bfe_conf

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BalancerProxy = "PROXY" // layer4 balancer working in PROXY mode (eg. F5, Ctrix, ELB etc)
	BalancerNone  = "NONE"  // layer4 balancer not used
)
View Source 
const (
	EquivCipherSep = "|" // separator for equivalent ciphers string
)
View Source 
const (
	// LibrarySuffix defines BFE plugin's file suffix.
	LibrarySuffix = ".so"
)

Variables

View Source 
var CipherSuitesMap = map[string]uint16{
	"TLS_RSA_WITH_RC4_128_SHA":                      bfe_tls.TLS_RSA_WITH_RC4_128_SHA,
	"TLS_RSA_WITH_3DES_EDE_CBC_SHA":                 bfe_tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
	"TLS_RSA_WITH_AES_128_CBC_SHA":                  bfe_tls.TLS_RSA_WITH_AES_128_CBC_SHA,
	"TLS_RSA_WITH_AES_256_CBC_SHA":                  bfe_tls.TLS_RSA_WITH_AES_256_CBC_SHA,
	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA":              bfe_tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA":          bfe_tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA":          bfe_tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
	"TLS_ECDHE_RSA_WITH_RC4_128_SHA":                bfe_tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA":           bfe_tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":            bfe_tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":            bfe_tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":         bfe_tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256":       bfe_tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256":   bfe_tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": bfe_tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
}
View Source 
var CurvesMap = map[string]bfe_tls.CurveID{
	"CurveP256": bfe_tls.CurveP256,
	"CurveP384": bfe_tls.CurveP384,
	"CurveP521": bfe_tls.CurveP521,
}
View Source 
var TlsVersionMap = map[string]uint16{
	"VersionSSL30": bfe_tls.VersionSSL30,
	"VersionTLS10": bfe_tls.VersionTLS10,
	"VersionTLS11": bfe_tls.VersionTLS11,
	"VersionTLS12": bfe_tls.VersionTLS12,
}

Functions

func ConfBasicCheck 

func ConfBasicCheck(cfg *ConfigBasic, confRoot string) error

func ConfSessionCacheCheck 

func ConfSessionCacheCheck(cfg *ConfigSessionCache, confRoot string) error

func ConfSessionTicketCheck 

func ConfSessionTicketCheck(cfg *ConfigSessionTicket, confRoot string) error

func GetCipherSuites 

func GetCipherSuites(cipherConf []string) ([]uint16, []uint16, error)

func GetCurvePreferences 

func GetCurvePreferences(curveConf []string) ([]bfe_tls.CurveID, error)

func GetTlsVersion 

func GetTlsVersion(cfg *ConfigHttpsBasic) (maxVer, minVer uint16)

func LoadClientCAFile 

func LoadClientCAFile(path string) (*x509.CertPool, error)

LoadClientCAFile loads client ca certificate in PEM format

func SetDefaultConf 

func SetDefaultConf(conf *BfeConfig)

Types

type BfeConfig 

type BfeConfig struct {
	// basic server config
	Server ConfigBasic

	// basic https config
	HttpsBasic ConfigHttpsBasic

	// session cache config
	SessionCache ConfigSessionCache

	// session cache config
	SessionTicket ConfigSessionTicket
}

func BfeConfigLoad 

func BfeConfigLoad(filePath string, confRoot string) (BfeConfig, error)

BfeConfigLoad loads config from config file. NOTICE: some value will be modified when not set or out of range!!

type ConfigBasic 

type ConfigBasic struct {
	HttpPort       int  // listen port for http
	HttpsPort      int  // listen port for https
	MonitorPort    int  // web server port for monitor
	MaxCpus        int  // number of max cpus to use
	AcceptNum      int  // number of accept goroutine for each listener, default 1
	MonitorEnabled bool // web server for monitor enable or not

	// settings of layer-4 load balancer
	Layer4LoadBalancer string

	// settings of communicate with http client
	TlsHandshakeTimeout     int  // tls handshake timeout, in seconds
	ClientReadTimeout       int  // read timeout, in seconds
	ClientWriteTimeout      int  // read timeout, in seconds
	GracefulShutdownTimeout int  // graceful shutdown timeout, in seconds
	MaxHeaderBytes          int  // max header length in bytes in request
	MaxHeaderUriBytes       int  // max URI(in header) length in bytes in request
	MaxProxyHeaderBytes     int  // max header length in bytes in Proxy protocol
	KeepAliveEnabled        bool // if false, client connection is shutdown disregard of http headers

	Modules []string // modules to load
	Plugins []string // plugins to load

	// location of data files for bfe_route
	HostRuleConf  string // path of host_rule.data
	VipRuleConf   string // path of vip_rule.data
	RouteRuleConf string // path of route_rule.data

	// location of other data files
	ClusterTableConf string // path of cluster_table.data
	GslbConf         string // path of gslb.data
	ClusterConf      string // path of cluster_conf.data
	NameConf         string // path of name_conf.data

	// interval
	MonitorInterval int // interval for getting diff of proxy-state

	DebugServHttp    bool // whether open server http debug log
	DebugBfeRoute    bool // whether open bferoute debug log
	DebugBal         bool // whether open bal debug log
	DebugHealthCheck bool // whether open health check debug log
}

func (*ConfigBasic) Check 

func (cfg *ConfigBasic) Check(confRoot string) error

func (*ConfigBasic) SetDefaultConf 

func (cfg *ConfigBasic) SetDefaultConf()

type ConfigHttpsBasic 

type ConfigHttpsBasic struct {
	ServerCertConf string // config for server cert and key
	TlsRuleConf    string // config for server tls rule

	CipherSuites     []string // supported cipher suites
	CurvePreferences []string // curve preference

	MaxTlsVersion string // max tls version supported
	MinTlsVersion string // min tls version supported

	EnableSslv2ClientHello bool // support sslv2 client hello for backward compatibility

	ClientCABaseDir  string // client root CAs base directory
	ClientCRLBaseDir string // client cert CRL base directory
}

func (*ConfigHttpsBasic) Check 

func (cfg *ConfigHttpsBasic) Check(confRoot string) error

func (*ConfigHttpsBasic) SetDefaultConf 

func (cfg *ConfigHttpsBasic) SetDefaultConf()

SetDefaultConf sets default value of ConfigHttpsBasic. Note: DO NOT initialize multi-value fields (eg. CipherSuites/CurvePreferences)

type ConfigSessionCache 

type ConfigSessionCache struct {
	// disable tls session cache or not
	SessionCacheDisabled bool

	// address for redis servers
	Servers string

	// prefix for cache key
	KeyPrefix string

	// config for connection (ms)
	ConnectTimeout int
	ReadTimeout    int
	WriteTimeout   int

	// max idle connections in pool
	MaxIdle int

	// expire time for tls session state (s)
	SessionExpire int
}

func (*ConfigSessionCache) Check 

func (cfg *ConfigSessionCache) Check(confRoot string) error

func (*ConfigSessionCache) SetDefaultConf 

func (cfg *ConfigSessionCache) SetDefaultConf()

type ConfigSessionTicket 

type ConfigSessionTicket struct {
	// disable session cache or not
	SessionTicketsDisabled bool

	// session ticket key (in hex format)
	SessionTicketKeyFile string
}

func (*ConfigSessionTicket) Check 

func (cfg *ConfigSessionTicket) Check(confRoot string) error

func (*ConfigSessionTicket) SetDefaultConf 

func (cfg *ConfigSessionTicket) SetDefaultConf()

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.