diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b5713af8..2acbdf6f9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: # Must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head of the pull request. @@ -50,7 +50,13 @@ jobs: # Check license header - name: Check License Header - uses: apache/skywalking-eyes@main + uses: apache/skywalking-eyes/header@v0.4.0 + + # Setup golang sdk + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: 1.17 # Build - name: Build diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml new file mode 100644 index 000000000..1e45b1b03 --- /dev/null +++ b/.github/workflows/code-lint.yml @@ -0,0 +1,34 @@ +# Copyright 2022 The BFE Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +name: Code Lint + +on: + pull_request: + branches: [ develop ] + paths-ignore: + - 'docs/**' + - '**/*.md' + +jobs: + lint: + name: Code lint + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@v3 + - uses: dominikh/staticcheck-action@v1.0.0 + with: + version: "2021.1.1" + - run: "go vet ./..." diff --git a/.github/workflows/docs-lint.yml b/.github/workflows/docs-lint.yml new file mode 100644 index 000000000..26c9cf540 --- /dev/null +++ b/.github/workflows/docs-lint.yml @@ -0,0 +1,35 @@ +# Copyright 2022 The BFE Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +name: Docs Lint + +on: + pull_request: + branches: [ develop ] + paths: + - '**/*.md' + +jobs: + markdownlint: + name: Markdown + runs-on: ubuntu-latest + timeout-minutes: 1 + steps: + - uses: actions/checkout@v3 + - name: Use Node.js + uses: actions/setup-node@v2.5.1 + with: + node-version: '12.x' + - run: npm install -g markdownlint-cli@0.25.0 + - run: markdownlint --ignore ./**/testdata/**/*.md '**/*.md' diff --git a/.gitignore b/.gitignore index 5415d97da..0482ed5f9 100644 --- a/.gitignore +++ b/.gitignore @@ -20,6 +20,7 @@ output .*.swo /**/y.output /**/*.log +/**/*.log.* profile.out coverage.txt .idea/* diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 000000000..ff38591a3 --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1,32 @@ +# Copyright 2022 The BFE Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# rules from https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md +MD001: false +MD004: false +MD005: false +MD006: false +MD007: false +MD010: false +MD013: false +MD014: false +MD024: false +MD026: false +MD029: false +MD033: false +MD034: false +MD036: false +MD040: false +MD041: false +MD046: false diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 126b4b2c7..0305e05a6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,9 +14,20 @@ # repos: - repo: git://github.com/dnephin/pre-commit-golang - rev: v0.4.0 + rev: v0.5.0 hooks: - id: go-fmt - id: go-vet - id: go-unit-tests - id: go-build + +- repo: git://github.com/Bahjat/pre-commit-golang + rev: c3086eea8af86847dbdff2e46b85a5fe3c9d9656 + hooks: + - id: go-static-check + +- repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.31.1 + hooks: + - id: markdownlint + - id: markdownlint-fix \ No newline at end of file diff --git a/.travis.yml b/.travis.yml index 540a88ac5..a77dbb4e4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,7 +15,7 @@ language: go go: - - 1.13.x + - 1.17.x script: - echo "start to build and test bfe" diff --git a/CHANGELOG.md b/CHANGELOG.md index 53e81323c..4b29e7f9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,29 +10,56 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [v1.6.0] - 2022-10-21 + +### Added + +- Allow user to disable monitor port ([Issue #936](https://github.com/bfenetworks/bfe/issues/936)) +- Support HTTP2 fingerprint ([Issue #1071](https://github.com/bfenetworks/bfe/issues/1071)) +- Documents optimization + +### Changed + +- Optimize idle connection handling ([Pull #1044](https://github.com/bfenetworks/bfe/pull/1044)) +- Performance optimize in smooth least connection balancing algorithm([Pull #1062](https://github.com/bfenetworks/bfe/pull/1062)) +- Miscellaneous golang dependency updates +- Miscellaneous improvements in makefile and other CI tools + +### Fixed + +- mod_trust_clientip: fix incorrect private IP address range ([Issue #856](https://github.com/bfenetworks/bfe/issues/856)) +- arm build error in golang 1.18 + + ## [v1.5.0] - 2022-01-11 ### Added + - Add mod_tcp_keepalive to support custom TCP KeepAlive configuration - Documents optimization ### Changed + - Change JSON parser: use json-iterator to replace encoding/json - Optimize error handling in io.Write ### Fixed + - Fix issue in go.mod which may cause build error (Issue #933) ### Security + - Fix http security issue (Issue #940) - Fix http security issue (Issue #941) ## [v1.4.0] - 2021-12-10 ### Added + - Documents optimization ### Changed + - Upgrade golang version from 1.13 to 1.17 - mod_markdown: upgrade bluemonday version to 1.0.16 - Optimize mutex @@ -41,17 +68,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [v1.3.0] - 2021-09-16 ### Added + - Support basic route rules that are similar to k8s ingress rules - Documents optimization ### Changed -- Ignore GREASE values for JA3 fingerprint +- Ignore GREASE values for JA3 fingerprint ## [v1.2.0] - 2021-06-21 ### Added -- Set GOMAXPROCS according to real CPU quota if running on container + +- Set GOMAXPROCS according to real CPU quota if running on container - Support condition primitive bfe_time_range/bfe_periodic_time_range - Support URI hash strategy - mod_block: support global request rules and ALLOW action @@ -59,12 +88,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - mod_access: support log to single file and stdout ### Changed -- Change primitive params of req_context_value_in +- Change primitive params of req_context_value_in ## [v1.1.0] - 2021-04-08 ### Added + - Support JA3 fingerprint for SSL/TLS client - Support Slow‑Start to allow a backend instance gradually recover its weight - Add maxConnPerHost to limit the number of connections to a backend @@ -75,44 +105,48 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Documents optimization ### Changed + - Change outlierDetectionLevel to OutlierDetectionHttpCode ### Fixed + - Fix panic when write internal response timeout - Fix unit test in bfe_spdy/frame_test.go under go 1.16 ### Security -- Fix config loading for multi-value option +- Fix config loading for multi-value option ## [v1.0.0] - 2021-01-15 ### Added + - Add condition primitive: req_path_contain/req_path_element_prefix_in/req_context_value_in - Add outlier detection options - Add mod_waf with rule to detect exploitation of "Shellshock" GNU Bash RCE vulnerability. ### Fixed + - Fix build issue under go1.15 environment - Fix processing X-Forwarded-For header value - Fix write timeout of internal response generated by bfe - ## [v0.12.0] - 2020-09-03 ### Added + - Support gRPC over HTTP/2 - Support communication with FastCGI server - Reduce objects number by release some objects that are not used as soon as possible -- Replace ffjson with json-iterator +- Replace ffjson with json-iterator - net/textproto: turn an ancient DoS BUG annotation into a comment - Optimize processing of new connections under PROXY mode - Support integration testing in CI - ## [v0.11.0] - 2020-07-24 ### Added + - Add mod_cors to enable cross-origin resource sharing - Add mod_secure_link to check authenticity and limit lifetime of links - Support PROXY protocol for TCP connections to backend @@ -123,22 +157,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add arm64 support for goreleaser ### Changed + - Create listeners in the final initialization step - Change package name to 'github.com/bfenetworks/bfe' ### Removed + - Drops words like blacklist from programming to make vocabulary more inclusive - Remove legacy signature of response ### Fixed + - Fix getTransport() and modify transports map with write lock ### Security -- Fix textproto: not normalize headers with spaces before the colon (CVE-2019-16276) +- Fix textproto: not normalize headers with spaces before the colon (CVE-2019-16276) ## [v0.10.0] - 2020-05-25 + ### Added + - mod_auth_request: authorize clients based on thirdparty authorization service - mod_trace: support tracing based on Elastic APM - mod_compress: support brotli algorithm @@ -148,14 +187,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Documents optimization ### Changed + - Refactor and simplify mod_auth_jwt ### Removed -- Remove legacy type of Layer4LoadBalancer +- Remove legacy type of Layer4LoadBalancer ## [v0.9.0] - 2020-04-16 + ### Added + - Support loading dynamic modules that may be written and complied by thirdparty vendors - Add mod_auth_jwt for JWT authentication - mod_trace: support distributed tracing based on jaeger @@ -166,14 +208,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Documents optimization ### Changed + - Change base directory of ServerCertFile/ServerKeyFile to ConfRoot ### Fixed -- Fix failed unit tests about parsing request line under go1.14 environment +- Fix failed unit tests about parsing request line under go1.14 environment ## [v0.8.0] - 2020-03-27 + ### Added + - Add mod_trace for distributed tracing based on zipkin - Add mod_doh for processing DNS over HTTPS(DoH) requests - Support TLS protocol with SM related ciphersuites @@ -181,27 +226,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Documents optimization ### Changed -- Disable sanitization of cookie value +- Disable sanitization of cookie value ## [v0.7.0] - 2020-02-26 + ### Added + - mod_access support NCSA Common Log Format(CLF) and W3C Extended Log Format(ELF) - mod_static suuport HTTP HEAD method - Add mod_userid for client identification - Add mod_tag for tagging and tracking groups of requests - http cookie: support Expires attribute in GMT format -- http cookie: support SameSite attribute +- http cookie: support SameSite attribute - Add static check in Makefile - Compiling on Windows OS is supported - Documents optimization ### Fixed -- Fix a bug that causes invalid ips are parsed and treated as domain names +- Fix a bug that causes invalid ips are parsed and treated as domain names ## [v0.6.0] - 2020-01-21 + ### Added + - Add mod_prison to limit the amount of requests a user can make in a given period of time. - Add condition primitive: ses_tls_sni_in/ses_tls_client_auth/ses_tls_client_ca_in - Add tls mutual authentication @@ -217,12 +266,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Documents optimization ### Changed + - Change default Layer4LoadBalancer to NONE - Upgrade from go1.12 to go1.13 - ## [v0.5.0] - 2019-12-12 + ### Added + - Add mod_geo to determine user geolocation by MaxMind database - Add mod_auth_basic to restrict access from unknown users - Add mod_compress to compress response by customize rules @@ -235,41 +286,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Documents optimization ### Changed + - Change default monitor port to 8421 - Rename HANDLE_READ_BACKEND to HANDLE_READ_RESPONSE ### Removed -- Remove some legacy fields from mod_access +- Remove some legacy fields from mod_access ## [v0.4.0] - 2019-11-19 + ### Added + - Expose metrics in prometheus text-based format - Add default value for core configs to reduce configuration cost - Add mod_static to serve static content by customize rules - Documents optimization ### Changed + - mod_logid: random logid in hex encoding format ### Removed -- Remove signal SIGSTKFLT +- Remove signal SIGSTKFLT ## [v0.3.0] - 2019-10-17 ### Added + - Add condition primitive: req_cip_hash_in/req_header_value_hash_in/req_cookie_value_hash_in/req_query_value_hash_in - Add mod_header variable: bfe_log_id - Add mod_http_code to maintain basic status about response forwarded ### Security -- Fix http2: limit number of control frames in server send queue (CVE-2019-9512, CVE-2019-9514) +- Fix http2: limit number of control frames in server send queue (CVE-2019-9512, CVE-2019-9514) ## [v0.2.0] - 2019-09-26 ### Added + - Add proxy protocol to be compatible with F5 BigIP/Citrix ADC etc - Add mod_access to write request/session log in customized format - Add mod_key_log to wirte tls key log so that external programs(eg. wireshark) can decrypt TLS connections for trouble shooting @@ -278,19 +335,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Documents optimization ### Changed -- reverseproxy: flush response header immediately if flushInterval<0 +- reverseproxy: flush response header immediately if flushInterval<0 ## [v0.1.0] - 2019-08-01 ### Added + - Multiple protocols supported, including HTTP, HTTPS, SPDY, HTTP2, WebSocket, TLS, etc - Content based routing, support user-defined routing rule in advanced domain-specific language - Support multiple load balancing policies - Flexible plugin framework to extend functionality. Based on the framework, developer can add new features rapidly - Detailed built-in metrics available for service status monitor - +[v1.6.0]: https://github.com/bfenetworks/bfe/compare/v1.5.0...v1.6.0 [v1.5.0]: https://github.com/bfenetworks/bfe/compare/v1.4.0...v1.5.0 [v1.4.0]: https://github.com/bfenetworks/bfe/compare/v1.3.0...v1.4.0 [v1.3.0]: https://github.com/bfenetworks/bfe/compare/v1.2.0...v1.3.0 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 93b142610..93b24d715 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -38,24 +38,26 @@ BFE uses this [Git branching model](http://nvie.com/posts/a-successful-git-branc Our pre-commit configuration requires gofmt for auto-formating golang code. - Once installed, `pre-commit` checks the style of code and documentation in every commit: + Once installed, `pre-commit` checks the style of code and documentation in every commit: ``` $ git commit -s ``` - + NOTE: You should add a line to every git commit message, e.g. + ``` Signed-off-by: Sijie Yang ``` - Please use your real name (sorry, no pseudonyms or anonymous contributions). The signoff line at the end of the commit message certifies that you wrote it + + Please use your real name (sorry, no pseudonyms or anonymous contributions). The signoff line at the end of the commit message certifies that you wrote it or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple: if you can certify the [Developer Certificate of Origin](https://developercertificate.org/). NOTE: The `yapf` installed by `pip install pre-commit` and `conda install -c conda-forge pre-commit` is slightly different. BFE developers use `pip install pre-commit`. 1. Build and test - Users can build BFE natively on Linux. + Users can build BFE natively on Linux. ```bash make @@ -86,7 +88,6 @@ or otherwise have the right to pass it on as an open-source patch. The rules are Please remember to specify some reviewers for your pull request. If you don't know who are the right ones, please follow Github's recommendation. - 1. Delete local and remote branches To keep your local workspace and your fork clean, you might want to remove merged branches: @@ -100,7 +101,7 @@ or otherwise have the right to pass it on as an open-source patch. The rules are ### Code Review -- Please feel free to ping your reviewers by sending them the URL of your pull request via IM or email. Please do this after your pull request passes the CI. +- Please feel free to ping your reviewers by sending them the URL of your pull request via IM or email. Please do this after your pull request passes the CI. - Please answer reviewers' every comment. If you are to follow the comment, please write "Done"; please give a reason otherwise. @@ -108,14 +109,13 @@ or otherwise have the right to pass it on as an open-source patch. The rules are - Reduce the unnecessary commits. Some developers commit often. It is recommended to append a sequence of small changes into one commit by running `git commit --amend` instead of `git commit`. - ## Coding Standard ### Code Style Our Golang code follows the [Golang style guide](https://github.com/golang/go/wiki/Style). -Our build process helps to check the code style. +Our build process helps to check the code style. Please install pre-commit, which automatically reformat the changes to Golang code whenever we run `git commit`. @@ -124,4 +124,3 @@ Please install pre-commit, which automatically reformat the changes to Golang co Please remember to add related unit tests. - For Golang code, please use [Golang's standard `testing` package](https://golang.org/pkg/testing/). - diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index f34dd8f6d..ba4a9f60f 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -1,5 +1,5 @@ * This is the list of people who have contributed code/doc to the BFE repository. -* Please keep the list sorted by **name**. +* Please keep the list sorted by **name**. | Name | Github Account | | ---- | -------------- | @@ -22,7 +22,7 @@ | Jie Wan | wanjiecs | | Jin Tong | cumirror | | Jiyang Zhang | scriptkids | -| Kaiyu Zheng | kaiyuzheng | +| Kaiyu Zheng | kaiyuzheng | | Lidong Chang | changlidong68 | | Lihua Chen | clh651188968 | | Liujia Wei | weiliujia | @@ -50,7 +50,7 @@ | Weiqiang Zheng | wrayzheng | | Wenjie Tian | WJTian | | Wenlong Chen | LeroChen | -| Wensi Yang | tianxinheihei | +| Wensi Yang | tianxinheihei | | Xiaofei Yu | xiaofei0800 | | Xiaogang Zhang | zhangxiaogang01 | | Xiaoli Liu | liuxiaoli007 | diff --git a/GOVERNANCE.md b/GOVERNANCE.md index fc432b36e..97a69bac0 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -3,12 +3,12 @@ ## Principles The BFE community adheres to the following principles: + - Open: BFE is open source. See [Contributor License Agreement](https://cla-assistant.io/bfenetworks/bfe). - Welcoming and respectful: See [Code of Conduct](CODE_OF_CONDUCT.md). - Transparent and accessible: Work and collaboration are done in public. - Merit: Ideas and contributions are accepted according to their technical merit and alignment with project objectives, scope, and design principles. - ## Project Lead The BFE project has a project lead. @@ -21,30 +21,28 @@ The project lead is elected by BFE maintainers according to an individual's tech The current project lead is identified in the [MAINTAINERS](MAINTAINERS.md) file`. - ## Process for becoming a maintainer * Express interest to the [project lead](MAINTAINERS.md) that you are interested in becoming a maintainer. Becoming a maintainer generally means that you are going to be spending substantial time (>20%) on BFE for the foreseeable future. You are expected to have domain expertise and be extremely - proficient in golang. + proficient in golang. * We will expect you to start contributing increasingly complicated PRs, under the guidance of the existing senior maintainers. -* We may ask you to do some PRs from our backlog. As you gain experience with the code base and our standards, +* We may ask you to do some PRs from our backlog. As you gain experience with the code base and our standards, we will ask you to do code reviews for incoming PRs. * After a period of approximately 3 months of working together and making sure we see eye to eye, the existing senior maintainers will confer and decide whether to grant maintainer status or not. We make no guarantees on the length of time this will take, but 3 months is an approximate goal. - ## Maintainer responsibilities * Classify GitHub issues and perform pull request reviews for other maintainers and the community. * During GitHub issue classification, apply all applicable [labels](https://github.com/bfenetworks/bfe/labels) to each new issue. Labels are extremely useful for follow-up of future issues. Which labels to apply - is somewhat subjective so just use your best judgment. + is somewhat subjective so just use your best judgment. * Make sure that ongoing PRs are moving forward at the right pace or closing them if they are not moving in a productive direction. @@ -55,17 +53,15 @@ The current project lead is identified in the [MAINTAINERS](MAINTAINERS.md) file * In general continue to be willing to spend at least 20% of your time working on BFE (1 day per week). - ## When does a maintainer lose maintainer status * If a maintainer is no longer interested or cannot perform the maintainer duties listed above, they -should volunteer to be moved to emeritus status. +should volunteer to be moved to emeritus status. -* In extreme cases this can also occur by a vote of the maintainers per the voting process. The voting -process is a simple majority in which each senior maintainer receives two votes and each normal maintainer +* In extreme cases this can also occur by a vote of the maintainers per the voting process. The voting +process is a simple majority in which each senior maintainer receives two votes and each normal maintainer receives one vote. - ## Changes in Project Lead Changes in project lead is initiated by opening a github PR. @@ -73,6 +69,7 @@ Changes in project lead is initiated by opening a github PR. Anyone from BFE community can vote on the PR with either +1 or -1. Only the following votes are binding: + 1) Any maintainer that has been listed in the [MAINTAINERS](MAINTAINERS.md) file before the PR is opened. 2) Any maintainer from an organization may cast the vote for that organization. However, no organization should have more binding votes than 1/5 of the total number of maintainers defined in 1). @@ -85,10 +82,9 @@ When there are conflicting PRs about changes in project lead, the PR with the mo The project lead can volunteer to step down. - ## Changes in Project Governance -All substantive updates in Governance require a supermajority maintainers vote. +All substantive updates in Governance require a supermajority maintainers vote. ## Decision making process @@ -106,12 +102,10 @@ Decision making process should be transparent to adhere to the principles of BFE All proposals, ideas, and decisions by maintainers or the project lead should either be part of a github issue or PR, or be sent to `cncf-bfe-maintainers@lists.cncf.io`. - ## Code of Conduct The [BFE Code of Conduct](CODE_OF_CONDUCT.md) is aligned with the CNCF Code of Conduct. - ## Credits Sections of this documents have been borrowed from [Fluentd](https://github.com/fluent/fluentd/blob/master/GOVERNANCE.md) and [CoreDNS](https://github.com/coredns/coredns/blob/master/GOVERNANCE.md) projects. diff --git a/MAINTAINERS.md b/MAINTAINERS.md index cadcf4def..2351b9460 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -3,17 +3,20 @@ This file lists who are the maintainers of the BFE project. The responsibilities for maintainers are listed in the [GOVERNANCE.md](GOVERNANCE.md) file. ## Project Lead + | Name | GitHub ID | Affiliation | | ---- | --------- | ----------- | | [Miao Zhang](mailto:zhangmiao02@baidu.com) | [mileszhang2016](https://github.com/mileszhang2016) | Baidu | | [Sijie Yang](mailto:iyangsj@gmail.com) | [iyangsj](https://github.com/iyangsj) | Baidu | ## Senior Maintainers + | Name | GitHub ID | Affiliation | | ---- | --------- | ----------- | | [Sijie Yang](mailto:iyangsj@gmail.com) | [iyangsj](https://github.com/iyangsj) | Baidu | ## Maintainers + | Name | GitHub ID | Affiliation | | ---- | --------- | ----------- | | [Derek Zheng](mailto:shanhu5739@gmail.com) | [shanhuhai5739](https://github.com/shanhuhai5739) | Kuaishou | diff --git a/Makefile b/Makefile index d3008e070..ddb73b5d2 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,7 @@ # init project path WORKROOT := $(shell pwd) OUTDIR := $(WORKROOT)/output +OS := $(shell go env GOOS) # init environment variables export PATH := $(shell go env GOPATH)/bin:$(PATH) @@ -28,9 +29,12 @@ GOVET := $(GO) vet GOGET := $(GO) get GOGEN := $(GO) generate GOCLEAN := $(GO) clean +GOINSTALL := $(GO) install GOFLAGS := -race STATICCHECK := staticcheck LICENSEEYE := license-eye +PIP := pip3 +PIPINSTALL := $(PIP) install # init arch ARCH := $(shell getconf LONG_BIT) @@ -46,6 +50,21 @@ GIT_COMMIT ?= $(shell git rev-parse HEAD) # init bfe packages BFE_PKGS := $(shell go list ./...) +# go install package +# $(1) package name +# $(2) package address +define INSTALL_PKG + @echo installing $(1) + $(GOINSTALL) $(2) + @echo $(1) installed +endef + +define PIP_INSTALL_PKG + @echo installing $(1) + $(PIPINSTALL) $(1) + @echo $(1) installed +endef + # make, make all all: prepare compile package @@ -55,19 +74,27 @@ strip: prepare compile-strip package # make prepare, download dependencies prepare: prepare-dep prepare-gen prepare-dep: - $(GO) get golang.org/x/tools/cmd/goyacc + $(call INSTALL_PKG, goyacc, golang.org/x/tools/cmd/goyacc) prepare-gen: cd "bfe_basic/condition/parser" && $(GOGEN) # make compile, go build compile: test build build: +ifeq ($(OS),darwin) + $(GOBUILD) -ldflags "-X main.version=$(BFE_VERSION) -X main.commit=$(GIT_COMMIT)" +else $(GOBUILD) -ldflags "-X main.version=$(BFE_VERSION) -X main.commit=$(GIT_COMMIT) -extldflags=-static" +endif # make compile-strip, go build without symbols and DWARFs compile-strip: test build-strip build-strip: +ifeq ($(OS),darwin) + $(GOBUILD) -ldflags "-X main.version=$(BFE_VERSION) -X main.commit=$(GIT_COMMIT) -s -w" +else $(GOBUILD) -ldflags "-X main.version=$(BFE_VERSION) -X main.commit=$(GIT_COMMIT) -extldflags=-static -s -w" +endif # make test, test your code test: test-case vet-case @@ -87,16 +114,30 @@ package: mv bfe $(OUTDIR)/bin cp -r conf $(OUTDIR) +# make deps +deps: + $(call PIP_INSTALL_PKG, pre-commit) + $(call INSTALL_PKG, goyacc, golang.org/x/tools/cmd/goyacc) + $(call INSTALL_PKG, staticcheck, honnef.co/go/tools/cmd/staticcheck) + $(call INSTALL_PKG, license-eye, github.com/apache/skywalking-eyes/cmd/license-eye@latest) + +# make precommit, enable autoupdate and install with hooks +precommit: + pre-commit autoupdate + pre-commit install --install-hooks + # make check check: - $(GO) get honnef.co/go/tools/cmd/staticcheck $(STATICCHECK) ./... -# make license-check, check code file's license declearation +# make license-check, check code file's license declaration license-check: - $(GO) install github.com/apache/skywalking-eyes/cmd/license-eye@latest $(LICENSEEYE) header check +# make license-fix, fix code file's license declaration +license-fix: + $(LICENSEEYE) header fix + # make docker docker: docker build \ diff --git a/README-CN.md b/README-CN.md index 936997e1d..cecb0f823 100644 --- a/README-CN.md +++ b/README-CN.md @@ -11,17 +11,13 @@ [English](README.md) | 中文 - - BFE (Beyond Front End) 是百度开源的现代化、企业级的七层负载均衡系统 bfe logo -BFE 是 [云原生计算基金会 (Cloud Native Computing Foundation, CNCF)](https://cncf.io/) 的一个沙箱项目 - -![](./docs/images/cncf-logo.png) - +BFE 是 [云原生计算基金会 (Cloud Native Computing Foundation, CNCF)](https://cncf.io/) 的一个沙箱项目 +![cncf-logo](./docs/images/cncf-logo.png) ## 简介 @@ -56,9 +52,11 @@ BFE的架构说明见[概览](docs/zh_cn/introduction/overview.md)文档 - 控制平面:请参考控制平面的[部署说明](https://github.com/bfenetworks/api-server/blob/develop/docs/zh_cn/deploy.md) ## 运行测试 + - 请参考[编译及运行](docs/zh_cn/installation/install_from_source.md) ## 文档 + - [英文版](https://www.bfe-networks.net/en_us/ABOUT/) - [中文版](https://www.bfe-networks.net/zh_cn/ABOUT/) @@ -74,10 +72,12 @@ BFE的架构说明见[概览](docs/zh_cn/introduction/overview.md)文档 - 详情请参阅[参与贡献指南](CONTRIBUTING.md) ## 作者 + - 项目维护者: [MAINTAINERS](MAINTAINERS.md) - 项目贡献者: [CONTRIBUTORS](CONTRIBUTORS.md) ## 社区交流 + - [开源BFE用户论坛](https://github.com/bfenetworks/bfe/discussions) - **开源BFE微信公众号**:扫码关注公众号“BFE开源项目”,及时获取项目最新信息和技术分享 @@ -99,4 +99,5 @@ BFE的架构说明见[概览](docs/zh_cn/introduction/overview.md)文档 - **开源BFE开发者微信群**: [发送邮件](mailto:iyangsj@gmail.com)说明您的微信号及贡献(例如PR/Issue),我们将及时邀请您加入 ## 许可 + BFE基于Apache 2.0许可证,详见[LICENSE](LICENSE)文件说明 diff --git a/README.md b/README.md index a21980357..ba34f0284 100644 --- a/README.md +++ b/README.md @@ -11,17 +11,13 @@ English | [中文](README-CN.md) - - BFE (Beyond Front End) is a modern layer 7 load balancer from baidu. bfe logo -BFE is a [Cloud Native Computing Foundation](https://cncf.io/) (CNCF) sandbox project. - -![](./docs/images/cncf-logo.png) - +BFE is a [Cloud Native Computing Foundation](https://cncf.io/) (CNCF) sandbox project. +![cncf-logo](./docs/images/cncf-logo.png) ## Introduction @@ -29,7 +25,7 @@ BFE opensource project includes several components, which can be used together a BFE system consists of data plane and control plane: -- Data plane:responsible for forwarding user's traffic, including below component: +- Data plane:responsible for forwarding user's traffic, including below component: - BFE Server:BFE forward engine (this repository, bfenetworks/bfe). BFE Server performs content based routing, load balancing and forwards the traffic to backend servers. - Control plane:responsible for management and configuration of BFE system, including below components: - [API-Server](https://github.com/bfenetworks/api-server):provides API and handles update, storage and generation of BFE config @@ -50,29 +46,36 @@ Besides, we also implement [BFE Ingress Controller](https://github.com/bfenetwor - Detailed built-in metrics available for service status monitor. ## Getting Started + - Data plane: BFE Server [build and run](docs/en_us/installation/install_from_source.md) -- Control plane: English document coming soon. [Chinese version](https://github.com/bfenetworks/api-server/blob/develop/docs/zh_cn/deploy.md) +- Control plane: English document coming soon. [Chinese version](https://github.com/bfenetworks/api-server/blob/develop/docs/zh_cn/deploy.md) ## Running the tests + - See [Build and run](docs/en_us/installation/install_from_source.md) ## Documentation + - [English version](https://www.bfe-networks.net/en_us/ABOUT/) - [Chinese version](https://www.bfe-networks.net/zh_cn/ABOUT/) ## Contributing + - Please create an issue in [issue list](http://github.com/bfenetworks/bfe/issues). - Contact Committers/Owners for further discussion if needed. - Following the golang coding standards. - See the [CONTRIBUTING](CONTRIBUTING.md) file for details. ## Authors + - Owners: [MAINTAINERS](MAINTAINERS.md) - Contributors: [CONTRIBUTORS](CONTRIBUTORS.md) ## Communication + - BFE community on Slack: [Sign up](https://slack.cncf.io/) CNCF Slack and join bfe channel. - BFE developer group on WeChat: [Send a request mail](mailto:iyangsj@gmail.com) with your WeChat ID and a contribution you've made to BFE(such as a PR/Issue). We will invite you right away. ## License + BFE is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details. diff --git a/SECURITY.md b/SECURITY.md index 4e62d1458..b9d3909c1 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,6 +4,6 @@ Please do not open issues for anything you think might have a security implication. -Security issues and bugs should be reported privately to bfe-security@baidu.com. -You should receive a response within 24 hours. If for some reason you do not, -please follow up via email to ensure we received your original message. +Security issues and bugs should be reported privately to bfe-security@baidu.com. +You should receive a response within 24 hours. If for some reason you do not, +please follow up via email to ensure we received your original message. diff --git a/VERSION b/VERSION index 3e1ad720b..dc1e644a1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.5.0 \ No newline at end of file +1.6.0 diff --git a/bfe_balance/bal_gslb/bal_gslb.go b/bfe_balance/bal_gslb/bal_gslb.go index 8f74a9782..32d11c73e 100644 --- a/bfe_balance/bal_gslb/bal_gslb.go +++ b/bfe_balance/bal_gslb/bal_gslb.