||||
|
"tcpNewConnectionsMinRate": DefaultTCPNewConnectionsMinRate,
|
||||||
|
}
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
|
||||||
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ddosconfigs"
|
||||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
|
||||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
|
||||||
"github.com/iwind/TeaGo/Tea"
|
"github.com/iwind/TeaGo/Tea"
|
||||||
@@ -41,12 +42,12 @@ type NodeConfig struct {
|
|||||||
OCSPVersion int64 `yaml:"ocspVersion" json:"ocspVersion"`
|
OCSPVersion int64 `yaml:"ocspVersion" json:"ocspVersion"`
|
||||||
|
|
||||||
// 性能
|
// 性能
|
||||||
MaxCPU int32 `yaml:"maxCPU" json:"maxCPU"`
|
MaxCPU int32 `yaml:"maxCPU" json:"maxCPU"`
|
||||||
CacheDiskDir string `yaml:"cacheDiskDir" json:"cacheDiskDir"` // 文件缓存目录
|
CacheDiskDir string `yaml:"cacheDiskDir" json:"cacheDiskDir"` // 文件缓存目录
|
||||||
MaxCacheDiskCapacity *shared.SizeCapacity `yaml:"maxCacheDiskCapacity" json:"maxCacheDiskCapacity"` // 文件缓存容量
|
MaxCacheDiskCapacity *shared.SizeCapacity `yaml:"maxCacheDiskCapacity" json:"maxCacheDiskCapacity"` // 文件缓存容量
|
||||||
MaxCacheMemoryCapacity *shared.SizeCapacity `yaml:"maxCacheMemoryCapacity" json:"maxCacheMemoryCapacity"` // 内容缓存容量
|
MaxCacheMemoryCapacity *shared.SizeCapacity `yaml:"maxCacheMemoryCapacity" json:"maxCacheMemoryCapacity"` // 内容缓存容量
|
||||||
MaxThreads int `yaml:"maxThreads" json:"maxThreads"`
|
MaxThreads int `yaml:"maxThreads" json:"maxThreads"` // 最大线程数
|
||||||
TCPMaxConnections int `yaml:"tcpMaxConnections" json:"tcpMaxConnections"`
|
DDOSProtection *ddosconfigs.ProtectionConfig `yaml:"ddosProtection" json:"ddosProtection"`
|
||||||
|
|
||||||
// 级别
|
// 级别
|
||||||
Level int32 `yaml:"level" json:"level"`
|
Level int32 `yaml:"level" json:"level"`
|
||||||
|
|||||||
@@ -30,23 +30,22 @@ type NodeCluster struct {
|
|||||||
sizeCache protoimpl.SizeCache
|
sizeCache protoimpl.SizeCache
|
||||||
unknownFields protoimpl.UnknownFields
|
unknownFields protoimpl.UnknownFields
|
||||||
|
|
||||||
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
|
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||||
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
|
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
|
||||||
CreatedAt int64 `protobuf:"varint,3,opt,name=createdAt,proto3" json:"createdAt,omitempty"`
|
CreatedAt int64 `protobuf:"varint,3,opt,name=createdAt,proto3" json:"createdAt,omitempty"`
|
||||||
NodeGrantId int64 `protobuf:"varint,4,opt,name=nodeGrantId,proto3" json:"nodeGrantId,omitempty"`
|
NodeGrantId int64 `protobuf:"varint,4,opt,name=nodeGrantId,proto3" json:"nodeGrantId,omitempty"`
|
||||||
InstallDir string `protobuf:"bytes,5,opt,name=installDir,proto3" json:"installDir,omitempty"`
|
InstallDir string `protobuf:"bytes,5,opt,name=installDir,proto3" json:"installDir,omitempty"`
|
||||||
UniqueId string `protobuf:"bytes,6,opt,name=uniqueId,proto3" json:"uniqueId,omitempty"`
|
UniqueId string `protobuf:"bytes,6,opt,name=uniqueId,proto3" json:"uniqueId,omitempty"`
|
||||||
Secret string `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"`
|
Secret string `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"`
|
||||||
DnsName string `protobuf:"bytes,8,opt,name=dnsName,proto3" json:"dnsName,omitempty"`
|
DnsName string `protobuf:"bytes,8,opt,name=dnsName,proto3" json:"dnsName,omitempty"`
|
||||||
DnsDomainId int64 `protobuf:"varint,9,opt,name=dnsDomainId,proto3" json:"dnsDomainId,omitempty"`
|
DnsDomainId int64 `protobuf:"varint,9,opt,name=dnsDomainId,proto3" json:"dnsDomainId,omitempty"`
|
||||||
HttpCachePolicyId int64 `protobuf:"varint,10,opt,name=httpCachePolicyId,proto3" json:"httpCachePolicyId,omitempty"`
|
HttpCachePolicyId int64 `protobuf:"varint,10,opt,name=httpCachePolicyId,proto3" json:"httpCachePolicyId,omitempty"`
|
||||||
HttpFirewallPolicyId int64 `protobuf:"varint,11,opt,name=httpFirewallPolicyId,proto3" json:"httpFirewallPolicyId,omitempty"`
|
HttpFirewallPolicyId int64 `protobuf:"varint,11,opt,name=httpFirewallPolicyId,proto3" json:"httpFirewallPolicyId,omitempty"`
|
||||||
IsOn bool `protobuf:"varint,12,opt,name=isOn,proto3" json:"isOn,omitempty"`
|
IsOn bool `protobuf:"varint,12,opt,name=isOn,proto3" json:"isOn,omitempty"`
|
||||||
TimeZone string `protobuf:"bytes,13,opt,name=timeZone,proto3" json:"timeZone,omitempty"`
|
TimeZone string `protobuf:"bytes,13,opt,name=timeZone,proto3" json:"timeZone,omitempty"`
|
||||||
NodeMaxThreads int32 `protobuf:"varint,14,opt,name=nodeMaxThreads,proto3" json:"nodeMaxThreads,omitempty"`
|
NodeMaxThreads int32 `protobuf:"varint,14,opt,name=nodeMaxThreads,proto3" json:"nodeMaxThreads,omitempty"`
|
||||||
NodeTCPMaxConnections int32 `protobuf:"varint,15,opt,name=nodeTCPMaxConnections,proto3" json:"nodeTCPMaxConnections,omitempty"`
|
AutoOpenPorts bool `protobuf:"varint,16,opt,name=autoOpenPorts,proto3" json:"autoOpenPorts,omitempty"`
|
||||||
AutoOpenPorts bool `protobuf:"varint,16,opt,name=autoOpenPorts,proto3" json:"autoOpenPorts,omitempty"`
|
IsPinned bool `protobuf:"varint,17,opt,name=isPinned,proto3" json:"isPinned,omitempty"`
|
||||||
IsPinned bool `protobuf:"varint,17,opt,name=isPinned,proto3" json:"isPinned,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *NodeCluster) Reset() {
|
func (x *NodeCluster) Reset() {
|
||||||
@@ -179,13 +178,6 @@ func (x *NodeCluster) GetNodeMaxThreads() int32 {
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *NodeCluster) GetNodeTCPMaxConnections() int32 {
|
|
||||||
if x != nil {
|
|
||||||
return x.NodeTCPMaxConnections
|
|
||||||
}
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *NodeCluster) GetAutoOpenPorts() bool {
|
func (x *NodeCluster) GetAutoOpenPorts() bool {
|
||||||
if x != nil {
|
if x != nil {
|
||||||
return x.AutoOpenPorts
|
return x.AutoOpenPorts
|
||||||
@@ -205,7 +197,7 @@ var File_models_model_node_cluster_proto protoreflect.FileDescriptor
|
|||||||
var file_models_model_node_cluster_proto_rawDesc = []byte{
|
var file_models_model_node_cluster_proto_rawDesc = []byte{
|
||||||
0x0a, 0x1f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x6e,
|
0x0a, 0x1f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x6e,
|
||||||
0x6f, 0x64, 0x65, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74,
|
0x6f, 0x64, 0x65, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74,
|
||||||
0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xb3, 0x04, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x43, 0x6c,
|
0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xfd, 0x03, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x43, 0x6c,
|
||||||
0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
|
0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||||
0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
|
0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
|
||||||
0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x72, 0x65,
|
0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x72, 0x65,
|
||||||
@@ -233,15 +225,12 @@ var file_models_model_node_cluster_proto_rawDesc = []byte{
|
|||||||
0x09, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x5a, 0x6f, 0x6e, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x6e,
|
0x09, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x5a, 0x6f, 0x6e, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x6e,
|