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// subcluster level load balance using gslb +// sub-cluster level load balance using gslb package bal_gslb @@ -359,7 +359,7 @@ func (bal *BalanceGslb) Balance(req *bfe_basic.Request) (*bal_backend.BfeBackend // after get the distribution subcluster - // blackhole + // black hole if current.sType == TypeGslbBlackhole { state.ErrGslbBlackhole.Inc(1) req.ErrCode = bfe_basic.ErrGslbBlackhole diff --git a/bfe_balance/bal_gslb/sub_cluster.go b/bfe_balance/bal_gslb/sub_cluster.go index 7498ba9ef..683e97edb 100644 --- a/bfe_balance/bal_gslb/sub_cluster.go +++ b/bfe_balance/bal_gslb/sub_cluster.go @@ -27,14 +27,14 @@ import ( // type of sub cluster const ( TypeGslbNormal = 0 // normal sub cluster - TypeGslbBlackhole = 1 // gslb blackhole + TypeGslbBlackhole = 1 // gslb black hole ) type SubCluster struct { Name string // name of sub cluster sType int // TypeGslbNormal, or TypeGslbBlackhole - backends *bal_slb.BalanceRR // backend with round robin - weight int // weight between subclusters + backends *bal_slb.BalanceRR // backend with round-robin + weight int // weight between sub-clusters } func newSubCluster(name string) *SubCluster { @@ -81,7 +81,7 @@ func (sub *SubCluster) balance(algor int, key []byte) (*backend.BfeBackend, erro return nil, fmt.Errorf("no backend in sub cluster [%s]", sub.Name) } - // balance from subcluster + // balance from sub-cluster return sub.backends.Balance(algor, key) } @@ -89,7 +89,7 @@ func (sub *SubCluster) setSlowStart(slowStartTime int) { sub.backends.SetSlowStart(slowStartTime) } -// SubClusterList is a list of subcluster. +// SubClusterList is a list of sub-cluster. type SubClusterList []*SubCluster type SubClusterListSorter struct { diff --git a/bfe_balance/bal_slb/backend_rr.go b/bfe_balance/bal_slb/backend_rr.go index 1561aa042..09d445e5f 100644 --- a/bfe_balance/bal_slb/backend_rr.go +++ b/bfe_balance/bal_slb/backend_rr.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// backend with round robin +// backend with round-robin package bal_slb @@ -26,17 +26,17 @@ import ( ) type WeightSS struct { - final int // final target weight after slow-start - slowStartTime int // time for backend increases the weight to the full value, in seconds - startTime time.Time // time of the first request + final int // final target weight after slow-start + slowStartTime int // time for backend increases the weight to the full value, in seconds + startTime time.Time // time of the first request } type BackendRR struct { - weight int // weight of this backend - current int // current weight - backend *backend.BfeBackend // point to BfeBackend - inSlowStart bool // indicate if in slow-start phase - weightSS WeightSS // slow_start related parameters + weight int // weight of this backend + current int // current weight + backend *backend.BfeBackend // point to BfeBackend + inSlowStart bool // indicate if in slow-start phase + weightSS WeightSS // slow_start related parameters } func NewBackendRR() *BackendRR { diff --git a/bfe_balance/bal_slb/bal_rr.go b/bfe_balance/bal_slb/bal_rr.go index b8b036a7e..507df0d46 100644 --- a/bfe_balance/bal_slb/bal_rr.go +++ b/bfe_balance/bal_slb/bal_rr.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// weighted round robin balance +// weighted round-robin balance // // Algorithm: // smooth Weighted Round Robin algorithm is as follows: on each backend selection, @@ -54,7 +54,7 @@ import ( "github.com/bfenetworks/bfe/bfe_debug" ) -// implementation versions of weighted round robin algorithm +// implementation versions of weighted round-robin algorithm const ( WrrSimple = 0 WrrSmooth = 1 @@ -89,13 +89,13 @@ func (s BackendListSorter) Less(i, j int) bool { type BalanceRR struct { sync.Mutex - Name string - backends BackendList // list of BackendRR - sorted bool // list of BackeneRR sorted or not - next int // next backend to schedule + Name string + backends BackendList // list of BackendRR + sorted bool // list of BackendRR sorted or not + next int // next backend to schedule - slowStartNum int // number of backends in slow_start phase - slowStartTime int // time for backend increases the weight to the full value, in seconds + slowStartNum int // number of backends in slow_start phase + slowStartTime int // time for backend increases the weight to the full value, in seconds } func NewBalanceRR(name string) *BalanceRR { @@ -177,7 +177,7 @@ func (brr *BalanceRR) Update(conf cluster_table_conf.SubClusterBackend) { backendsNew = append(backendsNew, backendRR) delete(confMap, backendKey) } else { - // tell healthcheck to stop + // tell health-check to stop backendRR.Release() } } @@ -219,7 +219,7 @@ func (brr *BalanceRR) ensureSortedUnlocked() { } } -// Balance select one backend from sub cluster in round robin manner. +// Balance select one backend from sub cluster in round-robin manner. func (brr *BalanceRR) Balance(algor int, key []byte) (*backend.BfeBackend, error) { // Slow start is not supported when session sticky is enabled if algor != WrrSticky { @@ -259,7 +259,7 @@ func smoothBalance(backs BackendList) (*backend.BfeBackend, error) { continue } - // select backend with greatest current weight + // select backend with the greatest current weight if best == nil || backendRR.current > max { best = backendRR max = backendRR.current @@ -345,6 +345,12 @@ func leastConnsBalance(backs BackendList) (BackendList, error) { singleBackend = true } else if ret == 0 { singleBackend = false + if len(candidates) > 0 { + candidates = append(candidates, backendRR) + } else { + candidates = append(candidates, best, backendRR) + } + } } @@ -354,22 +360,10 @@ func leastConnsBalance(backs BackendList) (BackendList, error) { // single backend, return directly if singleBackend { - candidates = append(candidates, best) - return candidates, nil + return BackendList{best}, nil } - // more than one backend have same connections/weight, // return all the candidates - for _, backendRR := range backs { - if !backendRR.backend.Avail() || backendRR.weight <= 0 { - continue - } - - if ret := compLCWeight(best, backendRR); ret == 0 { - candidates = append(candidates, backendRR) - } - } - return candidates, nil } @@ -412,7 +406,7 @@ func (brr *BalanceRR) simpleBalance() (*backend.BfeBackend, error) { next = moveToNext(next, backends) if next == brr.next { - // all backends have been check + // all backends have been checked if allBackendDown { if bfe_debug.DebugBal { log.Logger.Debug("rr_bal:all backend is down") @@ -480,7 +474,7 @@ func (brr *BalanceRR) stickyBalance(key []byte) (*backend.BfeBackend, error) { // result will be 0 if a == b, -1 if a < b, +1 if a > b func compLCWeight(a, b *BackendRR) int { // compare a.backend.ConnNum() / a.weight and b.backend.ConnNum() / b.weight - // to avoid compare floating num, both multipli a.weight * b.weight + // to avoid compare floating num, both multiple a.weight * b.weight ret := a.backend.ConnNum()*b.weight - b.backend.ConnNum()*a.weight // a.backend.ConnNum() / a.weight > b.backend.ConnNum() / b.weight diff --git a/bfe_balance/bal_slb/bal_rr_test.go b/bfe_balance/bal_slb/bal_rr_test.go index 2d478a577..db288ba3d 100644 --- a/bfe_balance/bal_slb/bal_rr_test.go +++ b/bfe_balance/bal_slb/bal_rr_test.go @@ -64,6 +64,39 @@ func prepareBalanceRR() *BalanceRR { return rr } +func prepareBalanceRRLcw() *BalanceRR { + b1 := populateBackend("b1", "127.0.0.1", 80, true) + b2 := populateBackend("b2", "127.0.0.1", 81, true) + b3 := populateBackend("b3", "127.0.0.1", 82, true) + b4 := populateBackend("b4", "127.0.0.1", 83, true) + + rr := &BalanceRR{ + backends: []*BackendRR{ + { + weight: 300, + current: 300, + backend: b1, + }, + { + weight: 200, + current: 200, + backend: b2, + }, + { + weight: 100, + current: 100, + backend: b3, + }, + { + weight: 50, + current: 50, + backend: b4, + }, + }, + } + return rr +} + func processBalance(t *testing.T, label string, algor int, key []byte, rr *BalanceRR, result []string) { var l []string for i := 1; i < 10; i++ { @@ -80,6 +113,22 @@ func processBalance(t *testing.T, label string, algor int, key []byte, rr *Balan } } +func processBalancLoopTwenty(t *testing.T, label string, algor int, key []byte, rr *BalanceRR, result []string) { + var l []string + for i := 1; i < 20; i++ { + r, err := rr.Balance(algor, key) + if err != nil { + t.Errorf("should not error") + } + r.IncConnNum() + l = append(l, r.Name) + } + + if !reflect.DeepEqual(l, result) { + t.Errorf("balance error [%s] %v, expect %v", label, l, result) + } +} + func processSimpleBalance(t *testing.T, label string, algor int, key []byte, rr *BalanceRR, result []string) { var l []string loopCount := (300+200+100)+4 @@ -176,6 +225,12 @@ func TestBalance(t *testing.T) { rr = prepareBalanceRR() expectResult = []string{"b1", "b2", "b3", "b1", "b2", "b1", "b3", "b1", "b2"} processBalance(t, "case 7", WlcSmooth, []byte{1}, rr, expectResult) + + // case 8, lcw balance same weight + rr = prepareBalanceRRLcw() + expectResult = []string{"b1", "b2", "b3", "b4", "b1", "b2", "b1", "b1", "b2", "b3", "b1", "b2", "b1", + "b1", "b2", "b3", "b4", "b1", "b2"} + processBalancLoopTwenty(t, "case 8", WlcSmooth, []byte{1}, rr, expectResult) } func TestUpdate(t *testing.T) { @@ -284,6 +339,15 @@ func BenchmarkSimpleBalance(b *testing.B) { } } +func BenchmarkWlcBalance(b *testing.B) { + rr := prepareBalanceRRForBench() + + b.ResetTimer() + for i := 0; i < b.N; i++ { + rr.leastConnsSmoothBalance() + } +} + func BenchmarkStickyBalance(b *testing.B) { rr := prepareBalanceRRForBench() key := []byte{100} diff --git a/bfe_balance/bal_table_test.go b/bfe_balance/bal_table_test.go index e07ba1283..58c340705 100644 --- a/bfe_balance/bal_table_test.go +++ b/bfe_balance/bal_table_test.go @@ -80,7 +80,7 @@ func TestGslbInit(t *testing.T) { } if err = balTable.gslbInit(gslbConf); err != nil { - t.Errorf("GslbInit: case 1 should retun nil.") + t.Errorf("GslbInit: case 1 should return nil.") return } diff --git a/bfe_balance/bfe_balance.go b/bfe_balance/bfe_balance.go index 58ca1f4eb..452f58599 100644 --- a/bfe_balance/bfe_balance.go +++ b/bfe_balance/bfe_balance.go @@ -25,16 +25,16 @@ import ( ) type BfeBalance interface { - // initialize + // Init initialize Init(backendConf cluster_table_conf.ClusterBackend, gslbBasic cluster_conf.GslbBasicConf, gslbConf gslb_conf.GslbClusterConf) error - // reload config + // Reload reload config Reload(backendConf cluster_table_conf.ClusterBackend, gslbBasic cluster_conf.GslbBasicConf, gslbConf gslb_conf.GslbClusterConf) error - // load balance for request + // Balance load balance for request Balance(req *bfe_basic.Request) (*backend.BfeBackend, error) - // release + // Release releases Release() } diff --git a/bfe_basic/action/action_query.go b/bfe_basic/action/action_query.go index 693aea08b..6e158769b 100644 --- a/bfe_basic/action/action_query.go +++ b/bfe_basic/action/action_query.go @@ -109,7 +109,7 @@ func ReqQueryRename(req *bfe_basic.Request, oldName string, newName string) { // rename keys srcKey := "&" + oldName + "=" dstKey := "&" + newName + "=" - rawQuery = strings.Replace(rawQuery, srcKey, dstKey, -1) + rawQuery = strings.ReplaceAll(rawQuery, srcKey, dstKey) // remove prefix "&" req.HttpRequest.URL.RawQuery = rawQuery[1:] diff --git a/bfe_basic/common.go b/bfe_basic/common.go index 66f6ff273..6a33a079d 100644 --- a/bfe_basic/common.go +++ b/bfe_basic/common.go @@ -47,7 +47,7 @@ const ( GlobalProduct = "global" ) -// Hop-by-hop headers. These are removed when sent to the backend. +// HopHeaders are Hop-by-hop headers. These are removed when sent to the backend. // http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html var HopHeaders = []string{ "Connection", @@ -80,7 +80,7 @@ func CreateInternalResp(request *Request, code int) *bfe_http.Response { return res } -// this interface is used for lookup config for each request +// ServerDataConfInterface is an interface used for lookup config for each request type ServerDataConfInterface interface { ClusterTableLookup(clusterName string) (*bfe_cluster.BfeCluster, error) HostTableLookup(hostname string) (string, error) diff --git a/bfe_basic/condition/build_test.go b/bfe_basic/condition/build_test.go index 867551fb8..ae4ba35d0 100644 --- a/bfe_basic/condition/build_test.go +++ b/bfe_basic/condition/build_test.go @@ -88,7 +88,7 @@ var buildPrimitiveTests = []struct { true, }, { - "testWrongVriable", + "testWrongVariable", "a && b", nil, true, diff --git a/bfe_basic/condition/primitive.go b/bfe_basic/condition/primitive.go index becc626af..6967bac8f 100644 --- a/bfe_basic/condition/primitive.go +++ b/bfe_basic/condition/primitive.go @@ -753,9 +753,9 @@ func checkHostAndToUpper(patterns []string) ([]string, error) { upper := make([]string, len(patterns)) for i, v := range patterns { - // port shoud not be included in host + // port should not be included in host if strings.Contains(v, ":") { - return nil, fmt.Errorf("port shoud not be included in host(%s)", v) + return nil, fmt.Errorf("port should not be included in host(%s)", v) } upper[i] = strings.ToUpper(v) @@ -828,11 +828,11 @@ type HashValueMatcher struct { func (matcher *HashValueMatcher) Match(v interface{}) bool { var rawValue string - switch v.(type) { + switch value := v.(type) { case string: - rawValue = v.(string) + rawValue = value case net.IP: - rawValue = v.(net.IP).String() + rawValue = value.String() default: return false } @@ -875,7 +875,7 @@ func parserHashSectionConf(section string) (int, int, error) { // checkt numbers var start, end int for i, numberRawStr := range numbers { - numberStr := strings.Replace(numberRawStr, " ", "", -1) + numberStr := strings.ReplaceAll(numberRawStr, " ", "") number, err := strconv.Atoi(numberStr) if err != nil { return 0, 0, fmt.Errorf("hash value check section %s number %s err %s", @@ -986,7 +986,7 @@ func (f *ContextValueFetcher) Fetch(req *bfe_basic.Request) (interface{}, error) return req.GetContext(f.key), nil } -// time range matcher +// TimeMatcher is time range matcher type TimeMatcher struct { startTime time.Time endTime time.Time @@ -1043,14 +1043,14 @@ func (f *BfeTimeFetcher) Fetch(req *bfe_basic.Request) (interface{}, error) { return debugTime, nil } -// periodic time range matcher +// PeriodicTimeMatcher is periodic time range matcher type PeriodicTimeMatcher struct { startTime int // in seconds of a day endTime int offset int // timezone offset } -// time string format: hhmmssZ, example 150405H, Z-> timezone defined in bfe_util.TimeZoneMap +// NewPeriodicTimeMatcher follows time string format: hhmmssZ, example 150405H, Z-> timezone defined in bfe_util.TimeZoneMap func NewPeriodicTimeMatcher(startTimeStr, endTimeStr, periodStr string) (*PeriodicTimeMatcher, error) { if periodStr != "" { return nil, fmt.Errorf("periodStr is not supported, should not be set!") diff --git a/bfe_basic/condition/primitive_test.go b/bfe_basic/condition/primitive_test.go index 9e0888a10..5144512ac 100644 --- a/bfe_basic/condition/primitive_test.go +++ b/bfe_basic/condition/primitive_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2019 The BFE Authors. +// Copyright (c) 2019 The BFE Authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -182,7 +182,7 @@ func TestHostMatcher_1(t *testing.T) { // test HostMatcher, error case, host include port func TestHostMatcher_2(t *testing.T) { _, err := NewHostMatcher("www.baidu.com:80|map.baidu.com") - if err == nil || err.Error() != "port shoud not be included in host(www.baidu.com:80)" { + if err == nil || err.Error() != "port should not be included in host(www.baidu.com:80)" { t.Errorf("NewHostMatcher() return wrong error: %v", err) } } @@ -234,7 +234,6 @@ func TestContextValueFetcher(t *testing.T) { contextVal, err := hf.Fetch(req) if err != nil { t.Fatalf("Fetch(): %v", err) - t.FailNow() } // check @@ -308,7 +307,7 @@ func TestPeriodicTimeMatcher(t *testing.T) { if err != nil { t.Fatalf("NewPeriodicTimeMatcher() error: %v", err) } - _, err = NewPeriodicTimeMatcher("200000R", "213000H", "" ) + _, err = NewPeriodicTimeMatcher("200000R", "213000H", "") if err == nil { t.Fatalf("NewPeriodicTimeMatcher() should failed") } diff --git a/bfe_basic/session.go b/bfe_basic/session.go index ada862b66..7dbb4459a 100644 --- a/bfe_basic/session.go +++ b/bfe_basic/session.go @@ -53,7 +53,7 @@ type Session struct { Product string // product name of vip Rtt uint32 // smoothed RTT for current connection (us) - lock sync.RWMutex // lock for session + lock sync.RWMutex // lock for session reqNum int64 // number of total request reqNumActive int64 // number of active request readTotal int64 // total bytes read from client socket @@ -99,7 +99,6 @@ func (s *Session) ReqNum() int64 { func (s *Session) SetReqNum(count int) { atomic.StoreInt64(&s.reqNum, int64(count)) - return } func (s *Session) IncReqNumActive(count int) int64 { @@ -112,7 +111,6 @@ func (s *Session) ReqNumActive() int64 { func (s *Session) SetReqNumActive(count int) { atomic.StoreInt64(&s.reqNumActive, int64(count)) - return } func (s *Session) UpdateReadTotal(total int) int { diff --git a/bfe_config/bfe_cluster_conf/cluster_conf/cluster_conf_load.go b/bfe_config/bfe_cluster_conf/cluster_conf/cluster_conf_load.go index a0e695e54..f7c727cc6 100644 --- a/bfe_config/bfe_cluster_conf/cluster_conf/cluster_conf_load.go +++ b/bfe_config/bfe_cluster_conf/cluster_conf/cluster_conf_load.go @@ -75,7 +75,7 @@ type BackendCheck struct { CheckInterval *int // interval of health check, in ms } -// FastCGI related configurations +// FCGIConf are FastCGI related configurations type FCGIConf struct { EnvVars map[string]string // the vars which will send to backend Root string // the server root @@ -371,7 +371,7 @@ func GslbBasicConfCheck(conf *GslbBasicConf) error { case BalanceModeWrr: case BalanceModeWlc: default: - return fmt.Errorf("unsupport bal mode %s", *conf.BalanceMode) + return fmt.Errorf("unsupported bal mode %s", *conf.BalanceMode) } return nil @@ -416,8 +416,8 @@ func ClusterBasicConfCheck(conf *ClusterBasicConf) error { } if conf.TimeoutWriteClient == nil { - timoutWriteClient := DefaultWriteClientTimeout - conf.TimeoutWriteClient = &timoutWriteClient + timeoutWriteClient := DefaultWriteClientTimeout + conf.TimeoutWriteClient = &timeoutWriteClient } if conf.TimeoutReadClientAgain == nil { diff --git a/bfe_config/bfe_cluster_conf/gslb_conf/testdata/gslb_1.data b/bfe_config/bfe_cluster_conf/gslb_conf/testdata/gslb_1.data index 0c22ad9a4..a2cab2871 100644 --- a/bfe_config/bfe_cluster_conf/gslb_conf/testdata/gslb_1.data +++ b/bfe_config/bfe_cluster_conf/gslb_conf/testdata/gslb_1.data @@ -2,10 +2,10 @@ "clusters": { "c1": { "GSLB_BLACKHOLE": 0, - "c1.exmaple.a": 0, - "c1.exmaple.b": 50, - "c1.exmaple.c": 20, - "c1.exmaple.d": 30 + "c1.example.a": 0, + "c1.example.b": 50, + "c1.example.c": 20, + "c1.example.d": 30 }, "c2": { "GSLB_BLACKHOLE": 0, diff --git a/bfe_config/bfe_conf/bfe_config_load_test.go b/bfe_config/bfe_conf/bfe_config_load_test.go index eff72d913..1d7da19cf 100644 --- a/bfe_config/bfe_conf/bfe_config_load_test.go +++ b/bfe_config/bfe_conf/bfe_config_load_test.go @@ -29,7 +29,7 @@ func TestBfeConfigLoadNormal(t *testing.T) { t.Errorf("config.HttpPort should be 80") } - if config.Server.MonitorPort != 8080 { + if config.Server.MonitorEnabled && config.Server.MonitorPort != 8080 { t.Errorf("config.MonitorPort should be 8080") } @@ -90,7 +90,7 @@ func TestBfeConfigLoadUsingDefault(t *testing.T) { t.Errorf("config.HttpPort should be 8080") } - if config.Server.MonitorPort != 8421 { + if config.Server.MonitorEnabled && config.Server.MonitorPort != 8421 { t.Errorf("config.MonitorPort should be 8421") } diff --git a/bfe_config/bfe_conf/conf_basic.go b/bfe_config/bfe_conf/conf_basic.go index acfd94bcb..51a81daa1 100644 --- a/bfe_config/bfe_conf/conf_basic.go +++ b/bfe_config/bfe_conf/conf_basic.go @@ -38,11 +38,12 @@ const ( ) type ConfigBasic struct { - HttpPort int // listen port for http - HttpsPort int // listen port for https - MonitorPort int // web server port for monitor - MaxCpus int // number of max cpus to use - AcceptNum int // number of accept goroutine for each listener, default 1 + HttpPort int // listen port for http + HttpsPort int // listen port for https + MonitorPort int // web server port for monitor + MaxCpus int // number of max cpus to use + AcceptNum int // number of accept goroutine for each listener, default 1 + MonitorEnabled bool // web server for monitor enable or not // settings of layer-4 load balancer Layer4LoadBalancer string @@ -84,6 +85,7 @@ func (cfg *ConfigBasic) SetDefaultConf() { cfg.HttpPort = 8080 cfg.HttpsPort = 8443 cfg.MonitorPort = 8421 + cfg.MonitorEnabled = true cfg.MaxCpus = 0 cfg.TlsHandshakeTimeout = 30 @@ -141,8 +143,8 @@ func basicConfCheck(cfg *ConfigBasic) error { cfg.HttpsPort) } - // check MonitorPort - if cfg.MonitorPort < 1 || cfg.MonitorPort > 65535 { + // check MonitorPort if MonitorEnabled enabled + if cfg.MonitorEnabled && (cfg.MonitorPort < 1 || cfg.MonitorPort > 65535) { return fmt.Errorf("MonitorPort[%d] should be in [1, 65535]", cfg.MonitorPort) } diff --git a/bfe_config/bfe_conf/conf_basic_test.go b/bfe_config/bfe_conf/conf_basic_test.go index dd3dfb0c6..b3e07f820 100644 --- a/bfe_config/bfe_conf/conf_basic_test.go +++ b/bfe_config/bfe_conf/conf_basic_test.go @@ -53,7 +53,7 @@ func Test_conf_basic_case1(t *testing.T) { t.Error("config.HttpPort should be 80") } - if config.Server.MonitorPort != 8080 { + if config.Server.MonitorEnabled && config.Server.MonitorPort != 8080 { t.Error("config.MonitorPort should be 8080") } @@ -101,10 +101,11 @@ func Test_conf_basic_check(t *testing.T) { conf *ConfigBasic err string }{ - {&ConfigBasic{HttpPort: 80, HttpsPort: 443, MonitorPort: 8080, MaxCpus: -1}, "MaxCpus[-1] is too small"}, - {&ConfigBasic{HttpPort: 80, HttpsPort: 443, MonitorPort: 8080, MaxCpus: 10, TlsHandshakeTimeout: 30, + {&ConfigBasic{HttpPort: 80, HttpsPort: 443, MonitorPort: -1, MonitorEnabled: true},"MonitorPort[-1] should be in [1, 65535]"}, + {&ConfigBasic{HttpPort: 80, HttpsPort: 443, MonitorPort: 8080, MonitorEnabled: false, MaxCpus: -1}, "MaxCpus[-1] is too small"}, + {&ConfigBasic{HttpPort: 80, HttpsPort: 443, MonitorPort: 8080, MonitorEnabled: true, MaxCpus: 10, TlsHandshakeTimeout: 30, GracefulShutdownTimeout: 30}, "ClientReadTimeout[0] should > 0"}, - {&ConfigBasic{HttpPort: 80, HttpsPort: 443, MonitorPort: 8080, MaxCpus: 10, TlsHandshakeTimeout: 30, + {&ConfigBasic{HttpPort: 80, HttpsPort: 443, MonitorPort: 8080, MonitorEnabled: true, MaxCpus: 10, TlsHandshakeTimeout: 30, GracefulShutdownTimeout: 30, ClientReadTimeout: 10, ClientWriteTimeout: 10, MonitorInterval: 33}, "MonitorInterval[33] can not divide 60"}, } diff --git a/bfe_config/bfe_conf/testdata/conf_all/bfe.conf b/bfe_config/bfe_conf/testdata/conf_all/bfe.conf index a2c2f18f7..abc762f95 100644 --- a/bfe_config/bfe_conf/testdata/conf_all/bfe.conf +++ b/bfe_config/bfe_conf/testdata/conf_all/bfe.conf @@ -5,6 +5,8 @@ httpPort = 80 httpsPort = 443 # listen port for monitor request monitorPort = 8080 +# enable monitor server +MonitorEnabled = true # max number of CPUs to use maxCpus = 2 @@ -56,7 +58,7 @@ cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipherSuites=TLS_ECDHE_RSA_WITH_RC4_128_SHA cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -# supported curve perference settings +# supported curve preference settings # support curves: CurveP256, CurveP384, CurveP521 curvePreferences=CurveP521 diff --git a/bfe_config/bfe_conf/testdata/conf_basic/bfe_1.conf b/bfe_config/bfe_conf/testdata/conf_basic/bfe_1.conf index 5519d5b2e..2eccbc3d9 100644 --- a/bfe_config/bfe_conf/testdata/conf_basic/bfe_1.conf +++ b/bfe_config/bfe_conf/testdata/conf_basic/bfe_1.conf @@ -5,6 +5,8 @@ httpPort = 80 httpsPort = 443 # listen port for monitor request monitorPort = 8080 +# enable monitor server +MonitorEnabled = true # max number of CPUs to use maxCpus = 5 diff --git a/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_1.conf b/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_1.conf index bb14ff46d..c3298d19e 100644 --- a/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_1.conf +++ b/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_1.conf @@ -58,7 +58,7 @@ cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA cipherSuites=TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipherSuites=TLS_RSA_WITH_3DES_EDE_CBC_SHA -# supported curve perference settings +# supported curve preference settings # support curves: CurveP256, CurveP384, CurveP521 