||||||
0x6f, 0x64, 0x65, 0x4d, 0x61, 0x78, 0x54, 0x68, 0x72, 0x65, 0x61, 0x64, 0x73, 0x18, 0x0e, 0x20,
|
0x6f, 0x64, 0x65, 0x4d, 0x61, 0x78, 0x54, 0x68, 0x72, 0x65, 0x61, 0x64, 0x73, 0x18, 0x0e, 0x20,
|
||||||
0x01, 0x28, 0x05, 0x52, 0x0e, 0x6e, 0x6f, 0x64, 0x65, 0x4d, 0x61, 0x78, 0x54, 0x68, 0x72, 0x65,
|
0x01, 0x28, 0x05, 0x52, 0x0e, 0x6e, 0x6f, 0x64, 0x65, 0x4d, 0x61, 0x78, 0x54, 0x68, 0x72, 0x65,
|
||||||
0x61, 0x64, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x6e, 0x6f, 0x64, 0x65, 0x54, 0x43, 0x50, 0x4d, 0x61,
|
0x61, 0x64, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x61, 0x75, 0x74, 0x6f, 0x4f, 0x70, 0x65, 0x6e, 0x50,
|
||||||
0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0f, 0x20, 0x01,
|
0x6f, 0x72, 0x74, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x61, 0x75, 0x74, 0x6f,
|
||||||
0x28, 0x05, 0x52, 0x15, 0x6e, 0x6f, 0x64, 0x65, 0x54, 0x43, 0x50, 0x4d, 0x61, 0x78, 0x43, 0x6f,
|
0x4f, 0x70, 0x65, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x50,
|
||||||
0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x61, 0x75, 0x74,
|
0x69, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x50,
|
||||||
0x6f, 0x4f, 0x70, 0x65, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08,
|
0x69, 0x6e, 0x6e, 0x65, 0x64, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70,
|
||||||
0x52, 0x0d, 0x61, 0x75, 0x74, 0x6f, 0x4f, 0x70, 0x65, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x12,
|
0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||||
0x1a, 0x0a, 0x08, 0x69, 0x73, 0x50, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28,
|
|
||||||
0x08, 0x52, 0x08, 0x69, 0x73, 0x50, 0x69, 0x6e, 0x6e, 0x65, 0x64, 0x42, 0x06, 0x5a, 0x04, 0x2e,
|
|
||||||
0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|||||||
@@ -332,9 +332,9 @@ type DeleteIPItemRequest struct {
|
|||||||
unknownFields protoimpl.UnknownFields
|
unknownFields protoimpl.UnknownFields
|
||||||
|
|
||||||
IpItemId int64 `protobuf:"varint,1,opt,name=ipItemId,proto3" json:"ipItemId,omitempty"` // IP条目的ID
|
IpItemId int64 `protobuf:"varint,1,opt,name=ipItemId,proto3" json:"ipItemId,omitempty"` // IP条目的ID
|
||||||
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"` // 开始IP,和ipItemId二选一
|
IpFrom string `protobuf:"bytes,2,opt,name=ipFrom,proto3" json:"ipFrom,omitempty"` // v0.4.8新增,开始IP,和ipItemId二选一
|
||||||
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"` // 结束IP,和ipItemId二选一
|
IpTo string `protobuf:"bytes,3,opt,name=ipTo,proto3" json:"ipTo,omitempty"` // v0.4.8新增,结束IP,和ipItemId二选一
|
||||||
IpListId int64 `protobuf:"varint,4,opt,name=ipListId,proto3" json:"ipListId,omitempty"` // IP列表,IP所在的IP列表,如果不指定,则会删除所有IP列表中的相关IP信息
|
IpListId int64 `protobuf:"varint,4,opt,name=ipListId,proto3" json:"ipListId,omitempty"` // v0.4.8新增,IP列表,IP所在的IP列表,如果不指定,则会删除所有IP列表中的相关IP信息
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *DeleteIPItemRequest) Reset() {
|
func (x *DeleteIPItemRequest) Reset() {
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -18,7 +18,6 @@ message NodeCluster {
|
|||||||
bool isOn = 12;
|
bool isOn = 12;
|
||||||
string timeZone = 13;
|
string timeZone = 13;
|
||||||
int32 nodeMaxThreads = 14;
|
int32 nodeMaxThreads = 14;
|
||||||
int32 nodeTCPMaxConnections = 15;
|
|
||||||
bool autoOpenPorts = 16;
|
bool autoOpenPorts = 16;
|
||||||
bool isPinned = 17;
|
bool isPinned = 17;
|
||||||
}
|
}
|
||||||
@@ -139,6 +139,15 @@ service NodeService {
|
|||||||
|
|
||||||
// 修改DNS Resolver
|
// 修改DNS Resolver
|
||||||
rpc updateNodeDNSResolver(UpdateNodeDNSResolverRequest) returns (RPCSuccess);
|
rpc updateNodeDNSResolver(UpdateNodeDNSResolverRequest) returns (RPCSuccess);
|
||||||
|
|
||||||
|
// 获取节点的DDoS设置
|
||||||
|
rpc findNodeDDoSProtection(FindNodeDDoSProtectionRequest) returns (FindNodeDDoSProtectionResponse);
|
||||||
|
|
||||||
|
// 修改节点的DDoS设置
|
||||||
|
rpc updateNodeDDoSProtection(UpdateNodeDDoSProtectionRequest) returns (RPCSuccess);
|
||||||
|
|
||||||
|
// 取得节点的配置概要信息
|
||||||
|
rpc findEnabledNodeConfigInfo (FindEnabledNodeConfigInfoRequest) returns (FindEnabledNodeConfigInfoResponse);
|
||||||
}
|
}
|
||||||
|
|
||||||
// 创建节点
|
// 创建节点
|
||||||
@@ -263,6 +272,7 @@ message FindCurrentNodeConfigResponse {
|
|||||||
bool isChanged = 2;
|
bool isChanged = 2;
|
||||||
bool isCompressed = 3;
|
bool isCompressed = 3;
|
||||||
int64 dataSize = 4;
|
int64 dataSize = 4;
|
||||||
|
int64 timestamp = 5;
|
||||||
}
|
}
|
||||||
|
|
||||||
// 节点stream
|
// 节点stream
|
||||||
@@ -533,3 +543,32 @@ message UpdateNodeDNSResolverRequest {
|
|||||||
int64 nodeId = 1;
|
int64 nodeId = 1;
|
||||||
bytes dnsResolverJSON = 2;
|
bytes dnsResolverJSON = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 获取节点的DDoS设置
|
||||||
|
message FindNodeDDoSProtectionRequest {
|
||||||
|
int64 nodeId = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
message FindNodeDDoSProtectionResponse {
|
||||||
|
bytes ddosProtectionJSON = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 修改节点的DDOS设置
|
||||||
|
message UpdateNodeDDoSProtectionRequest {
|
||||||
|
int64 nodeId = 1;
|
||||||
|
bytes ddosProtectionJSON = 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 取得节点的配置概要信息
|
||||||
|
message FindEnabledNodeConfigInfoRequest {
|
||||||
|
int64 nodeId = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
message FindEnabledNodeConfigInfoResponse {
|
||||||
|
bool hasDNSInfo = 1;
|
||||||
|
bool hasCacheInfo = 2;
|
||||||
|
bool hasThresholds = 3;
|
||||||
|
bool hasSSH = 4;
|
||||||
|
bool hasSystemSettings = 5;
|
||||||
|
bool hasDDoSProtection = 6;
|
||||||
|
}
|
||||||
|
|||||||
@@ -121,6 +121,12 @@ service NodeClusterService {
|
|||||||
|
|
||||||
// 设置集群WebP策略
|
// 设置集群WebP策略
|
||||||
rpc updateNodeClusterWebPPolicy(UpdateNodeClusterWebPPolicyRequest) returns (RPCSuccess);
|
rpc updateNodeClusterWebPPolicy(UpdateNodeClusterWebPPolicyRequest) returns (RPCSuccess);
|
||||||
|
|
||||||
|
// 获取集群的DDoS设置
|
||||||
|
rpc findNodeClusterDDoSProtection(FindNodeClusterDDoSProtectionRequest) returns (FindNodeClusterDDoSProtectionResponse);
|
||||||
|
|
||||||
|
// 修改集群的DDoS设置
|
||||||
|
rpc updateNodeClusterDDoSProtection(UpdateNodeClusterDDoSProtectionRequest) returns (RPCSuccess);
|
||||||
}
|
}
|
||||||
|
|
||||||
// 获取所有集群的信息
|
// 获取所有集群的信息
|
||||||
@@ -156,7 +162,7 @@ message UpdateNodeClusterRequest {
|
|||||||
string installDir = 4;
|
string installDir = 4;
|
||||||
string timeZone = 5;
|
string timeZone = 5;
|
||||||
int32 nodeMaxThreads = 6;
|
int32 nodeMaxThreads = 6;
|
||||||
int32 nodeTCPMaxConnections = 7;
|
|
||||||
bool autoOpenPorts = 8;
|
bool autoOpenPorts = 8;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -429,6 +435,7 @@ message FindEnabledNodeClusterConfigInfoResponse {
|
|||||||
bool hasMetricItems = 6;
|
bool hasMetricItems = 6;
|
||||||
bool webpIsOn = 7;
|
bool webpIsOn = 7;
|
||||||
bool hasSystemServices = 8;
|
bool hasSystemServices = 8;
|
||||||
|
bool hasDDoSProtection = 9;
|
||||||
}
|
}
|
||||||
|
|
||||||
// 设置集群是否置顶
|
// 设置集群是否置顶
|
||||||
@@ -451,3 +458,18 @@ message UpdateNodeClusterWebPPolicyRequest {
|
|||||||
int64 nodeClusterId = 1;
|
int64 nodeClusterId = 1;
|
||||||
bytes webpPolicyJSON = 2;
|
bytes webpPolicyJSON = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 获取集群的DDoS设置
|
||||||
|
message FindNodeClusterDDoSProtectionRequest {
|
||||||
|