curvePreferences=CurveP256 diff --git a/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_2.conf b/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_2.conf index 586f85e0a..397668469 100644 --- a/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_2.conf +++ b/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_2.conf @@ -58,7 +58,7 @@ cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA cipherSuites=TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipherSuites=TLS_RSA_WITH_3DES_EDE_CBC_SHA -# supported curve perference settings +# supported curve preference settings # support curves: CurveP256, CurveP384, CurveP521 curvePreferences=CurveP256,CurveNotSupport diff --git a/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_3.conf b/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_3.conf index 46b82fc49..a2e849ee2 100644 --- a/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_3.conf +++ b/bfe_config/bfe_conf/testdata/conf_https_basic/bfe_3.conf @@ -60,7 +60,7 @@ cipherSuites=TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipherSuites=TLS_RSA_WITH_3DES_EDE_CBC_SHA cipherSuites=TLS_CIPHER_SUITES_NOT_SUPPORT -# supported curve perference settings +# supported curve preference settings # support curves: CurveP256, CurveP384, CurveP521 curvePreferences=CurveP256 diff --git a/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_1.conf b/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_1.conf index 60ff786c1..8cc4e3a25 100644 --- a/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_1.conf +++ b/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_1.conf @@ -59,7 +59,7 @@ cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA cipherSuites=TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipherSuites=TLS_RSA_WITH_3DES_EDE_CBC_SHA -# supported curve perference settings +# supported curve preference settings # support curves: CurveP256, CurveP384, CurveP521 curvePreferences=CurveP256 diff --git a/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_2.conf b/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_2.conf index 1f070c20e..6ab27bb18 100644 --- a/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_2.conf +++ b/bfe_config/bfe_conf/testdata/conf_session_cache/bfe_2.conf @@ -59,7 +59,7 @@ cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA cipherSuites=TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipherSuites=TLS_RSA_WITH_3DES_EDE_CBC_SHA -# supported curve perference settings +# supported curve preference settings # support curves: CurveP256, CurveP384, CurveP521 curvePreferences=CurveP256 diff --git a/bfe_config/bfe_tls_conf/tls_rule_conf/tls_rule_conf_load.go b/bfe_config/bfe_tls_conf/tls_rule_conf/tls_rule_conf_load.go index 39cbabaac..b9fc084dc 100644 --- a/bfe_config/bfe_tls_conf/tls_rule_conf/tls_rule_conf_load.go +++ b/bfe_config/bfe_tls_conf/tls_rule_conf/tls_rule_conf_load.go @@ -63,11 +63,11 @@ import ( // Notes about `SniConf`: // * SniConf represents an optional list of server names (hostname) // * When vip of incoming conn is missing or unknown: -// - If SniConf is configed, server will select tls rule conf by name (from tls sni extension) -// - Even through SniConf is not configed, server will try to select cert by name +// - If SniConf is configured, server will select tls rule conf by name (from tls sni extension) +// - Even through SniConf is not configured, server will try to select cert by name // // Notes about`ClientCAName`: -// * The CA certificate file is .crt under ClientCABaseDir configed in bfe.conf +// * The CA certificate file is .crt under ClientCABaseDir configured in bfe.conf // application level protocols over tls const ( diff --git a/bfe_fcgi/common.go b/bfe_fcgi/common.go index 45b4b53e2..e23e79737 100644 --- a/bfe_fcgi/common.go +++ b/bfe_fcgi/common.go @@ -15,6 +15,7 @@ // Copyright 2010 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. + package bfe_fcgi import ( diff --git a/bfe_fcgi/fcgi_client.go b/bfe_fcgi/fcgi_client.go index d37c8edac..3740b6af2 100644 --- a/bfe_fcgi/fcgi_client.go +++ b/bfe_fcgi/fcgi_client.go @@ -42,7 +42,7 @@ import ( "github.com/bfenetworks/bfe/bfe_net/textproto" ) -// FCGIListenSockFileno describes listen socket file number. +// FCGIListenSockFileNo describes listen socket file number. const FCGIListenSockFileNo uint8 = 0 // FCGIHeaderLen describes header length. @@ -99,7 +99,7 @@ const ( const ( // FCGIResponder is the responder flag. - FCGIResponser uint8 = iota + 1 + FCGIResponder uint8 = iota + 1 // FCGIAuthorizer is the authorizer flag. FCGIAuthorizer @@ -112,10 +112,10 @@ const ( // FCGIRequestComplete is the completed request flag. FCGIRequestComplete uint8 = iota - // FCGICantMultiplexConns is the multiplexed connections flag. + // FCGICantMpxConn is the multiplexed connections flag. FCGICantMpxConn - // FCGIOverloaded is the overloaded flag. + // FCGIOverLoaded is the overloaded flag. FCGIOverLoaded // FCGIUnknownRole is the unknown role flag. @@ -123,13 +123,13 @@ const ( ) const ( - // MaxConns is the maximum connections flag. + // FCGIMaxConns is the maximum connections flag. FCGIMaxConns string = "MAX_CONNS" - // MaxRequests is the maximum requests flag. + // FCGIMaxReqs is the maximum requests flag. FCGIMaxReqs string = "MAX_REQS" - // MultiplexConns is the multiplex connections flag. + // FCGIMpxsConns is the multiplex connections flag. FCGIMpxsConns string = "MPXS_CONNS" ) @@ -180,7 +180,7 @@ func (rec *record) read(r io.Reader) (buf []byte, err error) { if len(rec.rbuf) < n { rec.rbuf = make([]byte, n) } - if n, err = io.ReadFull(r, rec.rbuf[:n]); err != nil { + if _, err = io.ReadFull(r, rec.rbuf[:n]); err != nil { return } buf = rec.rbuf[:int(rec.h.ContentLength)] @@ -218,7 +218,7 @@ func Dial(network, address string) (fcgi *FCGIClient, err error) { return } -// Close closes fcgi connnection +// Close closes fcgi connection func (client *FCGIClient) Close() { client.rwc.Close() } @@ -397,7 +397,7 @@ func (w *streamReader) Read(p []byte) (n int, err error) { // Do made the request and returns a io.Reader that translates the data read // from fcgi responder out of fcgi packet before returning it. func (client *FCGIClient) Do(p map[string]string, req io.Reader) (r io.Reader, err error) { - err = client.writeBeginRequest(uint16(FCGIResponser), 0) + err = client.writeBeginRequest(uint16(FCGIResponder), 0) if err != nil { return } diff --git a/bfe_fcgi/transport.go b/bfe_fcgi/transport.go index 40675259f..f72aaac61 100644 --- a/bfe_fcgi/transport.go +++ b/bfe_fcgi/transport.go @@ -131,7 +131,7 @@ func buildMetaValsAndMethod(r *http.Request, root string, envVars map[string]str // https://tools.ietf.org/html/rfc3875#section-4.1.18 for key, val := range r.Header { - header := strings.Replace(strings.ToUpper(key), "-", "_", -1) + header := strings.ReplaceAll(strings.ToUpper(key), "-", "_") metaHeader.Add("HTTP_"+header, strings.Join(val, ", ")) } diff --git a/bfe_http/common.go b/bfe_http/common.go index 13378c283..4ce7f8909 100644 --- a/bfe_http/common.go +++ b/bfe_http/common.go @@ -15,6 +15,7 @@ // Copyright 2010 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. + package bfe_http import ( @@ -157,7 +158,7 @@ func (c ConnState) String() string { return stateName[c] } -// Objects implementing the Handler interface can be +// The Handler Objects implementing the Handler interface can be // registered to serve a particular path or subtree // in the HTTP server. // @@ -350,10 +351,10 @@ func (e TransportBrokenError) Error() string { } type FlowLimiter interface { - // check whether current connection should be accept or not + // AcceptConn check whether current connection should be accept or not AcceptConn() bool - // check whether current request should be accept or not + // AcceptRequest check whether current request should be accept or not AcceptRequest() bool } @@ -401,7 +402,7 @@ func (w *CloseWatcher) Stop() { w.done <- true } -// common interface for peeking data +// Peeker is common interface for peeking data type Peeker interface { Peek(n int) ([]byte, error) } diff --git a/bfe_http/header.go b/bfe_http/header.go index f316a983b..ca62914a7 100644 --- a/bfe_http/header.go +++ b/bfe_http/header.go @@ -60,7 +60,7 @@ func (h Header) Get(key string) string { } // Values returns all values associated with the given key. -// It is case insensitive; textproto.CanonicalMIMEHeaderKey is +// It is case-insensitive; textproto.CanonicalMIMEHeaderKey is // used to canonicalize the provided key. To use non-canonical // keys, access the map directly. // The returned slice is not a copy. @@ -99,7 +99,7 @@ func (h Header) Clone() Header { // Keys get all keys from header func (h Header) Keys() []string { - keys := make([]string, 0) + keys := make([]string, 0, len(h)) for key := range h { keys = append(keys, key) } diff --git a/bfe_http/request.go b/bfe_http/request.go index 6ba213584..9a96d5fa8 100644 --- a/bfe_http/request.go +++ b/bfe_http/request.go @@ -55,7 +55,7 @@ const ( // is either not present in the request or not a file field. var ErrMissingFile = errors.New("http: no such file") -// HTTP request parsing errors. +// ProtocolError is the error found during HTTP request parsing. type ProtocolError struct { ErrorString string } @@ -242,6 +242,8 @@ type RequestState struct { // BodySize is the size of request body. BodySize uint32 + + H2Fingerprint string } // ProtoAtLeast reports whether the HTTP protocol used @@ -552,7 +554,7 @@ func (r *Request) BasicAuth() (username, password string, ok bool) { // "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true). func parseBasicAuth(auth string) (username, password string, ok bool) { const prefix = "Basic " - // Case insensitive prefix match. See Issue 22736. + // Case-insensitive prefix match. See Issue 22736. if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) { return } diff --git a/bfe_http/request_test.go b/bfe_http/request_test.go index 0cb5b9660..76bb138cb 100644 --- a/bfe_http/request_test.go +++ b/bfe_http/request_test.go @@ -405,7 +405,7 @@ func testMissingFile(t *testing.T, req *Request) { } func newTestMultipartRequest(t *testing.T) *Request { - b := bytes.NewBufferString(strings.Replace(message, "\n", "\r\n", -1)) + b := bytes.NewBufferString(strings.ReplaceAll(message, "\n", "\r\n")) req, err := NewRequest(MethodPost, "/", b) if err != nil { t.Fatal("NewRequest:", err) @@ -498,7 +498,7 @@ Content-Disposition: form-data; name="textb" func benchmarkReadRequest(b *testing.B, request string) { request += "\n" // final \n - request = strings.Replace(request, "\n", "\r\n", -1) // expand \n to \r\n + request = strings.ReplaceAll(request, "\n", "\r\n") // expand \n to \r\n b.SetBytes(int64(len(request))) r := bfe_bufio.NewReader(&infiniteReader{buf: []byte(request)}) b.ReportAllocs() diff --git a/bfe_http/response.go b/bfe_http/response.go index 2386e9abd..0b216f5a0 100644 --- a/bfe_http/response.go +++ b/bfe_http/response.go @@ -41,8 +41,8 @@ var respExcludeHeader = map[string]bool{ "Trailer": true, } -// The SignCalculater interface is used to calculate signature for response -type SignCalculater interface { +// The SignCalculator interface is used to calculate signature for response +type SignCalculator interface { CalcSign(feature string) string } @@ -86,7 +86,7 @@ type Response struct { TransferEncoding []string // Signer calculate signature for response - Signer SignCalculater + Signer SignCalculator // Close records whether the header directed that the connection be // closed after reading Body. The value is advice for clients: neither diff --git a/bfe_http/transfer.go b/bfe_http/transfer.go index e02d91e3b..a6daeb6dd 100644 --- a/bfe_http/transfer.go +++ b/bfe_http/transfer.go @@ -540,10 +540,7 @@ func shouldClose(major, minor int, header Header) bool { if major < 1 { return true } else if major == 1 && minor == 0 { - if !strings.Contains(strings.ToLower(header.GetDirect("Connection")), "keep-alive") { - return true - } - return false + return !strings.Contains(strings.ToLower(header.GetDirect("Connection")), "keep-alive") } else { // TODO: Should split on commas, toss surrounding white space, // and check each field. diff --git a/bfe_http/transport.go b/bfe_http/transport.go index 84091b63e..a322338af 100644 --- a/bfe_http/transport.go +++ b/bfe_http/transport.go @@ -380,10 +380,13 @@ func (t *Transport) putIdleConn(pconn *persistConn) bool { if t.idleConn == nil { t.idleConn = make(map[string][]*persistConn) } + // evict the oldest connection when idleConn exceed its limits. if len(t.idleConn[key]) >= max { + oldest := t.idleConn[key][0] + t.idleConn[key] = append(t.idleConn[key][1:], pconn) t.idleMu.Unlock() - pconn.close() - return false + oldest.close() + return true } for _, exist := range t.idleConn[key] { if exist == pconn { diff --git a/bfe_http2/fingerprint.go b/bfe_http2/fingerprint.go new file mode 100644 index 000000000..e9bf0287f --- /dev/null +++ b/bfe_http2/fingerprint.go @@ -0,0 +1,185 @@ +// Copyright (c) 2022 The BFE Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package bfe_http2 + +import ( + "bytes" + "fmt" + "strings" + "sync" +) + +type fingerprint struct { + lock sync.RWMutex + + // serverConn are reused in stream and needs to prevent duplicate parsing. + calculated bool + windowUpdate uint32 + + settings []Setting + priorities []string + pseudoHeaders []byte + + // the final value of the fingerprint. + value string +} + +func newFingerprint() *fingerprint { + return &fingerprint{ + // the average number of settings here may be 6, + // but with repeated settings, it could more than 6. + settings: make([]Setting, 0, 6), + // the average number of priority frame here may be 5. + priorities: make([]string, 0, 5), + // any legitimate request will have 3-4 headers. + pseudoHeaders: make([]byte, 0, 4), + } +} + +// the readFrameResult will no longer exist if readFrames again, +// so it is necessary to save the fingerprint information with plain value. +func (fp *fingerprint) ProcessFrame(res readFrameResult) { + fp.lock.Lock() + defer fp.lock.Unlock() + + // once the fingerprint is used, we should not process frame again. + if fp.calculated { + return + } + + // if error occured, the frame will also discard by h2. + if res.err != nil { + return + } + + switch f := res.f.(type) { + case *SettingsFrame: + f.ForeachSetting(func(s Setting) error { + fp.settings = append(fp.settings, s) + return nil + }) + case *WindowUpdateFrame: + if fp.windowUpdate > 0 { + break + } + fp.windowUpdate = f.Increment + case *PriorityFrame: + fp.processPriority(f.StreamID, f.PriorityParam) + case *MetaHeadersFrame: + if f.HasPriority() { + fp.processPriority(f.StreamID, f.Priority) + } + for _, field := range f.Fields { + switch field.Name { + case ":method", ":path", ":scheme", ":authority": + fp.pseudoHeaders = append(fp.pseudoHeaders, field.Name[1]) + default: + continue + } + } + default: + return + } +} + +func (fp *fingerprint) processPriority(sid uint32, f PriorityParam) { + exclusive := 0 + if f.Exclusive { + exclusive = 1 + } + + fp.priorities = append( + fp.priorities, + fmt.Sprintf("%d:%d:%d:%d", sid, exclusive, f.StreamDep, f.Weight), + ) +} + +func (fp *fingerprint) Calculate() string { + fp.lock.Lock() + defer fp.lock.Unlock() + + if fp.calculated { + return fp.value + } + + buf := bytes.NewBuffer([]byte{}) + + // if there are multiple occurrences, + // we only take the first as the order of the setting key. + finalSettingVals := make(map[SettingID]uint32, 6) + // use the final setting value as the fingerprint. + finalSettingSet := make([]SettingID, 0, 6) + settingExist := func(id SettingID) bool { + for _, fid := range finalSettingSet { + if fid == id { + return true + } + } + return false + } + for _, setting := range fp.settings { + // we just pick legal SettingID + if _, ok := settingName[setting.ID]; !ok { + continue + } + finalSettingVals[setting.ID] = setting.Val + if !settingExist(setting.ID) { + finalSettingSet = append(finalSettingSet, setting.ID) + } + } + for _, fid := range finalSettingSet { + fmt.Fprintf(buf, "%d:%d;", fid, finalSettingVals[fid]) + } + if len(fp.settings) > 0 { + buf.Truncate(buf.Len() - 1) + } + + buf.WriteByte('|') + if fp.windowUpdate == 0 { + buf.WriteString("00") + } else { + fmt.Fprintf(buf, "%d", fp.windowUpdate) + } + + buf.WriteByte('|') + if len(fp.priorities) == 0 { + buf.WriteByte('0') + } else { + buf.WriteString(strings.Join(fp.priorities, ",")) + } + + buf.WriteByte('|') + for k, v := range fp.pseudoHeaders { + buf.WriteByte(v) + if k < len(fp.pseudoHeaders)-1 { + buf.WriteByte(',') + } + } + + fp.calculated = true + fp.value = buf.String() + return fp.value +} + +func (fp *fingerprint) Get() string { + fp.lock.RLock() + value, ok := fp.value, fp.calculated + fp.lock.RUnlock() + if ok { + return value + } + + return fp.Calculate() +} diff --git a/bfe_http2/fingerprint_test.go b/bfe_http2/fingerprint_test.go new file mode 100644 index 000000000..90d3731cc --- /dev/null +++ b/bfe_http2/fingerprint_test.go @@ -0,0 +1,328 @@ +// Copyright (c) 2022 The BFE Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package bfe_http2 + +import ( + "bytes" + "fmt" + "strings" + "testing" +) + +import ( + "github.com/bfenetworks/bfe/bfe_http2/hpack" +) + +func TestNewFingerprintWithCalculate(t *testing.T) { + fp := newFingerprint() + if got, want := fp.Calculate(), "|00|0|"; got != want { + t.Errorf("Calculate result = %s; want %s", got, want) + } + + fr, _ := testFramer() + settings := []Setting{{1, 2}, {3, 4}} + fr.WriteSettings(settings...) + f, err := fr.ReadFrame() + if err != nil { + t.Fatal(err) + } + fp.ProcessFrame(readFrameResult{f, nil, func() {}}) + if got, want := fp.Calculate(), "|00|0|"; got != want { + t.Errorf("Calculate result = %s; want %s", got, want) + } +} + +func TestNewFingerprintSettingsFrame(t *testing.T) { + fp := newFingerprint() + fr, _ := testFramer() + settings := []Setting{ + {0, 1}, {1, 2}, {2, 3}, {3, 4}, {4, 5}, {5, 6}, {6, 7}, {7, 8}, {1, 10}, + } + fr.WriteSettings(settings...) + f, err := fr.ReadFrame() + if err != nil { + t.Fatal(err) + } + fp.ProcessFrame(readFrameResult{f, nil, func() {}}) + if got, want := fp.Calculate(), "1:10;2:3;3:4;4:5;5:6;6:7|00|0|"; got != want { + t.Errorf("Calculate result = %s; want %s", got, want) + } +} + +func TestNewFingerprintWindowUpdateFrame(t *testing.T) { + fp := newFingerprint() + fr, _ := testFramer() + var i uint32 + for i = 1; i < 3; i++ { + fr.WriteWindowUpdate(0, i) + } + for i = 1; i < 3; i++ { + f, err := fr.ReadFrame() + if err != nil { + t.Fatal(err) + } + fp.ProcessFrame(readFrameResult{f, nil, func() {}}) + } + if got, want := fp.Calculate(), "|1|0|"; got != want { + t.Errorf("Calculate result = %s; want %s", got, want) + } +} + +func TestNewFingerprintPriorityFrame(t *testing.T) { + fp := newFingerprint() + fr, _ := testFramer() + priorities := []string{} + var i uint32 + for i = 1; i < 4; i++ { + exclusive := 0 + if i%2 == 1 { + exclusive = 1 + } + priorities = append(priorities, fmt.Sprintf("%d:%d:%d:%d", i, exclusive, i-1, uint8(i)*10)) + fr.WritePriority(i, PriorityParam{ + StreamDep: i - 1, + Exclusive: i%2 == 1, + Weight: uint8(i) * 10, + }) + } + for i = 1; i < 4; i++ { + f, err := fr.ReadFrame() + if err != nil { + t.Fatal(err) + } + fp.ProcessFrame(readFrameResult{f, nil, func() {}}) + } + if got, want := fp.Calculate(), fmt.Sprintf("|00|%s|", strings.Join(priorities, ",")); got != want { + t.Errorf("Calculate result = %s; want %s", got, want) + } +} + +func TestNewFingerprintMetaHeadersFrame(t *testing.T) { + write := func(f *Framer, priority PriorityParam, frags ...[]byte) { + for i, frag := range frags { + end := (i == len(frags)-1) + if i == 0 { + f.WriteHeaders(HeadersFrameParam{ + StreamID: 1, + BlockFragment: frag, + EndHeaders: end, + Priority: priority, + }) + } else { + f.WriteContinuation(1, end, frag) + } + } + } + + tests := [...]struct { + name string + w func(*Framer) + want string + hasErr bool + }{ + { + name: "firefox headers", + w: func(f *Framer) { + var he hpackEncoder + all := he.encodeHeaderRaw(t, + ":method", "GET", ":path", "/", ":authority", "", ":scheme", "https") + write(f, PriorityParam{ + StreamDep: 10, + Exclusive: true, + Weight: 11, + }, all) + }, + want: "|00|1:1:10:11|m,p,a,s", + }, + { + name: "chrome headers", + w: func(f *Framer) { + var he hpackEncoder + all := he.encodeHeaderRaw(t, + ":method", "GET", ":authority", "", ":scheme", "https", ":path", "/") + write(f, PriorityParam{}, all) + }, + want: "|00|0|m,a,s,p", + }, + { + name: "safari headers", + w: func(f *Framer) { + var he hpackEncoder + all := he.encodeHeaderRaw(t, + ":method", "GET", ":scheme", "https", ":path", "/", ":authority", "") + write(f, PriorityParam{ + StreamDep: 2, + Exclusive: false, + Weight: 22, + }, all) + }, + want: "|00|1:0:2:22|m,s,p,a", + }, + { + name: "safari headers with illegal Pseudo Heade", + w: func(f *Framer) { + var he hpackEncoder + all := he.encodeHeaderRaw(t, + ":method", "GET", ":scheme", "https", ":path", "/", ":authority", "", ":auth", "empty") + write(f, PriorityParam{ + StreamDep: 2, + Exclusive: false, + Weight: 22, + }, all) + }, + want: "|00|0|", + hasErr: true, + }, + } + for _, tt := range tests { + buf := new(bytes.Buffer) + f := NewFramer(buf, buf) + f.ReadMetaHeaders = hpack.NewDecoder(initialHeaderTableSize, nil) + tt.w(f) + + got, err := f.ReadFrame() + if err != nil && !tt.hasErr { + t.Fatal(err) + t.Errorf("%s: %v\n", tt.name, err) + } + + fp := newFingerprint() + fp.ProcessFrame(readFrameResult{got, err, func() {}}) + if got, want := fp.Calculate(), tt.want; got != want { + t.Errorf("Calculate result = %s; want %s", got, want) + } + } +} + +func TestNewFingerprintWithFakeBrowsers(t *testing.T) { + writeHeaders := func( + f *Framer, streamId uint32, priority PriorityParam, frags ...[]byte, + ) { + for i, frag := range frags { + end := (i == len(frags)-1) + if i == 0 { + err := f.WriteHeaders(HeadersFrameParam{ + StreamID: streamId, + BlockFragment: frag, + EndHeaders: end, + Priority: priority, + }) + if err != nil { + t.Errorf("%s", err) + } + } else { + if err := f.WriteContinuation(1, end, frag); err != nil { + t.Errorf("%s", err) + } + } + } + } + + newSetting := func(settings []Setting) readFrameResult { + fr, _ := testFramer() + fr.WriteSettings(settings...) + f, err := fr.ReadFrame() + return readFrameResult{f, err, func() {}} + } + + newWindowUpdate := func(streamID uint32, incr uint32) readFrameResult { + fr, _ := testFramer() + fr.WriteWindowUpdate(streamID, incr) + f, err := fr.ReadFrame() + return readFrameResult{f, err, func() {}} + } + + newPriority := func(streamID, streamDep uint32, exclusive bool, weight uint8) readFrameResult { + fr, _ := testFramer() + fr.WritePriority(streamID, PriorityParam{ + StreamDep: streamDep, + Exclusive: exclusive, + Weight: weight, + }) + f, err := fr.ReadFrame() + return readFrameResult{f, err, func() {}} + } + + newHeader := func( + streamID uint32, headers []string, priorityParam PriorityParam, + ) readFrameResult { + buf := new(bytes.Buffer) + f := NewFramer(buf, buf) + f.AllowIllegalWrites = true + f.ReadMetaHeaders = hpack.NewDecoder(initialHeaderTableSize, nil) + + var he hpackEncoder + all := he.encodeHeaderRaw(t, headers...) + writeHeaders(f, streamID, priorityParam, all) + + got, err := f.ReadFrame() + return readFrameResult{got, err, func() {}} + } + + tests := [...]struct { + name string + frames []readFrameResult + want string + hasErr bool + }{ + { + name: "firefox", + frames: []readFrameResult{ + newSetting([]Setting{{1, 65536}, {4, 131072}, {5, 16384}}), + newWindowUpdate(0, 12517377), + newPriority(3, 0, false, 200), + newPriority(5, 0, false, 100), + newPriority(7, 0, false, 0), + newPriority(9, 7, false, 0), + newPriority(11, 3, false, 0), + newPriority(13, 0, false, 240), + newHeader( + 15, + []string{":method", "GET", ":path", "/", ":authority", "", ":scheme", "https"}, + PriorityParam{ + StreamDep: 13, + Exclusive: false, + Weight: 41, + }), + }, + want: "1:65536;4:131072;5:16384|12517377|3:0:0:200,5:0:0:100,7:0:0:0,9:0:7:0,11:0:3:0,13:0:0:240,15:0:13:41|m,p,a,s", + }, + { + name: "edge", + frames: []readFrameResult{ + newSetting([]Setting{{1, 65536}, {3, 1000}, {4, 6291456}, {6, 262144}}), + newWindowUpdate(0, 15663105), + newHeader( + 1, + []string{":method", "GET", ":authority", "", ":scheme", "https", ":path", "/"}, + PriorityParam{ + StreamDep: 0, + Exclusive: true, + Weight: 255, + }), + }, + want: "1:65536;3:1000;4:6291456;6:262144|15663105|1:1:0:255|m,a,s,p", + }, + } + for _, tt := range tests { + fp := newFingerprint() + for _, f := range tt.frames { + fp.ProcessFrame(f) + } + if got, want := fp.Calculate(), tt.want; got != want { + t.Errorf("Calculate (%s) result = %s; want %s", tt.name, got, want) + } + } +} diff --git a/bfe_http2/frame_test.go b/bfe_http2/frame_test.go index 6cdd48ddd..04d20ed7e 100644 --- a/bfe_http2/frame_test.go +++ b/bfe_http2/frame_test.go @@ -815,7 +815,7 @@ func TestReadFrameOrder(t *testing.T) { continue } if !((f.errDetail == nil && tt.wantErr == "") || (fmt.Sprint(f.errDetail) == tt.wantErr)) { - t.Errorf("%d. framer eror = %q; want %q\n%s", i, f.errDetail, tt.wantErr, log.Bytes()) + t.Errorf("%d. framer error = %q; want %q\n%s", i, f.errDetail, tt.wantErr, log.Bytes()) } if n < tt.atLeast { t.Errorf("%d. framer only read %d frames; want at least %d\n%s", i, n, tt.atLeast, log.Bytes()) diff --git a/bfe_http2/hpack/encode_test.go b/bfe_http2/hpack/encode_test.go index ce6818946..c882c208a 100644 --- a/bfe_http2/hpack/encode_test.go +++ b/bfe_http2/hpack/encode_test.go @@ -341,5 +341,5 @@ func TestEncoderSetMaxDynamicTableSizeLimit(t *testing.T) { } func removeSpace(s string) string { - return strings.Replace(s, " ", "", -1) + return strings.ReplaceAll(s, " ", "") } diff --git a/bfe_http2/hpack/hpack.go b/bfe_http2/hpack/hpack.go index e4078ba37..21f1e6f66 100644 --- a/bfe_http2/hpack/hpack.go +++ b/bfe_http2/hpack/hpack.go @@ -279,7 +279,7 @@ func (d *Decoder) at(i uint64) (hf HeaderField, ok bool) { return dents[len(dents)-(int(i)-len(staticTable))], true } -// Decode decodes an entire block. +// DecodeFull decodes an entire block. // // TODO: remove this method and make it incremental later? This is // easier for debugging now. diff --git a/bfe_http2/hpack/hpack_test.go b/bfe_http2/hpack/hpack_test.go index 778526146..4cc24b816 100644 --- a/bfe_http2/hpack/hpack_test.go +++ b/bfe_http2/hpack/hpack_test.go @@ -556,7 +556,7 @@ func TestHuffmanDecode(t *testing.T) { } for i, tt := range tests { var buf bytes.Buffer - in, err := hex.DecodeString(strings.Replace(tt.inHex, " ", "", -1)) + in, err := hex.DecodeString(strings.ReplaceAll(tt.inHex, " ", "")) if err != nil { t.Errorf("%d. hex input error: %v", i, err) continue @@ -589,7 +589,7 @@ func TestAppendHuffmanString(t *testing.T) { } for i, tt := range tests { buf := []byte{} - want := strings.Replace(tt.want, " ", "", -1) + want := strings.ReplaceAll(tt.want, " ", "") buf = AppendHuffmanString(buf, tt.in) if got := hex.EncodeToString(buf); want != got { t.Errorf("%d. encode = %q; want %q", i, got, want) @@ -758,8 +758,8 @@ func TestHuffmanFuzzCrash(t *testing.T) { } func dehex(s string) []byte { - s = strings.Replace(s, " ", "", -1) - s = strings.Replace(s, "\n", "", -1) + s = strings.ReplaceAll(s, " ", "") + s = strings.ReplaceAll(s, "\n", "") b, err := hex.DecodeString(s) if err != nil { panic(err) diff --git a/bfe_http2/http2.go b/bfe_http2/http2.go index edcb6c3d1..477e7e292 100644 --- a/bfe_http2/http2.go +++ b/bfe_http2/http2.go @@ -16,7 +16,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package http2 implements the HTTP/2 protocol. +// Package bfe_http2 implements the HTTP/2 protocol. // // This package is low-level and intended to be used directly by very // few people. Most users will use it indirectly through the automatic @@ -556,7 +556,7 @@ type ServerRule interface { GetHTTP2Rule(conn *tls.Conn) *Rule } -// customized http2 config for specific conn in server side +// Rule is customized http2 config for specific conn in server side type Rule struct { // MaxConcurrentStreams optionally specifies the number of // concurrent streams for current conn diff --git a/bfe_http2/server.go b/bfe_http2/server.go index 9ccc0945c..a189cacce 100644 --- a/bfe_http2/server.go +++ b/bfe_http2/server.go @@ -371,6 +371,8 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) { readClientAgainTimeout: defaultReadClientAgainTimeout, timeoutEventCh: make(chan timeoutEventElem, s.maxConcurrentStreams(r)), timeoutValueCh: make(chan timeoutValueElem, s.maxConcurrentStreams(r)), + + fingerprint: newFingerprint(), } sc.flow.add(initialWindowSize) sc.inflow.add(initialWindowSize) @@ -411,6 +413,7 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) { return } + //lint:ignore SA9003 empty branch if sc.tlsState.ServerName == "" { // Client must use SNI, but we don't enforce that anymore, // since it was causing problems when connecting to bare IP @@ -472,7 +475,7 @@ func isBadCipher(cipher uint16) bool { func (sc *serverConn) rejectConn(err ErrCode, debug string) { log.Logger.Info("http2: server rejecting conn: %v, %s", err, debug) // ignoring errors. hanging up anyway. - // The last stream indentifier can be set to 0 if no streams were + // The last stream identifier can be set to 0 if no streams were // processed. See RFC 7540 Section 6.8 sc.framer.WriteGoAway(0, err, []byte(debug)) sc.bw.Flush() @@ -544,6 +547,9 @@ type serverConn struct { // when save timeout, ServeHTTP() routine write to chan // main routine read from chan timeoutValueCh chan timeoutValueElem + + // the parts to calculate fingerprint + fingerprint *fingerprint } // timeout event @@ -884,6 +890,8 @@ func (sc *serverConn) serve() { if !sc.processFrameFromReader(res) { return } + // collect HTTP/2 fingerprint infomation. + sc.fingerprint.ProcessFrame(res) res.readMore() if settingsTimer.C != nil { settingsTimer.Stop() @@ -925,7 +933,7 @@ func (sc *serverConn) serve() { // hand timeout event for stream timeout, stream timeout, rst stream func (sc *serverConn) handleTimeout(ch timeoutEventElem) { tag := ch.tag - errMsg := fmt.Sprintf("%s timeout, reseting frame id[%d] from %v", + errMsg := fmt.Sprintf("%s timeout, resetting frame id[%d] from %v", tag.String(), ch.streamID, sc.conn.RemoteAddr()) // stream timeout, rst the stream errRst := StreamError{ch.streamID, ErrCodeProtocol, errMsg} @@ -1659,7 +1667,7 @@ func (sc *serverConn) processData(f *DataFrame) error { func (st *stream) stopTimeoutTimer() { // stop readTimeoutTimer in case of some abnormal cases where // endStream() can not be called() - // e.g. 1.POST request && 2.bfe NOT recevied all body && 3.stream rst by BFE + // e.g. 1.POST request && 2.bfe NOT received all body && 3.stream rst by BFE if t := st.readTimeoutTimer; t != nil { t.Stop() } @@ -2050,6 +2058,7 @@ func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler } rw.handlerDone() }() + req.State.H2Fingerprint = sc.fingerprint.Get() handler(rw, req) didPanic = false } @@ -2396,7 +2405,7 @@ const TrailerPrefix = "Trailer:" // trailers. That worked for a while, until we found the first major // user of Trailers in the wild: gRPC (using them only over http2), // and gRPC libraries permit setting trailers mid-stream without -// predeclarnig them. So: change of plans. We still permit the old +// predeclaring them. So: change of plans. We still permit the old // way, but we also permit this hack: if a Header() key begins with // "Trailer:", the suffix of that key is a Trailer. Because ':' is an // invalid token byte anyway, there is no ambiguity. (And it's already @@ -2511,7 +2520,7 @@ func cloneHeader(h http.Header) http.Header { // // * Handler calls w.Write or w.WriteString -> // * -> rws.bw (*bufio.Writer) -> -// * (Handler migth call Flush) +// * (Handler might call Flush) // * -> chunkWriter{rws} // * -> responseWriterState.writeChunk(p []byte) // * -> responseWriterState.writeChunk (most of the magic; see comment there) diff --git a/bfe_http2/server_test.go b/bfe_http2/server_test.go index a37650f85..09c7a44f4 100644 --- a/bfe_http2/server_test.go +++ b/bfe_http2/server_test.go @@ -2366,7 +2366,7 @@ func testServerWritesTrailers(t *testing.T, withFlush bool) { w.Header().Set("Server-Trailer-A", "valuea") w.Header().Set("Server-Trailer-C", "valuec") // skipping B // After a flush, random keys like Server-Surprise shouldn't show up: - w.Header().Set("Server-Surpise", "surprise! this isn't predeclared!") + w.Header().Set("Server-Surprise", "surprise! this isn't predeclared!") // But we do permit promoting keys to trailers after a // flush if they start with the magic // otherwise-invalid "Trailer:" prefix: @@ -3000,7 +3000,6 @@ func TestNoRstPostAfterGOAWAY(t *testing.T) { } if gf, ok := f.(*RSTStreamFrame); ok && gf.StreamID == 1 { t.Fatal("got rst but want no ret") - break } } diff --git a/bfe_http2/write.go b/bfe_http2/write.go index 5a5db229a..efc8a7378 100644 --- a/bfe_http2/write.go +++ b/bfe_http2/write.go @@ -260,7 +260,7 @@ func (wu *writeWindowUpdate) String() string { } func encodeHeaders(enc *hpack.Encoder, h http.Header, keys []string) int { - headerSize := 0 // orignal header size + headerSize := 0 // original header size if keys == nil { sorter := sorterPool.Get().(*sorter) // Using defer here, since the returned keys from the diff --git a/bfe_http2/writesched.go b/bfe_http2/writesched.go index 52b4ea37d..6f05bbda6 100644 --- a/bfe_http2/writesched.go +++ b/bfe_http2/writesched.go @@ -166,7 +166,7 @@ func (ws *writeScheduler) take() (wm frameWriteMsg, ok bool) { return ws.takeFrom(q.streamID(), q) } -// zeroCanSend is defered from take. +// zeroCanSend is deferred from take. func (ws *writeScheduler) zeroCanSend() { for i := range ws.canSend { ws.canSend[i] = nil diff --git a/bfe_http2/z_spec_test.go b/bfe_http2/z_spec_test.go index 215fb717b..cac1960ce 100644 --- a/bfe_http2/z_spec_test.go +++ b/bfe_http2/z_spec_test.go @@ -323,7 +323,7 @@ func TestSpecCoverage(t *testing.T) { t.Errorf("\tSECTION %s: %s", p.section, p.sentence) } - t.Logf("%d/%d (%d%%) sentances covered", complete, total, (complete/total)*100) + t.Logf("%d/%d (%d%%) sentences covered", complete, total, (complete/total)*100) } func attrSig(se xml.StartElement) string { diff --git a/bfe_module/bfe_filter.go b/bfe_module/bfe_filter.go index 7cbe700d9..9ed23fd26 100644 --- a/bfe_module/bfe_filter.go +++ b/bfe_module/bfe_filter.go @@ -32,7 +32,7 @@ // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER // DEALINGS IN THE SOFTWARE. -// bfe_fileter.go define filter for various scenarios. +// bfe_filter.go define filter for various scenarios. // AcceptFilter: filter after accept connection from client // RequestFilter: filter after get http request from client // ForwardFilter: filter before forward http request to backend diff --git a/bfe_module/bfe_handler_list.go b/bfe_module/bfe_handler_list.go index cbf7bc235..f6970be58 100644 --- a/bfe_module/bfe_handler_list.go +++ b/bfe_module/bfe_handler_list.go @@ -32,29 +32,29 @@ import ( // HandlerList type. const ( - // for AcceptFilter + // HandlersAccept for AcceptFilter HandlersAccept = iota - // for RequestFilter + // HandlersRequest for RequestFilter HandlersRequest - // for ForwardFilter + // HandlersForward for ForwardFilter HandlersForward - // for ResponseFilter + // HandlersResponse for ResponseFilter HandlersResponse - // for FinishFilter + // HandlersFinish for FinishFilter HandlersFinish ) // Return value of handler. const ( - // to close the connection after response + // BfeHandlerFinish to close the connection after response BfeHandlerFinish = iota - // to go on next handler + // BfeHandlerGoOn to go on next handler BfeHandlerGoOn - // to redirect + // BfeHandlerRedirect to redirect BfeHandlerRedirect - // to send response + // BfeHandlerResponse to send response BfeHandlerResponse - // to close the connection directly, with no data sent. + // BfeHandlerClose to close the connection directly, with no data sent. BfeHandlerClose ) diff --git a/bfe_module/bfe_plugin.go b/bfe_module/bfe_plugin.go index 7cdb00e48..0f760616d 100644 --- a/bfe_module/bfe_plugin.go +++ b/bfe_module/bfe_plugin.go @@ -32,7 +32,7 @@ type BfePlugins struct { workPlugins map[string]*PluginInfo // work plugins, configure in bfe conf file } -// NewPlugins create new Plugins +// NewBfePlugins create new Plugins func NewBfePlugins() *BfePlugins { pl := new(BfePlugins) pl.workPlugins = make(map[string]*PluginInfo) diff --git a/bfe_modules/mod_access/conf_mod_access.go b/bfe_modules/mod_access/conf_mod_access.go index 9790d5c79..357808df4 100644 --- a/bfe_modules/mod_access/conf_mod_access.go +++ b/bfe_modules/mod_access/conf_mod_access.go @@ -31,8 +31,8 @@ type ConfModAccess struct { Log access_log.LogConfig Template struct { - RequestTemplate string // access log formate string - SessionTemplate string // session finish log formate string + RequestTemplate string // access log format string + SessionTemplate string // session finish log format string } } diff --git a/bfe_modules/mod_access/session_log.go b/bfe_modules/mod_access/session_log.go index bc8b7ed90..e28f12d9b 100644 --- a/bfe_modules/mod_access/session_log.go +++ b/bfe_modules/mod_access/session_log.go @@ -102,7 +102,7 @@ func onLogFmtSesOverhead(m *ModuleAccess, logItem *LogFmtItem, buff *bytes.Buffe return errors.New("session is nil") } - msg := fmt.Sprintf("%s", session.Overhead.String()) + msg := session.Overhead.String() buff.WriteString(msg) return nil diff --git a/bfe_modules/mod_auth_request/auth_request_rule_load.go b/bfe_modules/mod_auth_request/auth_request_rule_load.go index 71980afdf..96b34f5b9 100644 --- a/bfe_modules/mod_auth_request/auth_request_rule_load.go +++ b/bfe_modules/mod_auth_request/auth_request_rule_load.go @@ -24,13 +24,11 @@ import ( "github.com/bfenetworks/bfe/bfe_util/json" ) -// rule loaded from file type AuthRequestRuleFile struct { Version string Config ProductRuleRawList // product => raw rule list } -// rule conf parsed from rule file type AuthRequestRuleConf struct { Version string Config ProductRuleList // product => rule list @@ -38,7 +36,7 @@ type AuthRequestRuleConf struct { type AuthRequestRuleRaw struct { Cond string // condition - Enable bool // whether enable auth reqeust + Enable bool // whether enable auth request } type ProductRuleRawList map[string]RuleRawList // product => raw rule list diff --git a/bfe_modules/mod_auth_request/conf_mod_auth_request_test.go b/bfe_modules/mod_auth_request/conf_mod_auth_request_test.go index 10d78f54c..3923bd23e 100644 --- a/bfe_modules/mod_auth_request/conf_mod_auth_request_test.go +++ b/bfe_modules/mod_auth_request/conf_mod_auth_request_test.go @@ -22,12 +22,12 @@ import ( func TestConfLoadCase1(t *testing.T) { cfg, err := ConfLoad("testdata/mod_auth_request/mod_auth_request.conf", "testdata") if err != nil { - t.Fatalf("shoule have no error, but error is %v", err) + t.Fatalf("should have no error, but error is %v", err) } expectDataPath := "testdata/mod_auth_request/auth_request_rule_test.data" if cfg.Basic.DataPath != expectDataPath { - t.Fatalf("cfg.Basic.DataPath shoule %s, but it's %s", expectDataPath, cfg.Basic.DataPath) + t.Fatalf("cfg.Basic.DataPath should %s, but it's %s", expectDataPath, cfg.Basic.DataPath) } if cfg.Log.OpenDebug != false { diff --git a/bfe_modules/mod_auth_request/mod_auth_request_test.go b/bfe_modules/mod_auth_request/mod_auth_request_test.go index 20a1e483a..263f58c68 100644 --- a/bfe_modules/mod_auth_request/mod_auth_request_test.go +++ b/bfe_modules/mod_auth_request/mod_auth_request_test.go @@ -50,12 +50,12 @@ func TestLoadRuleData(t *testing.T) { } if modVersion != expectModVersion { - t.Fatalf("version shoule be %s, but it's %s", expectModVersion, modVersion) + t.Fatalf("version should be %s, but it's %s", expectModVersion, modVersion) } expectVersion := "auth_request_rule_version" if m.ruleTable.version != expectVersion { - t.Fatalf("version shoule be %s, but it's %s", expectVersion, m.ruleTable.version) + t.Fatalf("version should be %s, but it's %s", expectVersion, m.ruleTable.version) } ruleList, ok := m.ruleTable.productRule[expectProduct] @@ -112,7 +112,7 @@ func TestCreateAuthRequest(t *testing.T) { func TestCheckAuthForbidden(t *testing.T) { m := NewModuleAuthRequest() - req, _ := bfe_http.NewRequest(http.MethodGet, "http://exapmle.org", nil) + req, _ := bfe_http.NewRequest(http.MethodGet, "http://example.org", nil) basicReq := bfe_basic.NewRequest(req, nil, nil, nil, nil) resp := new(http.Response) resp.Header = make(http.Header) diff --git a/bfe_modules/mod_cors/conf_mod_cors_test.go b/bfe_modules/mod_cors/conf_mod_cors_test.go index ec50c688e..5501ec3f3 100644 --- a/bfe_modules/mod_cors/conf_mod_cors_test.go +++ b/bfe_modules/mod_cors/conf_mod_cors_test.go @@ -21,12 +21,12 @@ import ( func TestConfLoadCase1(t *testing.T) { cfg, err := ConfLoad("testdata/mod_cors/mod_cors.conf", "testdata") if err != nil { - t.Fatalf("shoule have no error, but error is %v", err) + t.Fatalf("should have no error, but error is %v", err) } expectDataPath := "testdata/mod_cors/cors_rule.data" if cfg.Basic.DataPath != expectDataPath { - t.Fatalf("cfg.Basic.DataPath shoule %s, but it's %s", expectDataPath, cfg.Basic.DataPath) + t.Fatalf("cfg.Basic.DataPath should %s, but it's %s", expectDataPath, cfg.Basic.DataPath) } if cfg.Log.OpenDebug != false { diff --git a/bfe_modules/mod_cors/cors_rule_load.go b/bfe_modules/mod_cors/cors_rule_load.go index dd59bcd01..a10c34da1 100644 --- a/bfe_modules/mod_cors/cors_rule_load.go +++ b/bfe_modules/mod_cors/cors_rule_load.go @@ -116,7 +116,7 @@ func ruleConvert(rawRule CorsRuleRaw) (*CorsRule, error) { // the value tells browsers to allow requesting code from any origin to access the resource. // Attempting to use the wildcard with credentials will result in an error. // null: Specifies the origin "null". - // %origin: Specifies the orign from the request header "Origin" + // %origin: Specifies the origin from the request header "Origin" for _, allowOrigin := range rawRule.AccessControlAllowOrigins { if strings.HasPrefix(allowOrigin, "%") && allowOrigin != "%origin" { return nil, fmt.Errorf("AccessControlAllowOrigins %s is not supported", allowOrigin) @@ -127,7 +127,7 @@ func ruleConvert(rawRule CorsRuleRaw) (*CorsRule, error) { } if allowOrigin == "*" && rawRule.AccessControlAllowCredentials { - return nil, fmt.Errorf("AccessControlAllowCredentials can not be ture when AccessControlAllowOrigins is *") + return nil, fmt.Errorf("AccessControlAllowCredentials can not be true when AccessControlAllowOrigins is *") } if (allowOrigin == "null" || allowOrigin == "*") && len(rawRule.AccessControlAllowOrigins) != 1 { diff --git a/bfe_modules/mod_cors/cors_rule_load_test.go b/bfe_modules/mod_cors/cors_rule_load_test.go index f0f61cbd8..8b6aac96d 100644 --- a/bfe_modules/mod_cors/cors_rule_load_test.go +++ b/bfe_modules/mod_cors/cors_rule_load_test.go @@ -128,7 +128,7 @@ func TestRuleConvertWrongCredentials(t *testing.T) { t.Fatalf("should have error") } - if !strings.Contains(err.Error(), "AccessControlAllowCredentials can not be ture when AccessControlAllowOrigins is *") { + if !strings.Contains(err.Error(), "AccessControlAllowCredentials can not be true when AccessControlAllowOrigins is *") { t.Fatalf("error is not expected, %v", err) } } diff --git a/bfe_modules/mod_cors/mod_cors_test.go b/bfe_modules/mod_cors/mod_cors_test.go index 9ddcdcdf9..6bf789dbb 100644 --- a/bfe_modules/mod_cors/mod_cors_test.go +++ b/bfe_modules/mod_cors/mod_cors_test.go @@ -48,12 +48,12 @@ func TestLoadRuleData(t *testing.T) { } if modVersion != expectModVersion { - t.Fatalf("version shoule be %s, but it's %s", expectModVersion, modVersion) + t.Fatalf("version should be %s, but it's %s", expectModVersion, modVersion) } expectVersion := "20200508210000" if m.ruleTable.version != expectVersion { - t.Fatalf("version shoule be %s, but it's %s", expectVersion, m.ruleTable.version) + t.Fatalf("version should be %s, but it's %s", expectVersion, m.ruleTable.version) } ruleList, ok := m.ruleTable.productRule[expectProduct] @@ -164,7 +164,7 @@ func TestSetRespCorsHeader(t *testing.T) { t.Fatalf("response header %s is not expected", HeaderAccessControlMaxAge) } - // preflight is ture + // preflight is true m.setRespHeaderForPreflght(req, rspHeader, &rule) if rspHeader.Get(HeaderAccessControlAllowMethods) != http.MethodPut { diff --git a/bfe_modules/mod_geo/mod_geo.go b/bfe_modules/mod_geo/mod_geo.go index 0d9fa4ae6..800f761b5 100644 --- a/bfe_modules/mod_geo/mod_geo.go +++ b/bfe_modules/mod_geo/mod_geo.go @@ -163,7 +163,7 @@ func (m *ModuleGeo) setGeoInfoToReqContext(req *bfe_basic.Request, cityInfo *geo req.SetContext(CtxLongitude, longitude) if openDebug { - log.Logger.Debug("%s: the geolocation information: conturyIsoCode(%s), subdivisionIsoCode(%s),"+ + log.Logger.Debug("%s: the geolocation information: countryIsoCode(%s), subdivisionIsoCode(%s),"+ "cityName(%s), longitude(%s) and latitude(%s)", m.name, conturyIsoCode, subdivisionIsoCode, cityName, latitude, longitude) } diff --git a/bfe_modules/mod_header/action_header_var.go b/bfe_modules/mod_header/action_header_var.go index 604e64566..4abe38327 100644 --- a/bfe_modules/mod_header/action_header_var.go +++ b/bfe_modules/mod_header/action_header_var.go @@ -74,6 +74,9 @@ var VariableHandlers = map[string]HeaderValueHandler{ "client_cert_subject_country": getClientCertSubjectCountry, "client_cert_subject_locality": getClientCertSubjectLocality, + // for http2 + "bfe_http2_fingerprint": getBfeHTTP2Fingerprint, + // for geo "bfe_client_geo_country_iso_code": getClientGeoCountryIsoCode, "bfe_client_geo_subdivision_iso_code": getClientGeoSubdivisionIsoCode, @@ -464,3 +467,7 @@ func getClientGeoLongitude(req *bfe_basic.Request) string { return longitude.(string) } + +func getBfeHTTP2Fingerprint(req *bfe_basic.Request) string { + return req.HttpRequest.State.H2Fingerprint +} diff --git a/bfe_modules/mod_markdown/md_render.go b/bfe_modules/mod_markdown/md_render.go index 0f2ec273e..649ae3ff5 100644 --- a/bfe_modules/mod_markdown/md_render.go +++ b/bfe_modules/mod_markdown/md_render.go @@ -27,8 +27,7 @@ func Render(src []byte) ([]byte, error) { if len(src) == 0 { return nil, fmt.Errorf("Render(): render empty src") } - var dst []byte - dst = render(src) + dst := render(src) return dst, nil } diff --git a/bfe_modules/mod_markdown/mod_markdown_test.go b/bfe_modules/mod_markdown/mod_markdown_test.go index f71b01164..8d467a911 100644 --- a/bfe_modules/mod_markdown/mod_markdown_test.go +++ b/bfe_modules/mod_markdown/mod_markdown_test.go @@ -131,6 +131,9 @@ func TestModuleMarkdown_renderMarkDownHandler(t *testing.T) { t.Errorf("ModuleMarkdown.TestModuleMarkdown_renderMarkDownHandler() error = %v", err) } want, err := ioutil.ReadFile(targetPath) + if err != nil { + t.Errorf("ModuleMarkdown.TestModuleMarkdown_renderMarkDownHandler() error = %v", err) + } if !reflect.DeepEqual(got, want) { t.Errorf("ModuleMarkdown.TestModuleMarkdown_renderMarkDownHandler(), got[%s], want[%s]", string(got), string(want)) } diff --git a/bfe_modules/mod_markdown/testdata/testcase0.md b/bfe_modules/mod_markdown/testdata/testcase0.md index 73d17dc60..2be7c65ae 100644 --- a/bfe_modules/mod_markdown/testdata/testcase0.md +++ b/bfe_modules/mod_markdown/testdata/testcase0.md @@ -1 +1 @@ -# hello world \ No newline at end of file +# hello world diff --git a/bfe_modules/mod_markdown/testdata/testcase1.md b/bfe_modules/mod_markdown/testdata/testcase1.md index 6b499aa15..4ff9ff6fa 100644 --- a/bfe_modules/mod_markdown/testdata/testcase1.md +++ b/bfe_modules/mod_markdown/testdata/testcase1.md @@ -10,13 +10,17 @@ You will like those projects! --- -# h1 Heading +# h1 Heading + ## h2 Heading + ### h3 Heading + #### h4 Heading + ##### h5 Heading -###### h6 Heading +###### h6 Heading ## Horizontal Rules @@ -26,7 +30,6 @@ ___ *** - ## Typographic replacements Enable typographer option to see result. @@ -39,7 +42,6 @@ test.. test... test..... test?..... test!.... "Smartypants, double quotes" and 'single quotes' - ## Emphasis **This is bold text** @@ -52,15 +54,12 @@ _This is italic text_ ~~Strikethrough~~ - ## Blockquotes - > Blockquotes can also be nested... >> ...by using additional greater-than signs right next to each other... > > > ...or with spaces between arrows. - ## Lists Unordered @@ -79,7 +78,6 @@ Ordered 2. Consectetur adipiscing elit 3. Integer molestie lorem at massa - 1. You can use sequential numbers... 1. ...or keep all the numbers as `1.` @@ -88,7 +86,6 @@ Start numbering with offset: 57. foo 1. bar - ## Code Inline `code` @@ -100,7 +97,6 @@ Indented code line 2 of code line 3 of code - Block code "fences" ``` @@ -133,7 +129,6 @@ Right aligned columns | engine | engine to be used for processing templates. Handlebars is the default. | | ext | extension to be used for dest files. | - ## Links [link text](http://dev.nodeca.com) @@ -142,7 +137,6 @@ Right aligned columns Autoconverted link https://github.com/nodeca/pica (enable linkify to see) - ## Images ![Minion](https://octodex.github.com/images/minion.png) @@ -156,13 +150,11 @@ With a reference later in the document defining the URL location: [id]: https://octodex.github.com/images/dojocat.jpg "The Dojocat" - ## Plugins The killer feature of `markdown-it` is very effective support of [syntax plugins](https://www.npmjs.org/browse/keyword/markdown-it-plugin). - ### [Emojies](https://github.com/markdown-it/markdown-it-emoji) > Classic markup: :wink: :crush: :cry: :tear: :laughing: :yum: @@ -171,23 +163,19 @@ The killer feature of `markdown-it` is very effective support of see [how to change output](https://github.com/markdown-it/markdown-it-emoji#change-output) with twemoji. - ### [Subscript](https://github.com/markdown-it/markdown-it-sub) / [Superscript](https://github.com/markdown-it/markdown-it-sup) - 19^th^ - H~2~O - ### [\](https://github.com/markdown-it/markdown-it-ins) ++Inserted text++ - ### [\](https://github.com/markdown-it/markdown-it-mark) ==Marked text== - ### [Footnotes](https://github.com/markdown-it/markdown-it-footnote) Footnote 1 link[^first]. @@ -204,7 +192,6 @@ Duplicated footnote reference[^second]. [^second]: Footnote text. - ### [Definition lists](https://github.com/markdown-it/markdown-it-deflist) Term 1 @@ -229,7 +216,6 @@ Term 2 ~ Definition 2a ~ Definition 2b - ### [Abbreviations](https://github.com/markdown-it/markdown-it-abbr) This is HTML abbreviation example. diff --git a/bfe_modules/mod_prison/access.go b/bfe_modules/mod_prison/access.go index 733e4624e..45109a300 100644 --- a/bfe_modules/mod_prison/access.go +++ b/bfe_modules/mod_prison/access.go @@ -43,7 +43,7 @@ func (s *AccessSigner) Sign(label string, req *bfe_basic.Request) (AccessSign, e return AccessSign{}, err } - // caculate signature + // calculate signature return AccessSign(md5.Sum(data)), nil } @@ -133,7 +133,7 @@ func buildKeyValue(dst *bytes.Buffer, key string, val string) { dst.WriteString(val) } -// buildQueryValues builds value from equivalent querys (separate by |, eg q1|q2) +// buildQueryValues builds value from equivalent queries (separate by |, eg q1|q2) func buildQueryValues(dst *bytes.Buffer, query url.Values, keys string) bool { // Note: output format &q1|q2=v1v2 (instead of &q1=v1&q2=v2) existQuery := false diff --git a/bfe_modules/mod_prison/data_load.go b/bfe_modules/mod_prison/data_load.go index 8c8650411..23c63f9a8 100644 --- a/bfe_modules/mod_prison/data_load.go +++ b/bfe_modules/mod_prison/data_load.go @@ -116,7 +116,7 @@ func PrisonRuleCheck(conf *PrisonRuleConf) error { // PrisonRuleListCheck check prisonRuleList func PrisonRuleListCheck(conf *PrisonRuleConfList) error { // create a rule map - ruleMap := make(map[string]bool, 0) + ruleMap := make(map[string]bool) for index, rule := range *conf { if err := PrisonRuleCheck(rule); err != nil { return fmt.Errorf("prisonRule:%d, %s", index, err.Error()) diff --git a/bfe_modules/mod_prison/product_rule_table.go b/bfe_modules/mod_prison/product_rule_table.go index d3f65c5fe..0e922cb09 100644 --- a/bfe_modules/mod_prison/product_rule_table.go +++ b/bfe_modules/mod_prison/product_rule_table.go @@ -25,7 +25,7 @@ type productRuleTable struct { func newProductRuleTable() *productRuleTable { return &productRuleTable{ - ruleTable: make(map[string]*prisonRules, 0), + ruleTable: make(map[string]*prisonRules), } } @@ -54,7 +54,7 @@ func (p *productRuleTable) getTable() map[string]*prisonRules { func (p *productRuleTable) newRuleTable(config ProductRuleConf) (map[string]*prisonRules, error) { oldRuleTable := p.getTable() - ruleTable := make(map[string]*prisonRules, 0) + ruleTable := make(map[string]*prisonRules) for product, ruleConfList := range *config.Config { // create new Prison Rule rules, err := newPrisonRules(*ruleConfList) diff --git a/bfe_modules/mod_prison/rules.go b/bfe_modules/mod_prison/rules.go index 72729b33a..008a70dff 100644 --- a/bfe_modules/mod_prison/rules.go +++ b/bfe_modules/mod_prison/rules.go @@ -60,7 +60,7 @@ func buildPrisonRuleMap(ruleList []prisonRule) map[string]*prisonRule { } func (r *prisonRules) initDict(oldRules *prisonRules) { - oldRuleMap := make(map[string]*prisonRule, 0) + oldRuleMap := make(map[string]*prisonRule) if oldRules != nil { oldRuleMap = oldRules.ruleMap } diff --git a/bfe_modules/mod_redirect/action.go b/bfe_modules/mod_redirect/action.go index 536559fc7..3c8b0d464 100644 --- a/bfe_modules/mod_redirect/action.go +++ b/bfe_modules/mod_redirect/action.go @@ -36,7 +36,6 @@ type Action struct { type ActionFileList []ActionFile -// exclusive action set var EXCLUSIVE_ACTIONS = map[string]interface{}{ "SCHEME_SET": nil, "URL_SET": nil, @@ -108,7 +107,7 @@ func actionConvert(actionFile ActionFile) Action { } func actionsConvert(actionFiles ActionFileList) []Action { - actions := make([]Action, 0) + actions := make([]Action, 0, len(actionFiles)) for _, actionFile := range actionFiles { action := actionConvert(actionFile) diff --git a/bfe_modules/mod_secure_link/data_load_test.go b/bfe_modules/mod_secure_link/data_load_test.go index ad3cd533e..1e1faa625 100644 --- a/bfe_modules/mod_secure_link/data_load_test.go +++ b/bfe_modules/mod_secure_link/data_load_test.go @@ -19,13 +19,13 @@ import ( ) func TestDataLoad(t *testing.T) { - data, err := DataLoad("testdata/mod_secure_link/secure_link_rule1.data") + _, err := DataLoad("testdata/mod_secure_link/secure_link_rule1.data") if err == nil { t.Errorf("want err, got nil") } t.Log(err) - data, err = DataLoad("testdata/mod_secure_link/secure_link_rule.data") + data, err := DataLoad("testdata/mod_secure_link/secure_link_rule.data") if err != nil { t.Errorf("want nil, got %v", err) return diff --git a/bfe_modules/mod_static/static_rule_load_test.go b/bfe_modules/mod_static/static_rule_load_test.go index b50aa8120..f43ae3b51 100644 --- a/bfe_modules/mod_static/static_rule_load_test.go +++ b/bfe_modules/mod_static/static_rule_load_test.go @@ -29,7 +29,7 @@ func TestStaticConfLoadCase1(t *testing.T) { t.Errorf("Length of static rule should be 5 not %d", len(*staticConf.Config["unittest"])) } if (*staticConf.Config["unittest"])[0].Action.Params[1] != "" { - t.Errorf("default file of first rule shoule be empty") + t.Errorf("default file of first rule should be empty") } } diff --git a/bfe_modules/mod_tag/conf_mod_tag_test.go b/bfe_modules/mod_tag/conf_mod_tag_test.go index a2c75a1d0..1699024fc 100644 --- a/bfe_modules/mod_tag/conf_mod_tag_test.go +++ b/bfe_modules/mod_tag/conf_mod_tag_test.go @@ -21,12 +21,12 @@ import ( func TestConfLoadCase1(t *testing.T) { cfg, err := ConfLoad("testdata/mod_tag/mod_tag.conf", "testdata") if err != nil { - t.Fatalf("shoule have no error, but error is %v", err) + t.Fatalf("should