int64 nodeClusterId = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
message FindNodeClusterDDoSProtectionResponse {
|
||||||
|
bytes ddosProtectionJSON = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 修改集群的DDOS设置
|
||||||
|
message UpdateNodeClusterDDoSProtectionRequest {
|
||||||
|
int64 nodeClusterId = 1;
|
||||||
|
bytes ddosProtectionJSON = 2;
|
||||||
|
}
|
||||||
8
pkg/serverconfigs/ddosconfigs/ip_config.go
Normal file
8
pkg/serverconfigs/ddosconfigs/ip_config.go
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||||
|
|
||||||
|
package ddosconfigs
|
||||||
|
|
||||||
|
type IPConfig struct {
|
||||||
|
IP string `json:"ip"`
|
||||||
|
Description string `json:"description"`
|
||||||
|
}
|
||||||
8
pkg/serverconfigs/ddosconfigs/port_config.go
Normal file
8
pkg/serverconfigs/ddosconfigs/port_config.go
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||||
|
|
||||||
|
package ddosconfigs
|
||||||
|
|
||||||
|
type PortConfig struct {
|
||||||
|
Port int32 `json:"port"`
|
||||||
|
Description string `json:"description"`
|
||||||
|
}
|
||||||
51
pkg/serverconfigs/ddosconfigs/protection_config.go
Normal file
51
pkg/serverconfigs/ddosconfigs/protection_config.go
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||||
|
|
||||||
|
package ddosconfigs
|
||||||
|
|
||||||
|
func DefaultProtectionConfig() *ProtectionConfig {
|
||||||
|
return &ProtectionConfig{}
|
||||||
|
}
|
||||||
|
|
||||||
|
type ProtectionConfig struct {
|
||||||
|
TCP *TCPConfig `yaml:"tcp" json:"tcp"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *ProtectionConfig) Init() error {
|
||||||
|
// tcp
|
||||||
|
if this.TCP != nil {
|
||||||
|
err := this.TCP.Init()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *ProtectionConfig) IsPriorEmpty() bool {
|
||||||
|
if this.TCP != nil && this.TCP.IsPrior {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *ProtectionConfig) IsOn() bool {
|
||||||
|
// tcp
|
||||||
|
if this.TCP != nil && this.TCP.IsOn {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *ProtectionConfig) Merge(childConfig *ProtectionConfig) {
|
||||||
|
if childConfig == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// tcp
|
||||||
|
if childConfig.TCP != nil && childConfig.TCP.IsPrior {
|
||||||
|
this.TCP = childConfig.TCP
|
||||||
|
}
|
||||||
|
}
|
||||||
17
pkg/serverconfigs/ddosconfigs/tcp_config.go
Normal file
17
pkg/serverconfigs/ddosconfigs/tcp_config.go
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
|
||||||
|
|
||||||
|
package ddosconfigs
|
||||||
|
|
||||||
|
type TCPConfig struct {
|
||||||
|
IsPrior bool `json:"isPrior"`
|
||||||
|
IsOn bool `json:"isOn"`
|
||||||
|
MaxConnections int32 `json:"maxConnections"`
|
||||||
|
MaxConnectionsPerIP int32 `json:"maxConnectionsPerIP"`
|
||||||
|
NewConnectionsRate int32 `json:"newConnectionsRate"`
|
||||||
|
AllowIPList []*IPConfig `json:"allowIPList"`
|
||||||
|
Ports []*PortConfig `json:"ports"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *TCPConfig) Init() error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -28,6 +28,12 @@ func NewSizeCapacity(count int64, unit SizeCapacityUnit) *SizeCapacity {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func DecodeSizeCapacityJSON(sizeCapacityJSON []byte) (*SizeCapacity, error) {
|
||||||
|
var capacity = &SizeCapacity{}
|
||||||
|
err := json.Unmarshal(sizeCapacityJSON, capacity)
|
||||||
|
return capacity, err
|
||||||
|
}
|
||||||
|
|
||||||
func (this *SizeCapacity) Bytes() int64 {
|
func (this *SizeCapacity) Bytes() int64 {
|
||||||
if this.Count < 0 {
|
if this.Count < 0 {
|
||||||
return -1
|
return -1
|
||||||
|
|||||||
Reference in New Issue
Block a user