have no error, but error is %v", err) } expectDataPath := "testdata/mod_tag/tag_rule_test.data" if cfg.Basic.DataPath != expectDataPath { - t.Fatalf("cfg.Basic.DataPath shoule %s, but it's %s", expectDataPath, cfg.Basic.DataPath) + t.Fatalf("cfg.Basic.DataPath should %s, but it's %s", expectDataPath, cfg.Basic.DataPath) } if cfg.Log.OpenDebug != false { @@ -37,11 +37,11 @@ func TestConfLoadCase1(t *testing.T) { func TestConfLoadCase2(t *testing.T) { cfg, err := ConfLoad("testdata/mod_tag/mod_tag.conf1", "testdata") if err != nil { - t.Fatalf("shoule have no error, but error is %v", err) + t.Fatalf("should have no error, but error is %v", err) } expectDataPath := "testdata/mod_tag/tag_rule.data" if cfg.Basic.DataPath != expectDataPath { - t.Fatalf("cfg.Basic.DataPath shoule be %s, but it's %s", expectDataPath, cfg.Basic.DataPath) + t.Fatalf("cfg.Basic.DataPath should be %s, but it's %s", expectDataPath, cfg.Basic.DataPath) } } diff --git a/bfe_modules/mod_tag/mod_tag_test.go b/bfe_modules/mod_tag/mod_tag_test.go index 6bf0b27a9..6240c2b25 100644 --- a/bfe_modules/mod_tag/mod_tag_test.go +++ b/bfe_modules/mod_tag/mod_tag_test.go @@ -48,12 +48,12 @@ func TestLoadRuleData(t *testing.T) { } if modVersion != expectModVersion { - t.Fatalf("version shoule be %s, but it's %s", expectModVersion, modVersion) + t.Fatalf("version should be %s, but it's %s", expectModVersion, modVersion) } expectVersion := "20200218210000" if m.ruleTable.version != expectVersion { - t.Fatalf("version shoule be %s, but it's %s", expectVersion, m.ruleTable.version) + t.Fatalf("version should be %s, but it's %s", expectVersion, m.ruleTable.version) } ruleList, ok := m.ruleTable.productRule[expectProduct] @@ -100,7 +100,7 @@ func TestTagHandlerCase1(t *testing.T) { expectTagValue := "bfe_test1" if tagValue[0] != expectTagValue { - t.Fatalf("TagValue shoule be %s, but it's %s", expectTagValue, req.Tags.TagTable[expectTagName][0]) + t.Fatalf("TagValue should be %s, but it's %s", expectTagValue, req.Tags.TagTable[expectTagName][0]) } expectTagName = "tag_test2" @@ -112,7 +112,7 @@ func TestTagHandlerCase1(t *testing.T) { expectTagValue = "bfe_test2" if tagValue[0] != expectTagValue { - t.Fatalf("TagValue shoule be %s, but it's %s", expectTagValue, req.Tags.TagTable[expectTagName][0]) + t.Fatalf("TagValue should be %s, but it's %s", expectTagValue, req.Tags.TagTable[expectTagName][0]) } } @@ -151,7 +151,7 @@ func TestTagHandlerCase2(t *testing.T) { expectTagValue := "bfe31" if tagValue[0] != expectTagValue { - t.Fatalf("TagValue shoule be %s, but it's %s", expectTagValue, req.Tags.TagTable[expectTagName][0]) + t.Fatalf("TagValue should be %s, but it's %s", expectTagValue, req.Tags.TagTable[expectTagName][0]) } } @@ -190,11 +190,11 @@ func TestTagHandlerCase3(t *testing.T) { expectTagValue1 := "bfe41" if tagValue[0] != expectTagValue1 { - t.Fatalf("value shoule be %s, but it's %s", expectTagValue1, tagValue[0]) + t.Fatalf("value should be %s, but it's %s", expectTagValue1, tagValue[0]) } expectTagValue2 := "bfe42" if tagValue[1] != expectTagValue2 { - t.Fatalf("value shoule be %s, but it's %s", expectTagValue2, tagValue[1]) + t.Fatalf("value should be %s, but it's %s", expectTagValue2, tagValue[1]) } } diff --git a/bfe_modules/mod_tcp_keepalive/conf_load_test.go b/bfe_modules/mod_tcp_keepalive/conf_load_test.go index 7159efdc2..835e1495a 100644 --- a/bfe_modules/mod_tcp_keepalive/conf_load_test.go +++ b/bfe_modules/mod_tcp_keepalive/conf_load_test.go @@ -31,7 +31,7 @@ func TestConfModTcpKeepAlive_1(t *testing.T) { } if config.Log.OpenDebug != true { - t.Error("Log.OpenDebug shoule be true") + t.Error("Log.OpenDebug should be true") return } } @@ -45,7 +45,7 @@ func TestConfModTcpKeepAlive_2(t *testing.T) { // use default value if config.Basic.DataPath != "mod_tcp_keepalive/tcp_keepalive.data" { - t.Error("DataPath shoule be mod_tcp_keepalive/tcp_keepalive.data") + t.Error("DataPath should be mod_tcp_keepalive/tcp_keepalive.data") return } } diff --git a/bfe_modules/mod_tcp_keepalive/data_load.go b/bfe_modules/mod_tcp_keepalive/data_load.go index 0fda25a1d..3ff17dc11 100644 --- a/bfe_modules/mod_tcp_keepalive/data_load.go +++ b/bfe_modules/mod_tcp_keepalive/data_load.go @@ -25,23 +25,6 @@ import ( "github.com/bfenetworks/bfe/bfe_util/json" ) -/* -{ - "Version": "x", - "Config": { - "Product1": [{ - "VipConf": ["1.1.1.1", "1.1.1.2"], - "KeepAliveParam": { - "Disable": false, - "KeepIdle" : 70, - "KeepIntvl" : 15, - "KeepCnt": 9 - } - }] - } -} -*/ -// ProductRuleConf match the original tcp_keepalive.data type ProductRuleConf struct { Version string Config map[string]ProductRulesFile @@ -53,28 +36,6 @@ type ProductRuleFile struct { KeepAliveParam KeepAliveParam } -/* -{ - "Version": "x", - "Config": { - "Product1": { - "1.1.1.1": { - "Disable": false, - "KeepIdle" : 70, - "KeepIntvl" : 15, - "KeepCnt": 9 - }, - "1.1.1.2": { - "Disable": false, - "KeepIdle" : 70, - "KeepIntvl" : 15, - "KeepCnt": 9 - } - } - } -} -*/ -// ProductRuleData contains data convert from ProductRuleConf type ProductRuleData struct { Version string Config ProductRules @@ -187,10 +148,10 @@ func KeepAliveDataLoad(filename string) (ProductRuleData, error) { // open the file file, err := os.Open(filename) - defer file.Close() if err != nil { return data, err } + defer file.Close() // decode the file decoder := json.NewDecoder(file) diff --git a/bfe_modules/mod_tcp_keepalive/data_load_test.go b/bfe_modules/mod_tcp_keepalive/data_load_test.go index 8c370e977..5a5e6b11e 100644 --- a/bfe_modules/mod_tcp_keepalive/data_load_test.go +++ b/bfe_modules/mod_tcp_keepalive/data_load_test.go @@ -31,7 +31,7 @@ func TestKeepAliveDataLoad_1(t *testing.T) { } if len(data.Config["product1"]) != 3 { - t.Errorf("len(data.Config[product1]) shoule be 3, but is %d", len(data.Config["product1"])) + t.Errorf("len(data.Config[product1]) should be 3, but is %d", len(data.Config["product1"])) return } } diff --git a/bfe_modules/mod_trace/README.md b/bfe_modules/mod_trace/README.md index acfad5316..0a970097f 100644 --- a/bfe_modules/mod_trace/README.md +++ b/bfe_modules/mod_trace/README.md @@ -1,9 +1,12 @@ # mod_trace ## Introduction + mod_trace is a BFE plugin for OpenTracing. ## Usage -See: + +See: + * https://www.bfe-networks.net/en_us/modules/mod_trace/mod_trace/ * https://www.bfe-networks.net/zh_cn/modules/mod_trace/mod_trace/ diff --git a/bfe_modules/mod_trace/conf_mod_trace_test.go b/bfe_modules/mod_trace/conf_mod_trace_test.go index 0e0a28f80..b0695a575 100644 --- a/bfe_modules/mod_trace/conf_mod_trace_test.go +++ b/bfe_modules/mod_trace/conf_mod_trace_test.go @@ -21,7 +21,7 @@ import ( func TestConfLoadCase1(t *testing.T) { cfg, err := ConfLoad("testdata/mod_trace/mod_trace.conf", "testdata") if err != nil { - t.Fatalf("shoule have no error, but error is %v", err) + t.Fatalf("should have no error, but error is %v", err) } expectDataPath := "testdata/mod_trace/trace_rule_test.data" diff --git a/bfe_modules/mod_trace/mod_trace_test.go b/bfe_modules/mod_trace/mod_trace_test.go index 81754ae81..dbe35be02 100644 --- a/bfe_modules/mod_trace/mod_trace_test.go +++ b/bfe_modules/mod_trace/mod_trace_test.go @@ -44,12 +44,12 @@ func TestLoadRuleData(t *testing.T) { } if modVersion != expectModVersion { - t.Fatalf("version shoule be %s, but it's %s", expectModVersion, modVersion) + t.Fatalf("version should be %s, but it's %s", expectModVersion, modVersion) } expectVersion := "20200316215500" if m.ruleTable.version != expectVersion { - t.Fatalf("version shoule be %s, but it's %s", expectVersion, m.ruleTable.version) + t.Fatalf("version should be %s, but it's %s", expectVersion, m.ruleTable.version) } ruleList, ok := m.ruleTable.productRule[expectProduct] diff --git a/bfe_modules/mod_trust_clientip/mod_trust_clientip.go b/bfe_modules/mod_trust_clientip/mod_trust_clientip.go index 9135dd81a..f07293b8e 100644 --- a/bfe_modules/mod_trust_clientip/mod_trust_clientip.go +++ b/bfe_modules/mod_trust_clientip/mod_trust_clientip.go @@ -20,7 +20,6 @@ import ( "bytes" "fmt" "net/url" - "strings" ) import ( @@ -45,7 +44,7 @@ var ( type ModuleTrustClientIPState struct { ConnTotal *metrics.Counter // all connnetion checked - ConnTrustClientip *metrics.Counter // connnection from trust addr + ConnTrustClientip *metrics.Counter // connection from trust addr ConnAddrInternal *metrics.Counter // connection from internal ConnAddrInternalNotTrust *metrics.Counter // connection from internal and not trust } @@ -54,7 +53,7 @@ type ModuleTrustClientIP struct { name string // name of module configPath string // path of config file state ModuleTrustClientIPState // module state - metrics metrics.Metrics // diff counter of moudle state + metrics metrics.Metrics // diff counter of module state trustTable *ipdict.IPTable // table for storing trust-ip } @@ -71,7 +70,7 @@ func (m *ModuleTrustClientIP) Name() string { } func ipItemsMake(conf TrustIPConf) (*ipdict.IPItems, error) { - // calucate singleIPNum and pairIPNum + // calculate singleIPNum and pairIPNum singleIPNum, pairIPNum := 0, 0 for _, addrScopeList := range conf.Config { for _, AddrScope := range *addrScopeList { @@ -153,9 +152,8 @@ func (m *ModuleTrustClientIP) acceptHandler(session *bfe_basic.Session) int { } session.SetTrustSource(trusted) - // TODO: modify counting policy for ipv6 // state for internal remote ip - if strings.HasPrefix(session.RemoteAddr.IP.String(), "10.") { + if session.RemoteAddr.IP.IsPrivate() { m.state.ConnAddrInternal.Inc(1) if !trusted { m.state.ConnAddrInternalNotTrust.Inc(1) diff --git a/bfe_modules/mod_userid/mod_userid.go b/bfe_modules/mod_userid/mod_userid.go index 5a1bf81ac..8ab07feae 100644 --- a/bfe_modules/mod_userid/mod_userid.go +++ b/bfe_modules/mod_userid/mod_userid.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package mod_userid generate user identity to trace one user in deffient request +// Package mod_userid generate user identity to trace one user in different request // this mod will auto set user id for request if user id not exited in cookie to cookie package mod_userid diff --git a/bfe_modules/mod_userid/userid_conf_load_test.go b/bfe_modules/mod_userid/userid_conf_load_test.go index b6d6f97dc..a262d4b1f 100644 --- a/bfe_modules/mod_userid/userid_conf_load_test.go +++ b/bfe_modules/mod_userid/userid_conf_load_test.go @@ -21,16 +21,16 @@ import ( func TestNewConfigFromFile(t *testing.T) { tests := []struct { - name string - fileName string - want *Config - valdateFunc func(a *Config) bool - wantErr bool + name string + fileName string + want *Config + validateFunc func(a *Config) bool + wantErr bool }{ { name: "case:succ", fileName: "./testdata/mod_userid/userid_rule.data", - valdateFunc: func(a *Config) bool { + validateFunc: func(a *Config) bool { return a != nil && len(a.Products) == 1 }, wantErr: false, @@ -49,8 +49,8 @@ func TestNewConfigFromFile(t *testing.T) { return } - if tt.valdateFunc != nil { - if !tt.valdateFunc(got) { + if tt.validateFunc != nil { + if !tt.validateFunc(got) { t.Errorf("NewConfigFromFile() = %v, want %v", got, nil) } } else if !reflect.DeepEqual(got, tt.want) { diff --git a/bfe_modules/mod_waf/waf_rule/rule_bash_cmd.go b/bfe_modules/mod_waf/waf_rule/rule_bash_cmd.go index 4711f65b2..4e2643d8b 100644 --- a/bfe_modules/mod_waf/waf_rule/rule_bash_cmd.go +++ b/bfe_modules/mod_waf/waf_rule/rule_bash_cmd.go @@ -106,7 +106,7 @@ func checkSemicolon(value string) bool { return false } -// checkHeaderValueContent check if header value content matches the spedific rules +// checkHeaderValueContent check if header value content matches the specific rules func checkHeaderValueContent(value string) bool { index := strings.Index(value, "}") if index != -1 { diff --git a/bfe_modules/mod_waf/waf_rule_load.go b/bfe_modules/mod_waf/waf_rule_load.go index 97497f87c..7c3227dc3 100644 --- a/bfe_modules/mod_waf/waf_rule_load.go +++ b/bfe_modules/mod_waf/waf_rule_load.go @@ -73,8 +73,7 @@ func wafRuleConvert(ruleFile *wafRuleFile) (*wafRule, error) { } func productWafRuleConvert(prf *productWafRuleFile) (productWafRule, error) { - var wr productWafRule - wr = make(productWafRule) + wr := make(productWafRule) if prf == nil { return nil, fmt.Errorf("ruleConvert(), err= empty productWafRuleFile") } diff --git a/bfe_net/textproto/header.go b/bfe_net/textproto/header.go index d6db58303..fba60335d 100644 --- a/bfe_net/textproto/header.go +++ b/bfe_net/textproto/header.go @@ -22,7 +22,7 @@ package textproto // keys to sets of values. type MIMEHeader map[string][]string -// MIMEKyes represents keys of header in original order +// MIMEKeys represents keys of header in original order type MIMEKeys []string // Add adds the key, value pair to the header. @@ -55,7 +55,7 @@ func (h MIMEHeader) Get(key string) string { } // Values returns all values associated with the given key. -// It is case insensitive; CanonicalMIMEHeaderKey is +// It is case-insensitive; CanonicalMIMEHeaderKey is // used to canonicalize the provided key. To use non-canonical // keys, access the map directly. // The returned slice is not a copy. diff --git a/bfe_net/textproto/reader_test.go b/bfe_net/textproto/reader_test.go index 0b1632704..e56982216 100644 --- a/bfe_net/textproto/reader_test.go +++ b/bfe_net/textproto/reader_test.go @@ -288,7 +288,7 @@ func TestCommonHeaders(t *testing.T) { } } -var clientHeaders = strings.Replace(`Host: golang.org +var clientHeaders = strings.ReplaceAll(`Host: golang.org Connection: keep-alive Cache-Control: max-age=0 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 @@ -299,9 +299,9 @@ Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 COOKIE: __utma=000000000.0000000000.0000000000.0000000000.0000000000.00; __utmb=000000000.0.00.0000000000; __utmc=000000000; __utmz=000000000.0000000000.00.0.utmcsr=code.google.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/go/issues/detail Non-Interned: test -`, "\n", "\r\n", -1) +`, "\n", "\r\n") -var serverHeaders = strings.Replace(`Content-Type: text/html; charset=utf-8 +var serverHeaders = strings.ReplaceAll(`Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Date: Thu, 27 Sep 2012 09:03:33 GMT Server: Google Frontend @@ -311,7 +311,7 @@ VIA: 1.1 proxy.example.com:80 (XXX/n.n.n-nnn) Connection: Close Non-Interned: test -`, "\n", "\r\n", -1) +`, "\n", "\r\n") func BenchmarkReadMIMEHeader(b *testing.B) { b.ReportAllocs() diff --git a/bfe_proxy/common.go b/bfe_proxy/common.go index 0bf0d41d0..53753a93d 100644 --- a/bfe_proxy/common.go +++ b/bfe_proxy/common.go @@ -32,7 +32,7 @@ import ( "github.com/baidu/go-lib/web-monitor/metrics" ) -// State for Proxy +// ProxyState is State for Proxy type ProxyState struct { ProxyErrReadHeader *metrics.Counter // connection with io err while read header ProxyErrNoProxyProtocol *metrics.Counter // connection with signature unmatched diff --git a/bfe_route/bfe_cluster/bfe_cluster.go b/bfe_route/bfe_cluster/bfe_cluster.go index 19eb2bb31..c0db12c8d 100644 --- a/bfe_route/bfe_cluster/bfe_cluster.go +++ b/bfe_route/bfe_cluster/bfe_cluster.go @@ -43,7 +43,7 @@ type BfeCluster struct { reqWriteBufferSize int // write buffer size for request reqFlushInterval time.Duration // interval to flush request - resFlushInterval time.Duration // interval to flush resposne + resFlushInterval time.Duration // interval to flush response cancelOnClientClose bool // cancel blocking operation in server if client conn gone } diff --git a/bfe_server/bfe_listener.go b/bfe_server/bfe_listener.go index 96438ebe5..6202160f8 100644 --- a/bfe_server/bfe_listener.go +++ b/bfe_server/bfe_listener.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// BfeListener is a wapper of TCP listener which accept connections behind +// BfeListener is a wrapper of TCP listener which accept connections behind // a load balancer (PROXY/NONE) // // Note: The TLS listener is wired together like: diff --git a/bfe_server/bfe_server.go b/bfe_server/bfe_server.go index e440ca13e..c50fa5f67 100644 --- a/bfe_server/bfe_server.go +++ b/bfe_server/bfe_server.go @@ -47,7 +47,6 @@ import ( "github.com/bfenetworks/bfe/bfe_websocket" ) -// BfeServer type BfeServer struct { bfe_http.Server @@ -98,7 +97,7 @@ type BfeServer struct { Version string // version of bfe server } -// NewBfeModules create a new instance of BfeServer. +// NewBfeServer create a new instance of BfeServer. func NewBfeServer(cfg bfe_conf.BfeConfig, confRoot string, version string) *BfeServer { @@ -287,7 +286,7 @@ func (srv *BfeServer) initTLSRule(httpsConf bfe_conf.ConfigHttpsBasic) error { return fmt.Errorf("createTlsConfig get default Cert error") } - // Note: config.Certficates must be initialized, but we just use config.MultiCert + // Note: config.Certificates must be initialized, but we just use config.MultiCert // for server certificates srv.TLSConfig.Certificates = make([]bfe_tls.Certificate, 1) srv.TLSConfig.Certificates[0] = *cert @@ -400,7 +399,7 @@ Loop: os.Exit(0) } -// CheckGracefulShutdown check wether the server is in graceful shutdown state. +// CheckGracefulShutdown check whether the server is in graceful shutdown state. func (srv *BfeServer) CheckGracefulShutdown() bool { select { case <-srv.CloseNotifyCh: diff --git a/bfe_server/bfe_server_init.go b/bfe_server/bfe_server_init.go index be2c82306..f261ac354 100644 --- a/bfe_server/bfe_server_init.go +++ b/bfe_server/bfe_server_init.go @@ -99,8 +99,10 @@ func StartUp(cfg bfe_conf.BfeConfig, version string, confRoot string) error { return err } - // start embedded web server - bfeServer.Monitor.Start() + // start embedded web server if enabled + if cfg.Server.MonitorEnabled { + bfeServer.Monitor.Start() + } serveChan := make(chan error) diff --git a/bfe_server/chunk_writer.go b/bfe_server/chunk_writer.go index e74946933..9bd431fbb 100644 --- a/bfe_server/chunk_writer.go +++ b/bfe_server/chunk_writer.go @@ -33,7 +33,7 @@ import ( "github.com/baidu/go-lib/log" ) -import ( +import ( "github.com/bfenetworks/bfe/bfe_bufio" "github.com/bfenetworks/bfe/bfe_http" ) @@ -128,8 +128,8 @@ type chunkWriter struct { // total bytes of body written length int - // Signer calcuates signature for current response - Signer bfe_http.SignCalculater + // Signer calculates signature for current response + Signer bfe_http.SignCalculator } var ( @@ -347,7 +347,7 @@ func (cw *chunkWriter) writeHeader(p []byte) { if ecr, ok := w.req.Body.(*expectContinueReader); ok && !ecr.sawEOF.isSet() { w.closeAfterReply = true } - + // Per RFC 2616, we should consume the request body before // replying, if the handler hasn't already done so. But we // don't want to do an unbounded amount of reading here for diff --git a/bfe_server/expect_continue_reader.go b/bfe_server/expect_continue_reader.go index 8205accdc..17739ab56 100644 --- a/bfe_server/expect_continue_reader.go +++ b/bfe_server/expect_continue_reader.go @@ -73,7 +73,7 @@ func (ecr *expectContinueReader) Close() error { var ErrExpectContinueReaderPeek = errors.New("http: expect continue reader peek failed") -// add peek function which is used by access log module +// Peek add peek function which is used by access log module func (ecr *expectContinueReader) Peek(n int) ([]byte, error) { if ecr.closed.isSet() { return nil, bfe_http.ErrBodyReadAfterClose @@ -91,7 +91,7 @@ func (ecr *expectContinueReader) Peek(n int) ([]byte, error) { return nil, ErrExpectContinueReaderPeek } -// check whether expectContinueReader has sent 100-Continue response +// WroteContinue check whether expectContinueReader has sent 100-Continue response func (ecr *expectContinueReader) WroteContinue() bool { return ecr.resp.wroteContinue } diff --git a/bfe_server/http_conn.go b/bfe_server/http_conn.go index 32cf03176..3f6338ccf 100644 --- a/bfe_server/http_conn.go +++ b/bfe_server/http_conn.go @@ -81,7 +81,7 @@ func (sr *liveSwitchReader) Read(p []byte) (n int, err error) { return r.Read(p) } -// A conn represents the server side of an HTTP/HTTPS connection. +// conn represents the server side of an HTTP/HTTPS connection. type conn struct { // immutable: remoteAddr string // network address of remote side @@ -358,7 +358,7 @@ func (c *conn) serve() { // upgrade to negotiated protocol proto := tlsState.NegotiatedProtocol if mandatoryProtocol, ok := c.getMandatoryProtocol(tlsConn); ok { - // Note: if mandatory protocol configed, use it anyway + // Note: if mandatory protocol configured, use it anyway proto = mandatoryProtocol } if validNPN(proto) { diff --git a/bfe_server/protocol_handler.go b/bfe_server/protocol_handler.go index 6a93fa5b4..59e13d0c6 100644 --- a/bfe_server/protocol_handler.go +++ b/bfe_server/protocol_handler.go @@ -81,7 +81,7 @@ func (p *ProtocolHandler) ServeHTTP(rw bfe_http.ResponseWriter, request *bfe_htt } } -// CheckSupportMultiplex checkes whether protocol support request multiplexing on a conn. +// CheckSupportMultiplex checks whether protocol support request multiplexing on a conn. func CheckSupportMultiplex(proto string) bool { switch proto { case tls_rule_conf.SPDY31: diff --git a/bfe_server/response.go b/bfe_server/response.go index 38899b5b0..c56ccc219 100644 --- a/bfe_server/response.go +++ b/bfe_server/response.go @@ -179,8 +179,8 @@ func srcIsRegularFile(src io.Reader) (isRegular bool, err error) { } } -// set signature calculator for response -func (w *response) SetSigner(signer bfe_http.SignCalculater) { +// SetSigner set signature calculator for response +func (w *response) SetSigner(signer bfe_http.SignCalculator) { w.cw.Signer = signer } diff --git a/bfe_server/reverseproxy.go b/bfe_server/reverseproxy.go index fdfc954e1..a14e69424 100644 --- a/bfe_server/reverseproxy.go +++ b/bfe_server/reverseproxy.go @@ -32,13 +32,14 @@ import ( ) import ( - "github.com/baidu/go-lib/log" "golang.org/x/net/http2" + + "github.com/baidu/go-lib/log" ) import ( bfe_cluster_backend "github.com/bfenetworks/bfe/bfe_balance/backend" - bal_gslb "github.com/bfenetworks/bfe/bfe_balance/bal_gslb" + "github.com/bfenetworks/bfe/bfe_balance/bal_gslb" "github.com/bfenetworks/bfe/bfe_basic" "github.com/bfenetworks/bfe/bfe_config/bfe_cluster_conf/cluster_conf" "github.com/bfenetworks/bfe/bfe_debug" @@ -367,7 +368,7 @@ func (p *ReverseProxy) clusterInvoke(srv *BfeServer, cluster *bfe_cluster.BfeClu // 2. read client request body error(POST/PUT) // 3. write backend error // a. haven't write any byte - // b. aleady write part of data + // b. already write part of data // 4. read backend error // 5. other error allowRetry := false @@ -442,7 +443,7 @@ func (p *ReverseProxy) clusterInvoke(srv *BfeServer, cluster *bfe_cluster.BfeClu // sendResponse send http response to client. func (p *ReverseProxy) sendResponse(rw bfe_http.ResponseWriter, res *bfe_http.Response, flushInterval time.Duration, cancelOnClientClose bool) error { - // prepare SignCalculater for response + // prepare SignCalculator for response p.prepareSigner(rw, res) bfe_http.CopyHeader(rw.Header(), res.Header) @@ -478,7 +479,7 @@ func (p *ReverseProxy) sendResponse(rw bfe_http.ResponseWriter, res *bfe_http.Re return nil } -// prepareSigner prepare SignCalculater for response. +// prepareSigner prepare SignCalculator for response. func (p *ReverseProxy) prepareSigner(rw bfe_http.ResponseWriter, res *bfe_http.Response) { // not need to add signature for respsone if res.Signer == nil { diff --git a/bfe_server/tls_server_rule.go b/bfe_server/tls_server_rule.go index c2aa02a3e..ffe61292a 100644 --- a/bfe_server/tls_server_rule.go +++ b/bfe_server/tls_server_rule.go @@ -87,7 +87,7 @@ func (m *TLSServerRuleMap) GetHTTP2Rule(c *bfe_tls.Conn) *bfe_http2.Rule { return &r.H2Rule } -// GetStreamRule returns stream rule for given connection. +// GetStreamRule returns stream rule for given connection. func (m *TLSServerRuleMap) GetStreamRule(c *bfe_tls.Conn) *bfe_stream.Rule { r := m.getRule(c) return &r.StreamRule diff --git a/bfe_server/tls_session_cache.go b/bfe_server/tls_session_cache.go index adb1b3a2d..7f649b5a0 100644 --- a/bfe_server/tls_session_cache.go +++ b/bfe_server/tls_session_cache.go @@ -89,7 +89,7 @@ func (c *ServerSessionCache) dial() (redis.Conn, error) { c.serversLock.RLock() if len(c.Servers) == 0 { c.serversLock.RUnlock() - return nil, fmt.Errorf("no available connnection in pool") + return nil, fmt.Errorf("no available connection in pool") } server := c.Servers[rand.Intn(len(c.Servers))] c.serversLock.RUnlock() diff --git a/bfe_spdy/request_body.go b/bfe_spdy/request_body.go index 9fd9eb20e..9e6e85022 100644 --- a/bfe_spdy/request_body.go +++ b/bfe_spdy/request_body.go @@ -57,7 +57,7 @@ func (b *RequestBody) Close() error { return nil } -// Eof check wheather without entity body +// Eof check whether without entity body func (b *RequestBody) Eof() bool { return b.pipe == nil } diff --git a/bfe_spdy/response_writer.go b/bfe_spdy/response_writer.go index c5f4ed393..b1ef321d8 100644 --- a/bfe_spdy/response_writer.go +++ b/bfe_spdy/response_writer.go @@ -154,7 +154,7 @@ func cloneHeader(h http.Header) http.Header { // // * Handler calls w.Write or w.WriteString -> // * -> rws.bw (*bufio.Writer) -> -// * (Handler migth call Flush) +// * (Handler might call Flush) // * -> chunkWriter{rws} // * -> responseWriterState.writeChunk(p []byte) // * -> responseWriterState.writeChunk (most of the magic; see comment there) diff --git a/bfe_spdy/server_conn.go b/bfe_spdy/server_conn.go index 22c7910c8..f715a51e6 100644 --- a/bfe_spdy/server_conn.go +++ b/bfe_spdy/server_conn.go @@ -451,7 +451,7 @@ func (sc *serverConn) serve() { // hand timeout event for stream timeout, stream timeout, rst stream func (sc *serverConn) handleTimeout(ch timeoutEventElem) { tag := ch.tag - log.Logger.Debug("bfe_spdy: %s timeout, reseting frame id[%d] from %v", + log.Logger.Debug("bfe_spdy: %s timeout, resetting frame id[%d] from %v", tag.String(), ch.streamID, sc.conn.RemoteAddr()) // stream timeout, rst the stream errRst := StreamError{ch.streamID, ProtocolError} diff --git a/bfe_spdy/server_process_frame.go b/bfe_spdy/server_process_frame.go index 0703ebb37..1cb7a2073 100644 --- a/bfe_spdy/server_process_frame.go +++ b/bfe_spdy/server_process_frame.go @@ -254,7 +254,7 @@ func (sc *serverConn) processSynStream(f *SynStreamFrame) error { // "If the client is initiating the stream, the Stream-ID must // be even. [...] The stream-id MUST increase with each new stream. // If an endpoint receives a SYN_STREAM with a stream id which is - // less than any previously recevied SYN_STREAM, it MUST issue a + // less than any previously received SYN_STREAM, it MUST issue a // session error with the status PROTOCOL_ERROR. See Section 2.3.2" state.SpdyErrInvalidSynStream.Inc(1) return ConnectionError(ProtocolError) diff --git a/bfe_spdy/server_write_sched.go b/bfe_spdy/server_write_sched.go index 0fddf6bcd..acee02755 100644 --- a/bfe_spdy/server_write_sched.go +++ b/bfe_spdy/server_write_sched.go @@ -160,7 +160,7 @@ func (ws *writeScheduler) take() (wm frameWriteMsg, ok bool) { return ws.takeFrom(q.streamID(), q) } -// zeroCanSend is defered from take. +// zeroCanSend is deferred from take. func (ws *writeScheduler) zeroCanSend() { for i := range ws.canSend { ws.canSend[i] = nil diff --git a/bfe_stream/server_tester.go b/bfe_stream/server_tester.go index 172ce331e..10931ffb0 100644 --- a/bfe_stream/server_tester.go +++ b/bfe_stream/server_tester.go @@ -98,7 +98,7 @@ func (st *ServerTester) Write(data []byte) error { return err } -// client read and check message +// WantData makes client read and check message func (st *ServerTester) WantData(data []byte) { buf := make([]byte, len(data)) if err := st.Read(buf); err != nil { @@ -110,7 +110,7 @@ func (st *ServerTester) WantData(data []byte) { } } -// client read and check error +// WantError makes client read and check error func (st *ServerTester) WantError(e string) { err := st.Read(make([]byte, 256)) if err == nil { diff --git a/bfe_tls/cipher_suites.go b/bfe_tls/cipher_suites.go index 8f124c90f..a44d3e4de 100644 --- a/bfe_tls/cipher_suites.go +++ b/bfe_tls/cipher_suites.go @@ -31,9 +31,10 @@ import ( ) import ( + "golang.org/x/crypto/chacha20poly1305" + "github.com/tjfoc/gmsm/sm3" "github.com/tjfoc/gmsm/sm4" - "golang.org/x/crypto/chacha20poly1305" ) // a keyAgreement implements the client and server side of a TLS key agreement @@ -483,7 +484,7 @@ const ( TLS_FALLBACK_SCSV uint16 = 0x5600 // TLS_EMPTY_RENEGOTIATION_INFO_SCSV isn't a true cipher suite, it has - // the same semantics as an empty "renegotation info" extension. See + // the same semantics as an empty "renegotiation info" extension. See // https://tools.ietf.org/html/rfc5746#section-3.3 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00ff ) diff --git a/bfe_tls/common.go b/bfe_tls/common.go index e3ecf6bbc..46e84aa0a 100644 --- a/bfe_tls/common.go +++ b/bfe_tls/common.go @@ -79,8 +79,8 @@ const ( * http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#TLS_RECORD_SIZE */ var ( - initPlaintext int = minPlaintext // initial length of plaintext payload - bytesThreshold int = 1024 * 1024 // 1 MB + initPlaintext int = minPlaintext // initial length of plaintext payload + bytesThreshold int = 1024 * 1024 // 1 MB inactiveSeconds time.Duration = time.Duration(1 * time.Second) // 1 second ) @@ -570,9 +570,9 @@ func (c *Config) mutualVersion(vers uint16) (uint16, bool) { return vers, true } -// followed the rule definded in www.ssllabs.com: +// followed the rule defined in www.ssllabs.com: // in Grade "A+", ssl version older than tls1.2 is not allowed -// in Grade "A", ssl verion older than tls1.0 is not allowed +// in Grade "A", ssl version older than tls1.0 is not allowed func (c *Config) checkVersionGrade(vers uint16, grade string) (uint16, bool) { // ssl ver older than tls1.0 is not allowed for Grade A if grade == GradeA && vers < VersionTLS10 { diff --git a/bfe_tls/handshake_server.go b/bfe_tls/handshake_server.go index 833b6a3fb..c9eb3cd74 100644 --- a/bfe_tls/handshake_server.go +++ b/bfe_tls/handshake_server.go @@ -75,7 +75,7 @@ func (c *Conn) serverHandshake() error { return err } - // Record JA3 fingerpint for TLS client + // Record JA3 fingerprint for TLS client c.ja3Raw = hs.clientHello.JA3String() sum := md5.Sum([]byte(c.ja3Raw)) c.ja3Hash = hex.EncodeToString(sum[:]) @@ -288,7 +288,7 @@ Curves: } if tlsMultiCertificate != nil { - // select certificate by thirdparty policy + // select certificate by third party policy if cert := tlsMultiCertificate.Get(c); cert != nil { hs.cert = cert } diff --git a/bfe_tls/handshake_server_test.go b/bfe_tls/handshake_server_test.go index 9268dba1f..76057ed2e 100644 --- a/bfe_tls/handshake_server_test.go +++ b/bfe_tls/handshake_server_test.go @@ -657,7 +657,7 @@ func TestHandshakeServerSNI(t *testing.T) { runServerTestTLS12(t, test) } -// TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with +// TestCipherSuiteCertPreference ensures that we select an RSA ciphersuite with // an RSA certificate and an ECDSA ciphersuite with an ECDSA certificate. func TestCipherSuiteCertPreferenceECDSA(t *testing.T) { config := testConfig.Clone() diff --git a/bfe_tls/key_agreement.go b/bfe_tls/key_agreement.go index 779003019..8dd7ae8c6 100644 --- a/bfe_tls/key_agreement.go +++ b/bfe_tls/key_agreement.go @@ -275,6 +275,9 @@ NextCandidate: return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) } sig, err = asn1.Marshal(ecdsaSignature{r, s}) + if err != nil { + return nil, errors.New("failed to sign ECDHE asn1 marshal: " + err.Error()) + } case signatureRSA: privKey, ok := cert.PrivateKey.(*rsa.PrivateKey) if !ok { diff --git a/bfe_tls/prf.go b/bfe_tls/prf.go index 8fcdb7f0a..9f9e37f46 100644 --- a/bfe_tls/prf.go +++ b/bfe_tls/prf.go @@ -96,7 +96,7 @@ func prf30(result, secret, label, seed []byte) { done := 0 i := 0 // RFC5246 section 6.3 says that the largest PRF output needed is 128 - // bytes. Since no more ciphersuites will be added to SSLv3, this will + // bytes. Since no more cipher-suites will be added to SSLv3, this will // remain true. Each iteration gives us 16 bytes so 10 iterations will // be sufficient. var b [11]byte diff --git a/bfe_tls/tls.go b/bfe_tls/tls.go index 83630cfae..a9e2dc31d 100644 --- a/bfe_tls/tls.go +++ b/bfe_tls/tls.go @@ -16,7 +16,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package tls partially implements TLS 1.2, as specified in RFC 5246. +// Package bfe_tls partially implements TLS 1.2, as specified in RFC 5246. package bfe_tls import ( @@ -81,8 +81,8 @@ func NewListener(inner net.Listener, config *Config) net.Listener { return l } -/* UpdateListener - update config for tls listener - * +// UpdateListener updates config for tls listener +/* * Params: * - ln : a tls listener * - conf: a tls config @@ -95,12 +95,12 @@ func NewListener(inner net.Listener, config *Config) net.Listener { * to accepted Connection. * 2. tls.Conn will just read tls.Config during handshake and * data transfer phase - * 3. MUST specified a new tls.config when called + * 3. MUST specify a new tls.config when called */ func UpdateListener(ln net.Listener, conf *Config) error { l, ok := ln.(*listener) if !ok { - return errors.New("tls.UpdateListener: type not tls.listner") + return errors.New("tls.UpdateListener: type not tls.listener") } l.lock.Lock() @@ -220,7 +220,7 @@ func Dial(network, addr string, config *Config) (*Conn, error) { // LoadX509KeyPair reads and parses a public/private key pair from a pair of // files. The files must contain PEM encoded data. func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error) { - // try thirdparty loader + // try third party loader if keyPairLoader != nil { return keyPairLoader.LoadX509KeyPair(certFile, keyFile) } diff --git a/bfe_util/access_log/access_log.go b/bfe_util/access_log/access_log.go index 2b6deb097..dc2b1614a 100644 --- a/bfe_util/access_log/access_log.go +++ b/bfe_util/access_log/access_log.go @@ -16,10 +16,11 @@ package access_log import ( "fmt" - "github.com/bfenetworks/bfe/bfe_util" "os" "path/filepath" "strings" + + "github.com/bfenetworks/bfe/bfe_util" ) import ( @@ -28,8 +29,8 @@ import ( type LogConfig struct { // Log directly to a single file (eg. /dev/stdout) - LogFile string // log file path - + LogFile string // log file path + // Log with rotation under specified directory LogPrefix string // log file prefix LogDir string // log file dir @@ -157,9 +158,8 @@ func LoggerInitWithSvr(progName string, loggerName string, // loggerInitWithFilePath initialize logger with a single file name and output logs to file simply. func loggerInitWithFilePath(filePath, format string) (log4go.Logger, error) { - var logger log4go.Logger // create logger - logger = make(log4go.Logger) + var logger = make(log4go.Logger) logWriter := log4go.NewFileLogWriter(filePath, false) if logWriter == nil { return nil, fmt.Errorf("error in log4go.NewFileLogWriter(%s)", filePath) diff --git a/bfe_util/access_log/access_log_test.go b/bfe_util/access_log/access_log_test.go index dd10e2044..d7796d87a 100644 --- a/bfe_util/access_log/access_log_test.go +++ b/bfe_util/access_log/access_log_test.go @@ -39,6 +39,7 @@ func TestFileLogger(t *testing.T) { var c LogConfig c.LogFile = "test_file" confRoot, err := ioutil.TempDir("", "test_file_logger*") + assert.NoError(t, err) err = c.Check(confRoot) assert.NoError(t, err) logger, err := LoggerInit(c) diff --git a/bfe_util/file.go b/bfe_util/file.go index 98c788a78..de63bf652 100644 --- a/bfe_util/file.go +++ b/bfe_util/file.go @@ -72,7 +72,7 @@ func BackupFile(path string, bakPath string) error { return nil } -// check local file +// CheckStaticFile check local file func CheckStaticFile(filename string, sizeLimit int64) error { stat, err := os.Stat(filename) if err != nil { diff --git a/bfe_util/fixed_pool.go b/bfe_util/fixed_pool.go index c9e4f204b..dc75488e9 100644 --- a/bfe_util/fixed_pool.go +++ b/bfe_util/fixed_pool.go @@ -39,7 +39,7 @@ func (p *FixedPool) GetBlock() []byte { // PutBlock releases a byte slice to pool func (p *FixedPool) PutBlock(block []byte) { - // just ingore block with mismatched size + // just ignore block with mismatched size if len(block) != p.size { return } diff --git a/bfe_util/get_l4lb_info.go b/bfe_util/get_l4lb_info.go index 4c4b71142..3ff7e9e4b 100644 --- a/bfe_util/get_l4lb_info.go +++ b/bfe_util/get_l4lb_info.go @@ -42,7 +42,7 @@ func GetVipPort(conn net.Conn) (net.IP, int, error) { return ParseIpAndPort(vaddr.String()) } - return nil, 0, fmt.Errorf("cann`t get vip and port when Layer4LoadBalancer is not set") + return nil, 0, fmt.Errorf("can`t get vip and port when Layer4LoadBalancer is not set") } // GetVip return vip for given conn diff --git a/bfe_util/get_net_info.go b/bfe_util/get_net_info.go index 39a521d65..7d06f0a85 100644 --- a/bfe_util/get_net_info.go +++ b/bfe_util/get_net_info.go @@ -54,12 +54,12 @@ type ConnFetcher interface { // GetTCPConn returns underlying TCPConn of given conn. func GetTCPConn(conn net.Conn) (*net.TCPConn, error) { - switch conn.(type) { + switch value := conn.(type) { case *bfe_tls.Conn: - c := conn.(*bfe_tls.Conn).GetNetConn() + c := value.GetNetConn() return c.(*net.TCPConn), nil case *net.TCPConn: - return conn.(*net.TCPConn), nil + return value, nil default: return nil, fmt.Errorf("GetTCPConn(): conn type not support %s", reflect.TypeOf(conn)) } @@ -101,6 +101,5 @@ func NativeUint16(data []byte) uint16 { // IsBigEndian check machine is big endian or not func IsBigEndian() bool { var i int32 = 0x12345678 - var b byte = byte(i) - return b == 0x12 + return byte(i) == 0x12 } diff --git a/bfe_util/hash_set/hash_set.go b/bfe_util/hash_set/hash_set.go index afc3b21aa..9c5bad22a 100644 --- a/bfe_util/hash_set/hash_set.go +++ b/bfe_util/hash_set/hash_set.go @@ -22,6 +22,7 @@ import ( "github.com/spaolacci/murmur3" ) +// LOAD_FACTOR /* in order to reduce the conflict of hash * hash array can be LOAD_FACTOR times larger than nodePool */ diff --git a/bfe_util/hash_set/node_pool.go b/bfe_util/hash_set/node_pool.go index 597c3078f..19fba7095 100644 --- a/bfe_util/hash_set/node_pool.go +++ b/bfe_util/hash_set/node_pool.go @@ -57,7 +57,7 @@ func newNodePool(elemNum, elemSize int, isFixedKeylen bool) *nodePool { for i := 0; i < elemNum-1; i += 1 { np.array[i].next = int32(i + 1) // link to the next node } - np.array[elemNum-1].next = -1 //intial value == -1, means end of the list + np.array[elemNum-1].next = -1 //initial value == -1, means end of the list np.freeNode = 0 //free node start from 0 np.capacity = elemNum @@ -116,7 +116,7 @@ func (np *nodePool) del(head int32, key []byte) int32 { // check at the head of List if np.compare(key, head) == 0 { newHead = np.array[head].next - np.recyleNode(head) //recyle the node + np.recycleNode(head) //recycle the node return newHead } @@ -129,7 +129,7 @@ func (np *nodePool) del(head int32, key []byte) int32 { } if np.compare(key, index) == 0 { np.array[pindex].next = np.array[index].next - np.recyleNode(index) //recyle the node + np.recycleNode(index) //recycle the node return head } pindex = index @@ -138,7 +138,7 @@ func (np *nodePool) del(head int32, key []byte) int32 { } /* del the node, add the node into freeNode list */ -func (np *nodePool) recyleNode(node int32) { +func (np *nodePool) recycleNode(node int32) { index := np.freeNode np.freeNode = node np.array[node].next = index diff --git a/bfe_util/hash_set/node_pool_test.go b/bfe_util/hash_set/node_pool_test.go index b4c35acc6..72ae85880 100644 --- a/bfe_util/hash_set/node_pool_test.go +++ b/bfe_util/hash_set/node_pool_test.go @@ -90,8 +90,8 @@ func TestGetFreeNode(t *testing.T) { if node != 0 || err != nil { t.Error("get node error") } - //case after recyleNode - np.recyleNode(3) + //case after recycleNode + np.recycleNode(3) node, err = np.getFreeNode() if node != 3 || err != nil { t.Error("get node error") diff --git a/bfe_util/ipdict/ip_loc_table.go b/bfe_util/ipdict/ip_loc_table.go index f6df22408..ef0080aae 100644 --- a/bfe_util/ipdict/ip_loc_table.go +++ b/bfe_util/ipdict/ip_loc_table.go @@ -69,7 +69,7 @@ func NewIpLocationTable(maxSize uint32, locLen uint32) (*IpLocationTable, error) ipLocTable.maxSize = maxSize ipLocTable.offset = 0 ipLocTable.LocLen = locLen - ipLocTable.locations = make([]byte, (HEADER_LEN+locLen)*maxSize, (HEADER_LEN+locLen)*maxSize) + ipLocTable.locations = make([]byte, (HEADER_LEN+locLen)*maxSize) return ipLocTable, nil } @@ -140,11 +140,11 @@ func (t *IpLocationTable) Search(cip net.IP) (string, error) { }) // get idx corresponding ip section's first ip - var fristIp net.IP + var firstIp net.IP if uint32(idx) <= indexLen-1 { s := uint32(idx) * (HEADER_LEN + t.LocLen) e := uint32(idx)*(HEADER_LEN+t.LocLen) + IP_SIZE - fristIp = t.locations[s:e] + firstIp = t.locations[s:e] } var preIdx uint32 @@ -152,9 +152,9 @@ func (t *IpLocationTable) Search(cip net.IP) (string, error) { if uint32(idx) == indexLen { // consider ipAdd last element(uint32(idx) == indexLen) preIdx = indexLen - 1 - } else if fristIp.Equal(ipAddr16) || idx == 0 { - // consider ipAdd locate in frist section (idx == 0) - // consider ipAdd is first ip in ip's section(fristIp == ipAddr16) + } else if firstIp.Equal(ipAddr16) || idx == 0 { + // consider ipAdd locate in first section (idx == 0) + // consider ipAdd is first ip in ip's section(firstIp == ipAddr16) preIdx = uint32(idx) } else { // other think ipAdd location previous section diff --git a/bfe_util/ipdict/txt_load/txt_load.go b/bfe_util/ipdict/txt_load/txt_load.go index b73720d5b..15f332ac2 100644 --- a/bfe_util/ipdict/txt_load/txt_load.go +++ b/bfe_util/ipdict/txt_load/txt_load.go @@ -17,8 +17,10 @@ package txt_load import ( "bufio" "bytes" + "encoding/binary" "errors" "fmt" + "math/big" "net" "os" "strings" @@ -56,7 +58,7 @@ func (f *TxtFileLoader) SetMaxLine(maxLine int) { /* checkSplit checks line split format - legal start ip and end ip is seprated by space[s]/tab[s] + legal start ip and end ip is separated by space[s]/tab[s] */ func checkSplit(line string, sep string) (net.IP, net.IP, error) { var startIPStr, endIPStr string @@ -94,6 +96,12 @@ func checkLine(line string) (net.IP, net.IP, error) { var startIP, endIP net.IP var err error + // check cidr format first + startIP, endIP, err = checkCIDR(line) + if startIP != nil && endIP != nil && err == nil { + return startIP, endIP, nil + } + // check space split segment startIP, endIP, err = checkSplit(line, " ") if err != nil { @@ -107,6 +115,16 @@ func checkLine(line string) (net.IP, net.IP, error) { return startIP, endIP, err } +// checkCIDR check cidr format +// legal format is [ipv4|ipv6]/xxx +func checkCIDR(line string) (net.IP, net.IP, error) { + _, netIP, err := net.ParseCIDR(line) + if err != nil { + return nil, nil, err + } + return netIP.IP, getLastIPAddress(netIP), nil +} + /* check Version num and load IP txt file to IP items in memory */ func (f TxtFileLoader) CheckAndLoad(curVersion string) (*ipdict.IPItems, error) { var startIP, endIP net.IP @@ -167,7 +185,7 @@ func (f TxtFileLoader) CheckAndLoad(curVersion string) (*ipdict.IPItems, error) } // insert start ip and end ip into dict - if bytes.Compare(startIP, endIP) == 0 { + if bytes.Equal(startIP, endIP) { // startIp == endIP insert single err = ipItems.InsertSingle(startIP) singleIPCounter += 1 @@ -208,3 +226,35 @@ func (f TxtFileLoader) CheckAndLoad(curVersion string) (*ipdict.IPItems, error) ipItems.Version = newVersion return ipItems, nil } + +// getLastIPAddress +// get last ip address for cidr +// 192.168.1.1/20 last address is 192.168.15.255 +const ( + ipv4BitsLen = 32 + ipv6BitsLen = 128 +) + +func getLastIPAddress(ipNet *net.IPNet) net.IP { + if ipNet == nil { + return nil + } + ones, bits := ipNet.Mask.Size() + lastIP := make(net.IP, 4) // default set ipv4 + + switch bits { + case ipv6BitsLen: + ipv6Count := (&big.Int{}).Lsh(big.NewInt(1), uint(bits-ones)) + startIPBytes := (&big.Int{}).SetBytes(ipNet.IP) + + lastIP = (&big.Int{}).Add(startIPBytes, big.NewInt(0).Sub(ipv6Count, big.NewInt(1))).Bytes() + case ipv4BitsLen: + ipv4Count := uint32(1 << (bits - ones)) + startIPBytes := binary.BigEndian.Uint32(ipNet.IP) + + binary.BigEndian.PutUint32(lastIP, startIPBytes+ipv4Count-1) + default: + return nil + } + return lastIP +} diff --git a/bfe_util/ipdict/txt_load/txt_load_test.go b/bfe_util/ipdict/txt_load/txt_load_test.go index 6fc909c73..0616b6d1a 100644 --- a/bfe_util/ipdict/txt_load/txt_load_test.go +++ b/bfe_util/ipdict/txt_load/txt_load_test.go @@ -156,6 +156,20 @@ func TestCheckLine_Case0(t *testing.T) { err != nil { t.Error("TestCheckLine():", err) } + line = "192.168.1.1/20" + startIP, endIP, err = checkLine(line) + if !startIP.Equal(net.ParseIP("192.168.0.0"))|| + !endIP.Equal(net.ParseIP("192.168.15.255"))|| + err != nil { + t.Error("TestCheckLine():", err) + } + line = "fdbd:ff1:ce00:443:8f5:1f05:2f9d:b6d0/20" + startIP, endIP, err = checkLine(line) + if !startIP.Equal(net.ParseIP("fdbd:0000:0000:0000:0000:0000:0000:0000"))|| + !endIP.Equal(net.ParseIP("fdbd:0fff:ffff:ffff:ffff:ffff:ffff:ffff"))|| + err != nil { + t.Error("TestCheckLine():", err) + } } func TestNewTxtFileLoader(t *testing.T) { diff --git a/bfe_util/json/json.go b/bfe_util/json/json.go index 692767c19..7fa811184 100644 --- a/bfe_util/json/json.go +++ b/bfe_util/json/json.go @@ -11,6 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. + package json import ( diff --git a/bfe_util/json/json_test.go b/bfe_util/json/json_test.go index e90b7970b..60ade9508 100644 --- a/bfe_util/json/json_test.go +++ b/bfe_util/json/json_test.go @@ -11,6 +11,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. + package json import ( @@ -41,6 +42,9 @@ func TestNewDecoder(t *testing.T) { var gb1 GslbBasicTestConf var gb2 GslbBasicTestConf file1, err := os.Open("./testdata/gb.json") + if err != nil { + t.FailNow() + } file2, err := os.Open("./testdata/gb.json") if err != nil { t.FailNow() @@ -112,7 +116,7 @@ func TestMarshalToString(t *testing.T) { Hello: "Hello", World: "World", } - var want string = "{\"Hello\":\"Hello\",\"World\":\"World\"}" + var want = "{\"Hello\":\"Hello\",\"World\":\"World\"}" ret, _ := MarshalToString(s) if ret != want { t.Errorf("MarshalToString() = %v, want %v", ret, want) @@ -129,7 +133,7 @@ func TestUnmarshalFromString(t *testing.T) { Hello: "Hello", World: "World", } - var want string = "{\"Hello\":\"Hello\",\"World\":\"World\"}" + var want = "{\"Hello\":\"Hello\",\"World\":\"World\"}" UnmarshalFromString(want, &s1) if !reflect.DeepEqual(s1, s2) { t.Errorf("UnmarshalFromString() = %v, want %v", s1, s2) diff --git a/bfe_util/json_util.go b/bfe_util/json_util.go index 5a23cb972..74056ea59 100644 --- a/bfe_util/json_util.go +++ b/bfe_util/json_util.go @@ -49,7 +49,7 @@ func DumpJson(jsonObject interface{}, filePath string, perm os.FileMode) error { return fmt.Errorf("marshal err %s", err) } - // mkdirall dir + // mkdir all dir dirPath := path.Dir(filePath) if err = os.MkdirAll(dirPath, 0755); err != nil { return fmt.Errorf("MkdirALl err %s", err.Error()) diff --git a/bfe_util/net_util/acl_table.go b/bfe_util/net_util/acl_table.go index 703fef0e5..4a234895c 100644 --- a/bfe_util/net_util/acl_table.go +++ b/bfe_util/net_util/acl_table.go @@ -136,5 +136,5 @@ func parseAclDataLine(line string) (string, error) { return ip, nil } - return ip, errors.New("formate error:" + line) + return ip, errors.New("format error:" + line) } diff --git a/bfe_util/net_util/ip_test.go b/bfe_util/net_util/ip_test.go index 2118ecfe3..76920f9a1 100644 --- a/bfe_util/net_util/ip_test.go +++ b/bfe_util/net_util/ip_test.go @@ -55,10 +55,10 @@ func TestIPv4StrToUint32(t *testing.T) { if ipInt, err := IPv4StrToUint32(testStr); err != nil { t.Errorf("err in convert %s to uint 32: %v", testStr, err) } else { - comfirmInt := uint32(1) - if ipInt != comfirmInt { + confirmInt := uint32(1) + if ipInt != confirmInt { t.Errorf("ip %s should be converted to %d, but %d get", - testStr, ipInt, comfirmInt) + testStr, ipInt, confirmInt) } } @@ -66,10 +66,10 @@ func TestIPv4StrToUint32(t *testing.T) { if ipInt, err := IPv4StrToUint32(testStr); err != nil { t.Errorf("err in convert %s to uint 32: %v", testStr, err) } else { - comfirmInt := uint32(1)<<8 + uint32(1) - if ipInt != comfirmInt { + confirmInt := uint32(1)<<8 + uint32(1) + if ipInt != confirmInt { t.Errorf("ip %s should be converted to %d, but %d get", - testStr, ipInt, comfirmInt) + testStr, ipInt, confirmInt) } } @@ -77,10 +77,10 @@ func TestIPv4StrToUint32(t *testing.T) { if ipInt, err := IPv4StrToUint32(testStr); err != nil { t.Errorf("err in convert %s to uint 32: %v", testStr, err) } else { - comfirmInt := uint32(1)<<16 + uint32(1)<<8 + uint32(1) - if ipInt != comfirmInt { + confirmInt := uint32(1)<<16 + uint32(1)<<8 + uint32(1) + if ipInt != confirmInt { t.Errorf("ip %s should be converted to %d, but %d get", - testStr, ipInt, comfirmInt) + testStr, ipInt, confirmInt) } } @@ -88,10 +88,10 @@ func TestIPv4StrToUint32(t *testing.T) { if ipInt, err := IPv4StrToUint32(testStr); err != nil { t.Errorf("err in convert %s to uint 32: %v", testStr, err) } else { - comfirmInt := uint32(1)<<24 + uint32(1)<<16 + uint32(1)<<8 + uint32(1) - if ipInt != comfirmInt { + confirmInt := uint32(1)<<24 + uint32(1)<<16 + uint32(1)<<8 + uint32(1) + if ipInt != confirmInt { t.Errorf("ip %s should be converted to %d, but %d get", - testStr, ipInt, comfirmInt) + testStr, ipInt, confirmInt) } } diff --git a/bfe_util/pipe/pipe.go b/bfe_util/pipe/pipe.go index 56919fa36..56655f954 100644 --- a/bfe_util/pipe/pipe.go +++ b/bfe_util/pipe/pipe.go @@ -184,7 +184,7 @@ func NewPipeFromBufferPool(pool *sync.Pool) *Pipe { return p } -// Release() releases underlying fixed buffer +// Release releases underlying fixed buffer func (p *Pipe) Release(pool *sync.Pool) { p.mu.Lock() defer p.mu.Unlock() diff --git a/bfe_util/signal_table/register_signal.go b/bfe_util/signal_table/register_signal.go index 0ab793317..cf553d313 100644 --- a/bfe_util/signal_table/register_signal.go +++ b/bfe_util/signal_table/register_signal.go @@ -18,7 +18,7 @@ import ( "syscall" ) -// register signal handlers +// RegisterSignalHandlers register signal handlers func RegisterSignalHandlers(signalTable *SignalTable) { // term handlers signalTable.Register(syscall.SIGTERM, TermHandler) diff --git a/bfe_util/socket_util.go b/bfe_util/socket_util.go index 8244ca036..b04e5c09b 100644 --- a/bfe_util/socket_util.go +++ b/bfe_util/socket_util.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build !windows // +build !windows package bfe_util @@ -20,9 +21,9 @@ import ( sys "golang.org/x/sys/unix" ) -// GetsockoptMutiByte returns the value of the socket option opt for the +// GetsockoptMultiByte returns the value of the socket option opt for the // socket associated with fd at the given socket level. -func GetsockoptMutiByte(fd, level, opt int) ([]byte, error) { +func GetsockoptMultiByte(fd, level, opt int) ([]byte, error) { val, err := sys.GetsockoptString(fd, level, opt) return []byte(val), err } diff --git a/bfe_util/socket_util_windows.go b/bfe_util/socket_util_windows.go index c7595a126..079950286 100644 --- a/bfe_util/socket_util_windows.go +++ b/bfe_util/socket_util_windows.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build windows // +build windows package bfe_util @@ -20,8 +21,8 @@ import ( "errors" ) -// GetsockoptMutiByte returns the value of the socket option opt for the +// GetsockoptMultiByte returns the value of the socket option opt for the // socket associated with fd at the given socket level. -func GetsockoptMutiByte(fd, level, opt int) ([]byte, error) { - return nil, errors.New("GetsockoptMutiByte is not supported on Windows OS.") +func GetsockoptMultiByte(fd, level, opt int) ([]byte, error) { + return nil, errors.New("GetsockoptMultiByte is not supported on Windows OS") } diff --git a/bfe_util/time.go b/bfe_util/time.go index 93e4a2526..1a5ade6e9 100644 --- a/bfe_util/time.go +++ b/bfe_util/time.go @@ -21,7 +21,7 @@ import ( ) var ( - // reference: https://en.wikipedia.org/wiki/List_of_military_time_zones + // TimeZoneMap reference: https://en.wikipedia.org/wiki/List_of_military_time_zones TimeZoneMap = map[string]int{ // alphabet => time offset "Y": -12 * 3600, // UTC-12 "X": -11 * 3600, diff --git a/conf/bfe.conf b/conf/bfe.conf index f32ab5f13..83d3f0ce3 100644 --- a/conf/bfe.conf +++ b/conf/bfe.conf @@ -5,6 +5,8 @@ HttpPort = 8080 HttpsPort = 8443 # listen port for monitor request MonitorPort = 8421 +# if false, disable monitor server +MonitorEnabled = true # max number of CPUs to use (0 to use all CPUs) MaxCpus = 0 diff --git a/conf/mod_block/ip_blocklist.data b/conf/mod_block/ip_blocklist.data index 03894982a..bedb9b051 100644 --- a/conf/mod_block/ip_blocklist.data +++ b/conf/mod_block/ip_blocklist.data @@ -1,2 +1,4 @@ 192.168.1.253 192.168.1.254 192.168.1.250 +192.168.1.250/20 + diff --git a/docs/en_us/ABOUT.md b/docs/en_us/ABOUT.md index 55a804266..6a560f543 100644 --- a/docs/en_us/ABOUT.md +++ b/docs/en_us/ABOUT.md @@ -14,11 +14,10 @@ The BFE documentation is composed of a few major sections: * **How to contribute**: Information on how to contribute to BFE project. -* **FAQ**: Answers to frequently ask question. +* **FAQ**: Answers to frequently ask question. * **Monitor reference**: metrics detailed reference. * **Condition reference**: Condition detailed reference. If you can’t find what you are looking for, or have an issue not covered here, we’d love to hear from you on [Github](https://github.com/bfenetworks/bfe/issues). - diff --git a/docs/en_us/COMMUNITY.md b/docs/en_us/COMMUNITY.md index 5e6be5468..e4a9f57db 100644 --- a/docs/en_us/COMMUNITY.md +++ b/docs/en_us/COMMUNITY.md @@ -1,6 +1,6 @@ We are very interested in building a community around BFE. If you are interested in using it or need help, please feel free to contact us. -## COMMUNITY +## COMMUNITY **BFE user forum**: [Github Discussions](https://github.com/bfenetworks/bfe/discussions). @@ -12,22 +12,18 @@ We are very interested in building a community around BFE. If you are interested **Issue tracker**: Use the [GitHub issue tracker](https://github.com/bfenetworks/bfe/issues) to file bugs and features request. - ## CONTRIBUTING We sincerely appreciate your contribution. Please visit the [BFE repository](https://github.com/bfenetworks/bfe) and follow the [workflow](https://github.com/bfenetworks/bfe/blob/develop/CONTRIBUTING.md). - ## PROJECT GOVERNANCE -BFE is an independent open-source project. BFE community follow [the following rules](https://github.com/bfenetworks/bfe/blob/develop/GOVERNANCE.md). +BFE is an independent open-source project. BFE community follow [the following rules](https://github.com/bfenetworks/bfe/blob/develop/GOVERNANCE.md). ## CODE OF CONDUCT -To make BFE a welcoming and harassment-free experience for everyone, we follow the following [Code of Conduct](https://github.com/bfenetworks/bfe/blob/develop/CODE_OF_CONDUCT.md). +To make BFE a welcoming and harassment-free experience for everyone, we follow the following [Code of Conduct](https://github.com/bfenetworks/bfe/blob/develop/CODE_OF_CONDUCT.md). ## APPLICATION FOR SPECIAL COOPERATION Welcome to [email us](mailto: bfe-osc@baidu.com). - - diff --git a/docs/en_us/DOWNLOAD.md b/docs/en_us/DOWNLOAD.md index e13f66a0c..b3956378f 100644 --- a/docs/en_us/DOWNLOAD.md +++ b/docs/en_us/DOWNLOAD.md @@ -11,7 +11,6 @@ We provide precompiled binaries for bfe components. [Download the latest release | [bfe_1.4.0_linux_arm64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.4.0/bfe_1.4.0_linux_arm64.tar.gz) | linux | arm64 | 8.8 MB | 33de43a45fd6c6414b4359aa2c3e1141d2299ee07ad6dfb48d2afd1af1561734 | | [bfe_1.4.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.4.0/bfe_1.4.0_windows_amd64.tar.gz) | windows | amd64 | 9.59 MB | c637b5917a428850dde470e915eaac3076707da8959392d38bce70eee2190767 | - ## bfe v1.3.0 * 2021-09-16 [Release notes](https://github.com/bfenetworks/bfe/releases/tag/v1.3.0) @@ -23,8 +22,6 @@ We provide precompiled binaries for bfe components. [Download the latest release | [bfe_1.3.0_linux_arm64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.3.0/bfe_1.3.0_linux_arm64.tar.gz) | linux | arm64 | 8.72 MB | 43e9fdf9e909af6365727ee88c2b78d9e825f8828d5b2050f4cb8c6b6fb0add2 | | [bfe_1.3.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.3.0/bfe_1.3.0_windows_amd64.tar.gz) | windows | amd64 | 9.48 MB | 87cdadbfa5e7bbd413b1fc853c0824971fdb2777c111c3dea22893c3a48363b8 | - - ## bfe v1.2.0 * 2021-06-21 [Release notes](https://github.com/bfenetworks/bfe/releases/tag/v1.2.0) @@ -36,7 +33,6 @@ We provide precompiled binaries for bfe components. [Download the latest release | [bfe_1.2.0_linux_arm64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.2.0/bfe_1.2.0_linux_arm64.tar.gz) | linux | arm64 | 11.8 MB | 87c83da7e182fe556f60be951c7c611f9ae144fa04d87986a5c18bcd93d9dde9 | | [bfe_1.2.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.2.0/bfe_1.2.0_windows_amd64.tar.gz) | windows | amd64 | 12.1 MB | e1b920fd6d8a4454120822e1640d2fd65c90fd7ec77983a661f426c82918cecd | - ## bfe v1.1.0 * 2021-04-08 [Release notes](https://github.com/bfenetworks/bfe/releases/tag/v1.1.0) @@ -48,7 +44,6 @@ We provide precompiled binaries for bfe components. [Download the latest release | [bfe_1.1.0_linux_arm64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.1.0/bfe_1.1.0_linux_arm64.tar.gz) | linux | arm64 | 11.8 MB | a2b6047eb4121a0ff6a0255699384a94b094f9d60553ad9e2a11ee39647320bd | | [bfe_1.1.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.1.0/bfe_1.1.0_windows_amd64.tar.gz) | windows | amd64 | 12.1 MB | e2c49b49c45db9fb89ffcf7688de08f6c73c58035021763bd9b61b7e0dbe7771 | - ## bfe v1.0.0 * 2021-01-15 [Release notes](https://github.com/bfenetworks/bfe/releases/tag/v1.0.0) @@ -60,7 +55,6 @@ We provide precompiled binaries for bfe components. [Download the latest release | [bfe_1.0.0_linux_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.0.0/bfe_1.0.0_linux_amd64.tar.gz) | linux | amd64 | 6.18 MB | 5ec46c26827d554ba4c76f7f5e12b6b6afb68a9333213065802fa425fb81cbd1 | | [bfe_1.0.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.0.0/bfe_1.0.0_windows_amd64.tar.gz) | windows | amd64 | 6.15 MB | 95ba788d0335ac536036c77e39249ce1629b2d159c942293077fd57ddc487f29 | - ## bfe v0.10.0 * 2020-05-25 [Release notes](https://github.com/bfenetworks/bfe/releases/tag/v0.10.0) @@ -80,4 +74,3 @@ We provide precompiled binaries for bfe components. [Download the latest release | [bfe_0.9.0_darwin_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v0.9.0/bfe_0.9.0_darwin_amd64.tar.gz) | darwin | amd64 | 9.75 MB | 3bdbb80cc4946bc85b7295fc86ca86800e7811d20f37b36037aadfc7df718ad9 | | [bfe_0.9.0_linux_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v0.9.0/bfe_0.9.0_linux_amd64.tar.gz) | linux | amd64 | 10.90 MB | 9b6aaac88651d88e86e67835b5ae0bdbe1c76076382b198f0aeb0b94b7572887 | | [bfe_0.9.0_windows_amd64.zip](https://github.com/bfenetworks/bfe/releases/download/v0.9.0/bfe_0.9.0_windows_amd64.zip) | windows | amd64 | 9.75 MB | 4079f97b544b3070bec3ad65a28ccb816290890a278a51c88c81c15405c1f8cf | - diff --git a/docs/en_us/SUMMARY.md b/docs/en_us/SUMMARY.md index b80653897..93c25d2fe 100644 --- a/docs/en_us/SUMMARY.md +++ b/docs/en_us/SUMMARY.md @@ -11,7 +11,7 @@ * [Traffic balancing](introduction/balance.md) * [Getting help](introduction/getting_help.md) * [Version History](https://github.com/bfenetworks/bfe/blob/master/CHANGELOG.md) -* Getting Started +* Getting Started * [Install](installation/install_from_source.md) * [User Guides](example/guide.md) * [Traffic forwarding](example/route.md) @@ -91,7 +91,7 @@ * [Performance](faq/performance.md) * [Development](faq/development.md) * Appendix A: Monitor - * Protocol + * Protocol * [TLS](monitor/tls_state.md) * [HTTP](monitor/http_state.md) * [HTTP2](monitor/http2_state.md) diff --git a/docs/en_us/condition/condition_grammar.md b/docs/en_us/condition/condition_grammar.md index 63da69b79..3736f7d31 100644 --- a/docs/en_us/condition/condition_grammar.md +++ b/docs/en_us/condition/condition_grammar.md @@ -1,6 +1,5 @@ # Concept and Grammar - ## Basic Concepts ### Condition Primitive @@ -59,7 +58,6 @@ func_name(params) - **params** are the parameters condition primitive - The type of return value is **bool** - ### Condition Expression Grammar Condition Expression(CE) grammar is defined as follows: @@ -95,5 +93,3 @@ The precedence and associativity of operators are similar to the C language. The | 2 | ! | logical NOT | Right-to-left | | 3 | && | logical AND | Left-to-right | | 4 | \|\| | logical OR | Left-to-right | - - diff --git a/docs/en_us/condition/condition_naming_convention.md b/docs/en_us/condition/condition_naming_convention.md index 85756e83e..f7e65a119 100644 --- a/docs/en_us/condition/condition_naming_convention.md +++ b/docs/en_us/condition/condition_naming_convention.md @@ -17,9 +17,10 @@ BFE adopts the following naming convention for condition primitives. - e.g. bfe_time_range() ## Name of comparison operations + - **match**: exact match - eg. req_tag_match() - + - **in**: whether an element exists in a set or not - eg. req_host_in() @@ -44,9 +45,9 @@ BFE adopts the following naming convention for condition primitives. - **range**: range match - eg. req_cip_range() -- **regmatch**: use regular expression to match +- **regmatch**: use regular expression to match - eg. req_url_regmatch() - Warning: Inappropriate use can significantly affect performance - + - **contain**: string match - eg. req_cookie_value_contain() diff --git a/docs/en_us/condition/condition_primitive_index.md b/docs/en_us/condition/condition_primitive_index.md index 659451deb..da5af7f7c 100644 --- a/docs/en_us/condition/condition_primitive_index.md +++ b/docs/en_us/condition/condition_primitive_index.md @@ -1,54 +1,114 @@ # Condition Primitive Index ## Request Primitive + +### cip + * [req_cip_hash_in(value_list)](./request/ip.md#req_cip_hash_invalue_list) * [req_cip_range(start_ip, end_ip)](./request/ip.md#req_cip_rangestart_ip-end_ip) * [req_cip_trusted()](./request/ip.md#req_cip_trusted) + +### context + + * [req_context_value_in(key, value_list, case_insensitive)](./request/context.md#req_context_value_inkey-value_list-case_insensitive) + +### cookie + * [req_cookie_key_in(key_list)](./request/cookie.md#req_cookie_key_inkey_list) * [req_cookie_value_contain(key, value, case_insensitive)](./request/cookie.md#req_cookie_value_containkey-value-case_insensitive) - * [req_cookie_value_in(key, value_list, case_insensitive)](./request/cookie.md#req_cookie_value_inkey-value_list-case_insensitive) * [req_cookie_value_hash_in(key, value_list, case_insensitive)](./request/cookie.md#req_cookie_value_hash_inkey-value_list-case_insensitive) + * [req_cookie_value_in(key, value_list, case_insensitive)](./request/cookie.md#req_cookie_value_inkey-value_list-case_insensitive) * [req_cookie_value_prefix_in(key, value_prefix_list, case_insensitive)](./request/cookie.md#req_cookie_value_prefix_inkey-value_prefix_list-case_insensitive) * [req_cookie_value_suffix_in(key, value_suffix_list, case_insensitive)](./request/cookie.md#req_cookie_value_suffix_inkey-value_suffix_list-case_insensitive) + +### header + * [req_header_key_in(key_list)](./request/header.md#req_header_key_inkey_list) * [req_header_value_contain(key, value_list, case_insensitive)](./request/header.md#req_header_value_containheader_name-value_list-case_insensitive) - * [req_header_value_in(header_name, value_list, case_insensitive)](./request/header.md#req_header_value_inheader_name-value_list-case_insensitive) * [req_header_value_hash_in(header_name, value_list, case_insensitive)](./request/header.md#req_header_value_hash_inheader_name-value_list-case_insensitive) + * [req_header_value_in(header_name, value_list, case_insensitive)](./request/header.md#req_header_value_inheader_name-value_list-case_insensitive) * [req_header_value_prefix_in(header_name, value_prefix_list, case_insensitive)](./request/header.md#req_header_value_prefix_inheader_name-value_prefix_list-case_insensitive) * [req_header_value_suffix_in(header_name, value_suffix_list, case_insensitive)](./request/header.md#req_header_value_suffix_inheader_name-value_suffix_list-case_insensitive) + +### host + * [req_host_in(host_list)](./request/uri.md#req_host_inhost_list) + +### method + * [req_method_in(method_list)](./request/method.md#req_method_inmethod_list) - * [req_proto_secure()](./request/protocol.md#req_proto_secure) - * [req_tag_match(tagName, tagValue)](./request/tag.md#req_tag_matchtagname-tagvalue) - * [req_path_in(path_list, case_insensitive)](./request/uri.md#req_path_inpath_list-case_insensitive) + +### path + * [req_path_contain(path_list, case_insensitive)](./request/uri.md#req_path_containpath_list-case_insensitive) - * [req_path_prefix_in(prefix_list, case_insensitive)](./request/uri.md#req_path_prefix_inprefix_list-case_insensitive) * [req_path_element_prefix_in(prefix_list, case_insensitive)](./request/uri.md#req_path_element_prefix_inprefix_list-case_insensitive) + * [req_path_in(path_list, case_insensitive)](./request/uri.md#req_path_inpath_list-case_insensitive) + * [req_path_prefix_in(prefix_list, case_insensitive)](./request/uri.md#req_path_prefix_inprefix_list-case_insensitive) * [req_path_suffix_in(suffix_list, case_insensitive)](./request/uri.md#req_path_suffix_insuffix_list-case_insensitive) + +### port + + * [req_port_in(port_list)](./request/uri.md#req_port_inport_list) + +### protocol + + * [req_proto_secure()](./request/protocol.md#req_proto_secure) + +### query + * [req_query_key_in(key_list)](./request/uri.md#req_query_key_inkey_list) * [req_query_key_prefix_in(prefix_list)](./request/uri.md#req_query_key_prefix_inprefix_list) - * [req_query_value_in(key, value_list, case_insensitive)](./request/uri.md#req_query_value_inkey-value_list-case_insensitive) * [req_query_value_hash_in(key, value_list, case_insensitive)](./request/uri.md#req_query_value_hash_inkey-value_list-case_insensitive) + * [req_query_value_in(key, value_list, case_insensitive)](./request/uri.md#req_query_value_inkey-value_list-case_insensitive) * [req_query_value_prefix_in(key, prefix_list, case_insensitive)](./request/uri.md#req_query_value_prefix_inkey-prefix_list-case_insensitive) * [req_query_value_suffix_in(key, suffix_list, case_insensitive)](./request/uri.md#req_query_value_suffix_inkey-suffix_list-case_insensitive) - * [req_port_in(port_list)](./request/uri.md#req_port_inport_list) + +### tag + + * [req_tag_match(tagName, tagValue)](./request/tag.md#req_tag_matchtagname-tagvalue) + +### url + * [req_url_regmatch(reg_exp)](./request/uri.md#req_url_regmatchreg_exp) + +### vip + * [req_vip_in(vip_list)](./request/ip.md#req_vip_invip_list) * [req_vip_range(start_ip, end_ip)](./request/ip.md#req_vip_rangestart_ip-end_ip) ## Response Primitive + +### code + * [res_code_in(codes)](./response/code.md#res_code_incodes) + +### header + * [res_header_key_in(key_list)](./response/header.md#res_header_key_inkey_list) * [res_header_value_in(key, value_list, case_insensitive)](./response/header.md#res_header_value_inkey-value_list-case_insensitive) ## Session Primitive + +### sip + * [ses_sip_range(start_ip, end_ip)](./session/ip.md#ses_sip_rangestart_ip-end_ip) - * [ses_vip_range(start_ip, end_ip)](./session/ip.md#ses_vip_rangestart_ip-end_ip) - * [ses_tls_sni_in(host_list)](./session/tls.md#ses_tls_sni_inhost_list) + +### tls client + * [ses_tls_client_auth()](./session/tls.md#ses_tls_client_auth) * [ses_tls_client_ca_in(ca_list)](./session/tls.md#ses_tls_client_ca_inca_list) +### tls sni + + * [ses_tls_sni_in(host_list)](./session/tls.md#ses_tls_sni_inhost_list) + +### vip + + * [ses_vip_range(start_ip, end_ip)](./session/ip.md#ses_vip_rangestart_ip-end_ip) + ## System Primitive + +### time + * [bfe_time_range(start_time, end_time)](./system/time.md#bfe_time_rangestart_time-end_time) * [bfe_periodic_time_range(start_time, end_time, period)](./system/time.md#bfe_periodic_time_rangestart_time-end_time-period) - diff --git a/docs/en_us/condition/request/context.md b/docs/en_us/condition/request/context.md new file mode 100644 index 000000000..75d551eb4 --- /dev/null +++ b/docs/en_us/condition/request/context.md @@ -0,0 +1,17 @@ +## req_context_value_in(key, value_list, case_insensitive) + +* Description: Judge if value of context key matches configured patterns + +* Parameters + +| Parameter | Description | +| --------- | ---------- | +| key | String
context key | +| value_list | String
a list of query values which are concatenated using | | +| case_insensitive | Boolean
case insensitive | + +* Example + +```go +req_context_value_in("cmd", "add|del|list", true) +``` diff --git a/docs/en_us/condition/request/cookie.md b/docs/en_us/condition/request/cookie.md index 3077bd70c..13ef95bed 100644 --- a/docs/en_us/condition/request/cookie.md +++ b/docs/en_us/condition/request/cookie.md @@ -1,6 +1,7 @@ # Request Cookie Related Primitives ## req_cookie_key_in(key_list) + * Description: Judge if cookie key matches configured patterns * Parameters @@ -9,7 +10,6 @@ | --------- | ---------- | | key_list | String
a list of cookie keys which are concatenated using | | - * Example ```go @@ -17,6 +17,7 @@ req_cookie_key_in("uid|cid|uss") ``` ## req_cookie_value_in(key, value_list, case_insensitive) + * Description: Judge if value of cookie key matches configured patterns * Parameters @@ -34,6 +35,7 @@ req_cookie_value_in("deviceid", "testid", true) ``` ## req_cookie_value_prefix_in(key, value_prefix_list, case_insensitive) + * Description: Judge if value prefix of cookie key matches configured patterns * Parameters @@ -51,6 +53,7 @@ req_cookie_value_prefix_in("deviceid", "x", true) ``` ## req_cookie_value_suffix_in(key, value_suffix_list, case_insensitive) + * Description: Judge if value suffix of cookie key matches configured patterns * Parameters @@ -68,6 +71,7 @@ req_cookie_value_suffix_in("deviceid", "1", true) ``` ## req_cookie_value_hash_in(key, value_list, case_insensitive) + * Description: Judge if hash value of specified cookie matches configured patterns(value range: 0~9999) * Parameters @@ -85,6 +89,7 @@ req_cookie_value_hash_in("uid", "100", true) ``` ## req_cookie_value_contain(key, value, case_insensitive) + * Description: Judge if value of cookie key contains configured patterns * Parameters @@ -95,7 +100,6 @@ req_cookie_value_hash_in("uid", "100", true) | value | String
a string | | case_insensitive | Boolean
case insensitive | - * Example ```go diff --git a/docs/en_us/condition/request/header.md b/docs/en_us/condition/request/header.md index 84c06130b..ecdaf3985 100644 --- a/docs/en_us/condition/request/header.md +++ b/docs/en_us/condition/request/header.md @@ -1,6 +1,7 @@ # Request Header Related Primitives ## req_header_key_in(key_list) + * Description: Judge if header key in matches configured patterns * Parameters @@ -22,6 +23,7 @@ req_header_key_in("header-Test") ``` ## req_header_value_in(header_name, value_list, case_insensitive) + * Description: - Judge if value of key in header matches configured patterns @@ -40,6 +42,7 @@ req_header_value_in("Referer", "https://example.org/login", true) ``` ## req_header_value_prefix_in(header_name, value_prefix_list, case_insensitive) + * Description: Judge if value prefix of key in header matches configured patterns * Parameters @@ -57,6 +60,7 @@ req_header_prefix_value_in("Referer", "https://example.org", true) ``` ## req_header_value_suffix_in(header_name, value_suffix_list, case_insensitive) + * Description: Judge if value suffix of key in header matches configured patterns * Parameters @@ -74,6 +78,7 @@ req_header_suffix_value_in("User-Agent", "2.0.4", true) ``` ## req_header_value_hash_in(header_name, value_list, case_insensitive) + * Description: Judge if hash value of specified header matches configured patterns (value range: 0~9999) * Parameters @@ -91,6 +96,7 @@ req_header_value_hash_in("X-Device-Id", "100-200|400", true) ``` ## req_header_value_contain(header_name, value_list, case_insensitive) + * Description: Judge if value of key in header contains configured patterns * Parameters diff --git a/docs/en_us/condition/request/ip.md b/docs/en_us/condition/request/ip.md index e65d352a7..111f40c9b 100644 --- a/docs/en_us/condition/request/ip.md +++ b/docs/en_us/condition/request/ip.md @@ -1,14 +1,15 @@ # IP Related Primitives ## req_cip_range(start_ip, end_ip) + * Description: Judge if client IP is in [start_ip, end_ip] * Parameters | Parameter | Description | | --------- | ---------- | -| start_ip| String
start ip address | -| end_ip| String
end ip address | +| start_ip| String
start ip address | +| end_ip| String
end ip address | * Example @@ -17,9 +18,11 @@ req_cip_range("10.0.0.1", "10.0.0.10") ``` ## req_cip_trusted() + * Description: Judge if client IP is trust IP ## req_cip_hash_in(value_list) + * Description: - Judge if client IP after hash matches configured patterns (value after hash is 0~9999) @@ -38,6 +41,7 @@ req_cip_hash_in("100-200|1000-1000") ``` ## req_vip_in(vip_list) + * Description: Judge if VIP is in configured VIP list * Parameters @@ -53,14 +57,15 @@ req_vip_in("10.0.0.1|10.0.0.2") ``` ## req_vip_range(start_ip, end_ip) + * Description: Judge if VIP is in [start_ip, end_ip] * Parameters | Parameter | Description | | --------- | ---------- | -| start_ip| String
start ip address | -| end_ip| String
end ip address | +| start_ip| String
start ip address | +| end_ip| String
end ip address | * Example diff --git a/docs/en_us/condition/request/method.md b/docs/en_us/condition/request/method.md index 87d8501f6..e34d047b2 100644 --- a/docs/en_us/condition/request/method.md +++ b/docs/en_us/condition/request/method.md @@ -1,6 +1,7 @@ # Request Method Related Primitives ## req_method_in(method_list) + * Description: Judge if request method matches configured patterns * Parameters diff --git a/docs/en_us/condition/request/protocol.md b/docs/en_us/condition/request/protocol.md index 7bf13579c..061b0949a 100644 --- a/docs/en_us/condition/request/protocol.md +++ b/docs/en_us/condition/request/protocol.md @@ -1,4 +1,5 @@ # Protocol Related Primitives ## req_proto_secure() + * Description: Judge if request is over TLS protocol(ie. HTTPS/SPDY/HTTP2) diff --git a/docs/en_us/condition/request/tag.md b/docs/en_us/condition/request/tag.md index a91a6f8b4..b2c36161b 100644 --- a/docs/en_us/condition/request/tag.md +++ b/docs/en_us/condition/request/tag.md @@ -1,8 +1,8 @@ # Request Tag Related Primtives ## req_tag_match(tagName, tagValue) -* Description: Judge if request tag matches configured value +* Description: Judge if request tag matches configured value * Parameters @@ -11,7 +11,6 @@ | tagName | String
tag name | | tagValue | String
tag value | - * Example ```go diff --git a/docs/en_us/condition/request/uri.md b/docs/en_us/condition/request/uri.md index 87cb2e9bd..d42d17d1f 100644 --- a/docs/en_us/condition/request/uri.md +++ b/docs/en_us/condition/request/uri.md @@ -1,6 +1,7 @@ # Request URI Related Primitives ## req_host_in(host_list) + * Description: Judge if host matches configured patterns * Parameters @@ -20,6 +21,7 @@ req_host_in("www.bfe-networks.com | bfe-networks.com") ``` ## req_path_in(path_list, case_insensitive) + * Description: Judge if request path matches configured patterns * Parameters @@ -36,6 +38,7 @@ req_path_in("/api/search|/api/list", true) ``` ## req_path_contain(path_list, case_insensitive) + * Description: Judge if request path contains configured patterns * Parameters @@ -52,6 +55,7 @@ req_path_contain("search|analytics", true) ``` ## req_path_prefix_in(prefix_list, case_insensitive) + * Description: Judge if request path prefix matches configured patterns * Parameters @@ -66,8 +70,9 @@ req_path_contain("search|analytics", true) ```go req_path_prefix_in("/api/report|/api/analytics", false) ``` - + ## req_path_suffix_in(suffix_list, case_insensitive) + * Description: Judge if request path suffix matches configured patterns * Parameters @@ -84,6 +89,7 @@ req_path_suffix_in(".php|.jsp", false) ``` ## req_path_element_prefix_in(prefix_list, case_insensitive) + * Description: Judge if request path element prefix matches configured patterns * Parameters @@ -98,7 +104,9 @@ req_path_suffix_in(".php|.jsp", false) ```go req_path_element_prefix_in("/api/report/|/api/analytics/", false) ``` + ## req_query_key_in(key_list) + * Description: Judge if query key matches configured patterns * Parameters @@ -114,6 +122,7 @@ req_query_key_exist("word|wd") ``` ## req_query_key_prefix_in(prefix_list) + * Description: Judge if query key prefix matches configured patterns * Parameters @@ -122,7 +131,6 @@ req_query_key_exist("word|wd") | --------- | ---------- | | prefix_list | String
a list of query key prefixs which are concatenated using | | - * Example ```go @@ -130,6 +138,7 @@ req_query_key_prefix_in("rid") ``` ## req_query_value_in(key, value_list, case_insensitive) + * Description: Judge if value of query key matches configured patterns * Parameters @@ -147,6 +156,7 @@ req_query_value_in("uid", "x|y|z", true) ``` ## req_query_value_prefix_in(key, prefix_list, case_insensitive) + * Description: Judge if value prefix of query key matches configured patterns * Parameters @@ -164,6 +174,7 @@ req_query_value_prefix_in("uid", "100|200", true) ``` ## req_query_value_suffix_in(key, suffix_list, case_insensitive) + * Description: Judge if value suffix of query key matches configured patterns * Parameters @@ -181,6 +192,7 @@ req_query_value_suffix_in("uid", "1|2|3", true) ``` ## req_query_value_hash_in(key, value_list, case_insensitive) + * Description: Judge if the hash value of specified query matches configured patterns (value after hash is 0~9999) * Parameters @@ -198,6 +210,7 @@ req_query_value_hash_in("cid", "100", true) ``` ## req_port_in(port_list) + * Description: Judge if port matches configured patterns * Parameters @@ -206,7 +219,6 @@ req_query_value_hash_in("cid", "100", true) | --------- | ---------- | | port_list | String
a list of ports which are concatenated using | | - * Example ```go @@ -214,6 +226,7 @@ req_port_in("80|8080") ``` ## req_url_regmatch(reg_exp) + * Description: patterns is regular expression to match url * Parameters diff --git a/docs/en_us/condition/response/code.md b/docs/en_us/condition/response/code.md index 63f24761f..966452b30 100644 --- a/docs/en_us/condition/response/code.md +++ b/docs/en_us/condition/response/code.md @@ -1,6 +1,7 @@ # Response code related primitives ## res_code_in(codes) + * Description: Judge response HTTP status code is in configured codes * Parameters @@ -9,7 +10,6 @@ | --------- | ---------- | | codes | String
a list of codes which are concatenated using | | - * Example ```go diff --git a/docs/en_us/condition/response/header.md b/docs/en_us/condition/response/header.md index e154efd74..d6a30be7b 100644 --- a/docs/en_us/condition/response/header.md +++ b/docs/en_us/condition/response/header.md @@ -1,6 +1,7 @@ # Response header related primitives ## res_header_key_in(key_list) + * Description: Judge if key in Header of response matches configured key_list * Parameters @@ -9,7 +10,6 @@ | --------- | ---------- | | key_list | String
a list of header keys which are concatenated using | | - * Example ```go @@ -17,6 +17,7 @@ res_header_key_in("X-Bfe-Debug") ``` ## res_header_value_in(key, value_list, case_insensitive) + * Description: Judge if value of key in response header matches configured patterns * Parameters @@ -27,7 +28,6 @@ res_header_key_in("X-Bfe-Debug") | value_list | String
a list of header values which are concatenated using | | | case_insensitive | Boolean
case insensitive | - * Example ```go diff --git a/docs/en_us/condition/session/ip.md b/docs/en_us/condition/session/ip.md index 6aa36a9f5..c782efed3 100644 --- a/docs/en_us/condition/session/ip.md +++ b/docs/en_us/condition/session/ip.md @@ -1,6 +1,7 @@ # Session IP related primitives ## ses_sip_range(start_ip, end_ip) + * Description: Judge if source IP of session is in [start_ip, end_ip] * Parameter @@ -10,7 +11,6 @@ | start_ip | String
start ip address | | end_ip | String
end ip address | - * Example ```go @@ -18,6 +18,7 @@ ses_sip_range("10.0.0.1", "10.0.0.10") ``` ## ses_vip_range(start_ip, end_ip) + * Description: Judge if VIP of session is in [start_ip, end_ip] * Parameter diff --git a/docs/en_us/condition/session/tls.md b/docs/en_us/condition/session/tls.md index ca55f21d6..036344835 100644 --- a/docs/en_us/condition/session/tls.md +++ b/docs/en_us/condition/session/tls.md @@ -1,6 +1,7 @@ # TLS related primtives ## ses_tls_sni_in(host_list) + * Description: Check whether tls sni matches host_list * Parameters @@ -16,9 +17,11 @@ ses_tls_sni_in("example.com|example.org") ``` ## ses_tls_client_auth() + * Description: Check whether tls mutual authentication is enabled ## ses_tls_client_ca_in(ca_list) + * Description: Check whether tls mutual authentication is enabled and client ca matches ca_list * Parameters @@ -27,7 +30,6 @@ ses_tls_sni_in("example.com|example.org") | --------- | ----------- | | ca_list | String
a list of ca names which are concatenated using | | - * Example ```go diff --git a/docs/en_us/condition/system/time.md b/docs/en_us/condition/system/time.md index bc59cdcab..43c179d99 100644 --- a/docs/en_us/condition/system/time.md +++ b/docs/en_us/condition/system/time.md @@ -1,6 +1,7 @@ # Time related primitives ## bfe_time_range(start_time, end_time) + * Description: Judge if current time is in [start_time, end_time] * Parameters @@ -19,6 +20,7 @@ bfe_time_range("20190204203000H", "20190204204500H") ``` ## bfe_periodic_time_range(start_time, end_time, period) + * Description: Judge if current time is periodly(period) in [start_time, end_time] * Parameters diff --git a/docs/en_us/configuration/bfe.conf.md b/docs/en_us/configuration/bfe.conf.md index 204ba3720..073c2d6cd 100644 --- a/docs/en_us/configuration/bfe.conf.md +++ b/docs/en_us/configuration/bfe.conf.md @@ -13,6 +13,7 @@ bfe.conf is the core configuration file of BFE. | Basic.HttpPort | Integer
Listen port for HTTP
Default 8080 | | Basic.HttpsPort | Integer
Listen port for HTTPS
Default 8443 | | Basic.MonitorPort | Integer
Listen port for monitor
Default 8421 | +| Basic.MonitorEnabled | Boolean
If false, monitor server is disabled
Default True | | Basic.MaxCpus | Integer
Max number of CPUs to use (0 to use all CPUs)
Default 0 | | Basic.Layer4LoadBalancer | String
Type of layer-4 load balancer (PROXY/NONE)
Default NONE | | Basic.TlsHandshakeTimeout | Integer
TLS handshake timeout, in seconds
Default 30 | @@ -57,7 +58,6 @@ bfe.conf is the core configuration file of BFE. | SessionTicket.SessionTicketsDisabled | Boolean
Disable tls session ticket or not
Default True | | SessionTicket.SessionTicketKeyFile | String
Path of [session ticket key config](tls_conf/session_ticket_key.data.md)
Default tls_conf/session_ticket_key.data | - ## Example ```ini diff --git a/docs/en_us/configuration/cluster_conf/cluster_table.data.md b/docs/en_us/configuration/cluster_conf/cluster_table.data.md index cf8ded712..fea02c3da 100644 --- a/docs/en_us/configuration/cluster_conf/cluster_table.data.md +++ b/docs/en_us/configuration/cluster_conf/cluster_table.data.md @@ -7,6 +7,7 @@ cluster_table.data records the load balancing config among instances. ## Configuration ### Basic configuration + | Config Item | Description | | --------------------- | ------------------------------- | | Version | String
Verson of config file | @@ -17,6 +18,7 @@ cluster_table.data records the load balancing config among instances. | Config{v}{v} | Object
config of subcluster(a list of instance) | ### Instance configuraton + | Config Item | Description | | --------------------- | ------------------------------- | | Addr | String
ip address of instance | @@ -25,6 +27,7 @@ cluster_table.data records the load balancing config among instances. | Weight | String
weight of instance | ## Example + ```json { "Config": { diff --git a/docs/en_us/configuration/cluster_conf/gslb.data.md b/docs/en_us/configuration/cluster_conf/gslb.data.md index 6f9227200..c3d50a83b 100644 --- a/docs/en_us/configuration/cluster_conf/gslb.data.md +++ b/docs/en_us/configuration/cluster_conf/gslb.data.md @@ -2,7 +2,7 @@ ## Introduction -gslb.data records the load balancing config between sub-clusters. +gslb.data records the load balancing config between sub-clusters. ## Configuration @@ -17,6 +17,7 @@ gslb.data records the load balancing config between sub-clusters. | Ts | String
Timestamp of config file | ## Example + ```json { "Clusters": { diff --git a/docs/en_us/configuration/config.md b/docs/en_us/configuration/config.md index c5b6dc301..42d255594 100644 --- a/docs/en_us/configuration/config.md +++ b/docs/en_us/configuration/config.md @@ -12,17 +12,19 @@ For guide of configure BFE via BFE control plane components, see documents of [B - Dynamic configuration: For changes to the configuration file to take effect, you can either restart or reload the bfe process. ## Configuration format + - Normal configuration file: INI format - Dynamic configuration file: JSON format (except for cerfificate/dict file, etc) ## Configuration layout -The main configuration file is named bfe.conf (conf/bfe.conf). To make the configuration easier to maintain, + +The main configuration file is named bfe.conf (conf/bfe.conf). To make the configuration easier to maintain, we split it into a set of feature-specific files stored in the conf/<feature>/ directory. | Category | Layout | | ------------ | -------- | | Main configuration | conf/bfe.conf | -| Configuration about protocol | conf/tls_conf/ | +| Configuration about protocol | conf/tls_conf/ | | Configuration about routing | conf/server_data_conf/ | | Configuration about balancing | conf/cluster_conf/ | | Configuration about modules | conf/mod_<name> | diff --git a/docs/en_us/configuration/server_data_conf/cluster_conf.data.md b/docs/en_us/configuration/server_data_conf/cluster_conf.data.md index 983c4f784..5668d2677 100644 --- a/docs/en_us/configuration/server_data_conf/cluster_conf.data.md +++ b/docs/en_us/configuration/server_data_conf/cluster_conf.data.md @@ -1,4 +1,4 @@ -# Cluster Configuration +# Cluster Configuration ## Introduction @@ -78,6 +78,7 @@ ClusterBasic is basic config for cluster. | CancelOnClientClose | Bool
During reading response from backend, cancel the blocking status if client connection disconnected. Default and recommended value is false. | ## Example + ```json { "Version": "20190101000000", diff --git a/docs/en_us/configuration/server_data_conf/host_rule.data.md b/docs/en_us/configuration/server_data_conf/host_rule.data.md index b2effd4ed..02dd07d53 100644 --- a/docs/en_us/configuration/server_data_conf/host_rule.data.md +++ b/docs/en_us/configuration/server_data_conf/host_rule.data.md @@ -2,7 +2,7 @@ ## Introduction -host_rule.data records the domain names for each product. +host_rule.data records the domain names for each product. ## Configuration @@ -35,6 +35,3 @@ host_rule.data records the domain names for each product. } } ``` - - - diff --git a/docs/en_us/configuration/server_data_conf/name_conf.data.md b/docs/en_us/configuration/server_data_conf/name_conf.data.md index a47b31070..236572501 100644 --- a/docs/en_us/configuration/server_data_conf/name_conf.data.md +++ b/docs/en_us/configuration/server_data_conf/name_conf.data.md @@ -2,7 +2,7 @@ ## Introduction -name_conf.data records the mapping between service name and service instances. +name_conf.data records the mapping between service name and service instances. ## Configuration diff --git a/docs/en_us/configuration/server_data_conf/route_rule.data.md b/docs/en_us/configuration/server_data_conf/route_rule.data.md index d6a6ee86b..3dc20ceb9 100644 --- a/docs/en_us/configuration/server_data_conf/route_rule.data.md +++ b/docs/en_us/configuration/server_data_conf/route_rule.data.md @@ -2,7 +2,7 @@ ## Introduction -route_rule.data records route rule config for each product. +route_rule.data records route rule config for each product. ## Configuration diff --git a/docs/en_us/configuration/server_data_conf/vip_rule.data.md b/docs/en_us/configuration/server_data_conf/vip_rule.data.md index b84e2bd93..0292bc1b8 100644 --- a/docs/en_us/configuration/server_data_conf/vip_rule.data.md +++ b/docs/en_us/configuration/server_data_conf/vip_rule.data.md @@ -2,7 +2,7 @@ ## Introduction -vip_rule.data records vip lists for each product. +vip_rule.data records vip lists for each product. ## Configuration @@ -25,6 +25,3 @@ vip_rule.data records vip lists for each product. } } ``` - - - diff --git a/docs/en_us/configuration/tls_conf/server_cert_conf.data.md b/docs/en_us/configuration/tls_conf/server_cert_conf.data.md index c9815051e..26e5bcc78 100644 --- a/docs/en_us/configuration/tls_conf/server_cert_conf.data.md +++ b/docs/en_us/configuration/tls_conf/server_cert_conf.data.md @@ -19,6 +19,7 @@ server_cert_conf.data records the config for server certificate and private key | Config.CertConf{v}.OcspResponseFile | String
Path of OCSP Stple (optional) | ## Example + ```json { "Version": "20190101000000", diff --git a/docs/en_us/configuration/tls_conf/session_ticket_key.data.md b/docs/en_us/configuration/tls_conf/session_ticket_key.data.md index f8b5a4623..93c2439e5 100644 --- a/docs/en_us/configuration/tls_conf/session_ticket_key.data.md +++ b/docs/en_us/configuration/tls_conf/session_ticket_key.data.md @@ -12,12 +12,10 @@ session_ticket_key.data records the session ticket key. | SessionTicketKey | String
The session ticket key. length is 48 and contains only [a-z0-9] | ## Example + ```json { "Version": "20190101000000", "SessionTicketKey": "08a0d852ef494143af613ef32d3c39314758885f7108e9ab021d55f422a454f7c9cd5a53978f48fa1063eadcdc06878f" } ``` - - - diff --git a/docs/en_us/configuration/tls_conf/tls_rule_conf.data.md b/docs/en_us/configuration/tls_conf/tls_rule_conf.data.md index d39bf9d88..18fe3f80b 100644 --- a/docs/en_us/configuration/tls_conf/tls_rule_conf.data.md +++ b/docs/en_us/configuration/tls_conf/tls_rule_conf.data.md @@ -59,7 +59,6 @@ BFE supports multiple security grades(A+/A/B/C) for ease of TLS configuration. S | ------------------- | ----------------------- | | TLS1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA | - ### Grade A | Supported Protocols | Supported Cipher Suites | @@ -73,11 +72,9 @@ BFE supports multiple security grades(A+/A/B/C) for ease of TLS configuration. S | TLS1.2
TLS1.1
TLS1.0 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA | | SSLv3 | TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA | - ### Grade C | Supported Protocols | Supported Cipher Suites | | ------------------- | ----------------------- | | TLS1.2
TLS1.1
TLS1.0 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA | | SSLv3 | TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA | - diff --git a/docs/en_us/development/local_dev_guide.md b/docs/en_us/development/local_dev_guide.md index 0658c999d..844cc6c80 100644 --- a/docs/en_us/development/local_dev_guide.md +++ b/docs/en_us/development/local_dev_guide.md @@ -3,13 +3,14 @@ You will learn how to develop BFE in local environment under the guidelines of this document. ## Requirements of coding + - Please refer to the coding format of golang - Unit test is needed for all codes. - Pass through all unit tests. - Please follow [regulations of submmiting codes](submit_pr_guide.md) - The following guidiance tells you how to submit code. + ## [Fork](https://help.github.com/articles/fork-a-repo/) Transfer to the home page of Github [BFE](https://github.com/bfenetworks/bfe) ,and then click button `Fork` to generate the git under your own file directory,such as @@ -23,7 +24,6 @@ $ git clone https://github.com/USERNAME/bfe $ cd bfe ``` - ## Create local branch At present [Git stream branch model](http://nvie.com/posts/a-successful-git-branching-model/) is applied to BFE to undergo task of development,test,release and maintenance.Please refer to [branch regulation of BFE](release_regulation.md) about details。 @@ -32,48 +32,52 @@ All development tasks of feature and bug fix should be finished in a new branch Create and switch to a new branch with command `git checkout -b`. - ```bash $ git checkout -b my-cool-stuff ``` It is worth noting that before the checkout, you need to keep the current branch directory clean, otherwise the untracked file will be brought to the new branch, which can be viewed by `git status` . +## Install dependent tools -## Use `pre-commit` hook +`make deps` install all the dependent tools, include `pre-commit` `goyacc` `license-eye` `staticcheck`. + +### Use `pre-commit` hook BFE developers use the [pre-commit](http://pre-commit.com/) tool to manage Git pre-commit hooks. It helps us format the source code and automatically check some basic things before committing (such as having only one EOL per file, not adding large files in Git, etc.). The `pre-commit` test is part of the unit test in Travis-CI. A PR that does not satisfy the hook cannot be submitted to BFE. Install `pre-commit` first and then run it in current directory: ```bash -$ pip install pre-commit -$ pre-commit install +# ensure installed pre-commit +$ make deps +# enable autoupdate and install hooks +$ make precommit ``` BFE modify the format of golang source code with `gofmt` . - -## Use `license-eye` tool +### Use `license-eye` tool [license-eye](http://github.com/apache/skywalking-eyes) helps us check and fix file's license header declaration. All files' license header should be done before committing. -The `license-eye` check is part of the Github-Action. A PR that check failed cannot be submmitted to BFE. Install `license-eye` and do check or fix: +The `license-eye` check is part of the Github-Action. A PR that check failed cannot be submitted to BFE. Install `license-eye` and do check or fix: ```bash -$ go install github.com/apache/skywalking-eyes/cmd/license-eye@latest -$ license-eye header check -$ license-eye header fix +# ensure installed license-eye +$ make deps +# check the license header +$ make license-check +# fix the license header +$ make license-fix ``` - ## Start development I delete a line of README.md and create a new file in the case. View the current state via `git status` , which will prompt some changes to the current directory, and you can also view the file's specific changes via `git diff` . - ```bash $ git status On branch test @@ -117,7 +121,7 @@ Check for merge conflicts................................................Passed Check for broken symlinks................................................Passed Detect Private Key...................................(no files to check)Skipped Fix End of Files.....................................(no files to check)Skipped -clang-formater.......................................(no files to check)Skipped +clang-formatter.......................................(no files to check)Skipped [my-cool-stuff c703c041] add test file 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 233 diff --git a/docs/en_us/development/module/bfe_callback.md b/docs/en_us/development/module/bfe_callback.md index f1b57e545..77d35652d 100644 --- a/docs/en_us/development/module/bfe_callback.md +++ b/docs/en_us/development/module/bfe_callback.md @@ -6,14 +6,15 @@ The Callback Points in the forwarding process are shown below. ![BFECallbacks](../../../images/bfe-callback.png) ## List of Callback Points + There are 9 callback points in BFE: - HandleAccept: after TCP connection with client is established. - HandleHandshake: after SSL/TLS handshake with client is finished. - HandleBeforeLocation: before the destination product for the request is identified. - HandleFoundProduct: after the destination product is identified. -- HandleAfterLocation: after the destionation cluster is identified. -- HandleForward: after the destionation subcluster is identified, and before the request is forwarded. +- HandleAfterLocation: after the destination cluster is identified. +- HandleForward: after the destination subcluster is identified, and before the request is forwarded. - HandleReadResponse: after response from backend is received by BFE. - HandleRequestFinish: after response from backend is forwarded by BFE. - HandleFinish: after connection with client is closed. @@ -52,39 +53,39 @@ Note: For the meaning of type int in the return value below, please refer to "Re ### HandlersAccept -- Applicable callback points: +- Applicable callback points: + HandleAccept + HandleHandshake - Function prototype: - + handler(session *bfe_basic.Session) int + + `handler(session *bfe_basic.Session) int` ### HandlersRequest -- Applicable callback point: +- Applicable callback point: + HandleBeforeLocation + HandleFoundProduct + HandleAfterLocation - Function prototype: - + handler(req *bfe_basic.Request) (int, *bfe_http.Response) + + `handler(req *bfe_basic.Request) (int, *bfe_http.Response)` ### HandlersForward -- Applicable callback point: +- Applicable callback point: + HandleForward - Function prototype: - + handler(req *bfe_basic.Request) int + + `handler(req *bfe_basic.Request) int` ### HandlersResponse -- Applicable callback point: +- Applicable callback point: + HandleReadResponse + HandleRequestFinish - Function prototype: - + handler(req *bfe_basic.Request, res *bfe_http.Response) int + + `handler(req *bfe_basic.Request, res *bfe_http.Response) int` ### HandlersFinish -- Applicable callback point: +- Applicable callback point: + HandleFinish - Function prototype: - + handler(session *bfe_basic.Session) int + + `handler(session *bfe_basic.Session) int` diff --git a/docs/en_us/development/module/how_to_write_module.md b/docs/en_us/development/module/how_to_write_module.md index 4188d3184..7ef8eb484 100644 --- a/docs/en_us/development/module/how_to_write_module.md +++ b/docs/en_us/development/module/how_to_write_module.md @@ -14,7 +14,7 @@ mod_block is used as an example for ease of understanding.([/bfe_modules/mod_b ### Types of configuration -For a given module, there are 2 types of configuration: +For a given module, there are 2 types of configuration: - Static configuration: be loaded when BFE starts + There is only one such configuration file for each module @@ -31,7 +31,6 @@ For a given module, there are 2 types of configuration: - The configuration files of the modules should be placed in [/conf/{module_name}](https://github.com/bfenetworks/bfe/tree/master/conf) - Example: Configuration files of mod_block are located in [/conf/mod_block](https://github.com/bfenetworks/bfe/tree/master/conf/mod_block) - ### Verification of configuration Configuration files are verified whenever they are loaded, regardless of static or dynamic configuration. @@ -101,7 +100,7 @@ func (m *ModuleBlock) Init(cbs *bfe_module.BfeCallbacks, whs *web_monitor.WebHan For each BFE module, it is strongly recommended to expose enough internal states. -To expose internal states of a module, do the following 3 steps: +To expose internal states of a module, do the following 3 steps: - Define state variables - Register callback function for exposing internal states diff --git a/docs/en_us/development/module/overview.md b/docs/en_us/development/module/overview.md index 33c675e98..6a35eb602 100644 --- a/docs/en_us/development/module/overview.md +++ b/docs/en_us/development/module/overview.md @@ -10,7 +10,7 @@ - When initializing a module, callback functions are registered on specified callback points. - On processing each request/connection, when reaching a certain callback point, all registered callback functions are executed sequentially. - ## Dive into BFE Module + - [BFE callback mechanism](bfe_callback.md) - [How to write a BFE module](how_to_write_module.md) diff --git a/docs/en_us/development/release_regulation.md b/docs/en_us/development/release_regulation.md index 517a961a6..12fad6c18 100644 --- a/docs/en_us/development/release_regulation.md +++ b/docs/en_us/development/release_regulation.md @@ -1,4 +1,5 @@ # BFE Release Regulation + BFE development follows git-flow branching model and [Semantic Versioning](http://semver.org/). ## Branch Regulation @@ -25,7 +26,6 @@ BFE development follows [git-flow](http://nvie.com/posts/a-successful-git-branch * In addition, the 'bugfix' branch is also maintained in the developer's forked repository. Different from the feature branch, developers should submit 'Pull Request' from the 'bugfix' branch to 'master', 'develop' and possibly 'release/vX.Y.Z' branches of the official repository respectively. - ## Release Regulation Follow the following procedures to release a new version: @@ -38,7 +38,7 @@ Follow the following procedures to release a new version: * Modify version information in 'VERSION' file. - * Test the functional correctness of the version. If it fails, fixing all the bugs in the 'release/vX.Y.Z' branch, and return to the second step with patch number added by 1. + * Test the functional correctness of the version. If it fails, fixing all the bugs in the 'release/vX.Y.Z' branch, and return to the second step with patch number added by 1. 1. Complete the writing of [Release Note](https://github.com/bfenetworks/bfe/blob/develop/CHANGELOG.md). diff --git a/docs/en_us/development/source_code_layout.md b/docs/en_us/development/source_code_layout.md index 985063a51..796344048 100644 --- a/docs/en_us/development/source_code_layout.md +++ b/docs/en_us/development/source_code_layout.md @@ -1,28 +1,33 @@ # BFE Source Code Directory Structure ## Protocol + - `bfe_net`: common utility for net - `bfe_http`: implementation of HTTP protocol - `bfe_tls`: implementation of TLS protocol - `bfe_http2`: implementation of HTTP2 protocol - `bfe_spdy`: implementation of SPDY protocol - `bfe_stream`: implementation of TLS/TCP proxy -- `bfe_websocket`: implementation WebSocket protocl +- `bfe_websocket`: implementation WebSocket protocol - `bfe_proxy`: implementation of Proxy protocol ## Routing and Balancing + - `bfe_route`: implementation of routing - `bfe_balance`: implementation of load balancing ## Modules + - `bfe_module`: module framework - `bfe_modules`: implementation of various modules ## Server -- `bfe_server`: implementation of core server + +- `bfe_server`: implementation of core server ## Utils + - `bfe_basic`: defines basic data type - `bfe_config`: implementation of config -- `bfe_debug`: defines debug flags for important components +- `bfe_debug`: defines debug flags for important components - `bfe_util`: common utility functions diff --git a/docs/en_us/development/submit_pr_guide.md b/docs/en_us/development/submit_pr_guide.md index e1a10e336..a8f4491e6 100644 --- a/docs/en_us/development/submit_pr_guide.md +++ b/docs/en_us/development/submit_pr_guide.md @@ -22,7 +22,6 @@ Green ticks after all tests means that your commit has passed all unit tests. Red cross after the tests means your commit hasn't passed certain unit test. Please click detail to view bug details and make a screenshot of bug, then add it as a comment in your Pull Request. Our stuff will help you check it. - ## Delete remote branch We can delete branches of remote repository in PR page after your PR is successfully merged into master repository. @@ -45,7 +44,6 @@ $ git branch -D my-cool-stuff # delete my-cool-stuff branch And now we finish a full process of code contribution - ## Certain regulations about submitting code In order that reviewers focus on code in the code review, please follow these rules every time you submit your code: @@ -64,7 +62,6 @@ Suggestion:Keep commit concise as much as possible at every submit. You can ma 3)If you have tackled with problems of an Issue, please add `fix #issue_number` to the *first* comment area of PULL Request.Then the corresponding Issue will be closed automatically after the merge of PULL Request. Keywords are including:close, closes, closed, fix, fixes, fixed, resolve, resolves, resolved. Please select appropriate word. Please refer to [Closing issues via commit messages](https://help.github.com/articles/closing-issues-via-commit-messages) for more details. - In addition, please follow the following regulations in response to the suggestion of reviewers: 1)A reply to every comment of reviewers(It's a fundamental complimentary conduct in open source community.An expression of appreciation is a need for help from others): @@ -78,4 +75,3 @@ In addition, please follow the following regulations in response to the suggesti - Please show general modification - Please follow [start a review](https://help.github.com/articles/reviewing-proposed-changes-in-a-pull-request/) to give your reply,instead of directly replying for that every comment will result in sending an email causing email disaster. - diff --git a/docs/en_us/development/write_doc_guide.md b/docs/en_us/development/write_doc_guide.md index c788296df..fd6bcba32 100644 --- a/docs/en_us/development/write_doc_guide.md +++ b/docs/en_us/development/write_doc_guide.md @@ -14,7 +14,6 @@ Our documentation supports contributions in format of [Markdown](https://guides. Once the document is written, you can use the preview tool to check how the document appears to verify that your document is displayed correctly on the official website. - ## How to use the preview tool ### Install its dependencies @@ -28,7 +27,6 @@ $ sudo apt-get update && apt-get install -y npm $ sudo npm install -g gitbook-cli ``` - ### Clone related repository: First download the full repository: @@ -52,12 +50,10 @@ Then: open your browser and navigate to http://localhost:8000. >* The site may take a few seconds to load because the building takes a certain amount of time* - ## Contriubute documents All content should be written in [Markdown](https://guides.github.com/features/mastering-markdown/) (GitHub style). - ### Contribute new documents - Create a new `.md` file or modify an existing article in the repository you are currently working on @@ -78,12 +74,10 @@ Open your browser and navigate to http://localhost:8000 . On the page to be updated, click Refresh Content at the top right corner. - ## Pull Request for your changes The steps to submit changes and PR can refer to [How to contribute code](../development/local_dev_guide.md) - ## Help improve preview tool We encourage your contributions to all aspects of the platform and supportive contents. You can Fork or Clone repository, ask questions and feedback, or submit bugs on issues. For details, please refer to the [Development Guide](https://github.com/bfenetworks/bfe/blob/develop/README.md). diff --git a/docs/en_us/example/client_auth.md b/docs/en_us/example/client_auth.md index 143b4aab9..4b5af3388 100644 --- a/docs/en_us/example/client_auth.md +++ b/docs/en_us/example/client_auth.md @@ -31,7 +31,7 @@ openssl x509 -req -in client.csr -out client.crt -signkey client.key -CA root.cr ``` * Step4. Configure layer 4 load balancing service. -In this example, HAproxy is used as the layer 4 load balancing service, and VIP is passed to BFE using PROXY protocol. +In this example, HAproxy is used as the layer 4 load balancing service, and VIP is passed to BFE using PROXY protocol. HAproxy can be installed through "apt install haproxy" on Ubuntu system. For more details, see [www.haproxy.org](http://www.haproxy.org). Configuration file(haproxy.cfg) example: @@ -110,6 +110,7 @@ Modify conf/tls_conf_rule.data and set "ClientAuth" to true and "ClientCAName" t ``` Run BFE. + ```bash ./bfe -c ../conf ``` diff --git a/docs/en_us/example/guide.md b/docs/en_us/example/guide.md index 72b0c8bef..f0164dc57 100644 --- a/docs/en_us/example/guide.md +++ b/docs/en_us/example/guide.md @@ -9,4 +9,3 @@ see [Installing bfe](../installation/install.md). * [Request redirect](redirect.md) * [Request rewrite](rewrite.md) * [TLS mutual authentication](client_auth.md) - diff --git a/docs/en_us/example/rewrite.md b/docs/en_us/example/rewrite.md index 9ae568416..ac43b893f 100644 --- a/docs/en_us/example/rewrite.md +++ b/docs/en_us/example/rewrite.md @@ -49,4 +49,3 @@ curl -H "host: example.org" "http://127.1:8080/service" ``` The final path of request received by service 'cluster_demo_dynamic' is 'v1/service'. - diff --git a/docs/en_us/faq/configuration.md b/docs/en_us/faq/configuration.md index a30ace974..90ff29efb 100644 --- a/docs/en_us/faq/configuration.md +++ b/docs/en_us/faq/configuration.md @@ -1,7 +1,9 @@ # Configuration FAQ ## How to enable TLS client authentication + - For more details, see [TLS client authentication example](https://github.com/bfenetworks/bfe/blob/develop/docs/zh_cn/example/client_auth.md) ## How to enable HTTP2 protocol + - See [conf/tls_conf/tls_rule_conf.data](../configuration/tls_conf/tls_rule_conf.data.md) configuration example diff --git a/docs/en_us/faq/development.md b/docs/en_us/faq/development.md index 36f6ac180..7f5160a04 100644 --- a/docs/en_us/faq/development.md +++ b/docs/en_us/faq/development.md @@ -1,4 +1,5 @@ # Development FAQ ## How to develop a module + - For more details, see [introduction to module development](https://github.com/bfenetworks/bfe/blob/develop/docs/en_us/modules/modules.md) diff --git a/docs/en_us/faq/installation.md b/docs/en_us/faq/installation.md index 735bd5fdf..51d6d6609 100644 --- a/docs/en_us/faq/installation.md +++ b/docs/en_us/faq/installation.md @@ -1,13 +1,16 @@ # Installation FAQ ## Go get timeout during installation -- Set GOPROXY enviroment variable as follows (go1.15+): + +- Set GOPROXY environment variable as follows (go1.15+): + ```bash $ go env -w GO111MODULE=on $ go env -w GOPROXY=https://goproxy.cn,direct ``` + - For more details, see [https://goproxy.cn](https://goproxy.cn) or [https://goproxy.io](https://goproxy.io) ## Whether compilation on MAC/Windows OS is supported or not ? -- It is supported since BFE v0.7.0 +- It is supported since BFE v0.7.0 diff --git a/docs/en_us/faq/performance.md b/docs/en_us/faq/performance.md index 3a2975742..21ad885e0 100644 --- a/docs/en_us/faq/performance.md +++ b/docs/en_us/faq/performance.md @@ -1,4 +1,5 @@ # Performance FAQ ## How to tune performance -- Please feedback to bfe-osc@baidu.com for help, and performance tuning guide will be provided in future version. + +- Please feedback to bfe-osc@baidu.com for help, and performance tuning guide will be provided in future version. diff --git a/docs/en_us/installation/install.md b/docs/en_us/installation/install.md index 06675cdc4..4610c0d24 100644 --- a/docs/en_us/installation/install.md +++ b/docs/en_us/installation/install.md @@ -15,6 +15,7 @@ For guide of installation of BFE control plane components, see deploy document o - [Install using docker](install_using_docker.md) ## Supported platform + | Operating System | Description | | ---------- | ------------------ | | Linux OS | Support
*Recommended development and deployment system* | diff --git a/docs/en_us/installation/install_from_source.md b/docs/en_us/installation/install_from_source.md index e29271890..c2aaf77c9 100644 --- a/docs/en_us/installation/install_from_source.md +++ b/docs/en_us/installation/install_from_source.md @@ -1,16 +1,19 @@ # Install from source code ## Prerequisites -- golang 1.15+ + +- golang 1.17+ - git 2.0+ - glibc-static 2.17+ ## Download source code + ```bash $ git clone https://github.com/bfenetworks/bfe ``` ## Build + - Execute the following command to build bfe: ```bash @@ -44,6 +47,6 @@ $ ./bfe -c ../conf -l ../log ``` ## Further reading + - Get familiar with [Command options](../operation/command.md) - Get started with [Beginner's Guide](../example/guide.md) - diff --git a/docs/en_us/installation/install_using_binaries.md b/docs/en_us/installation/install_using_binaries.md index be37e7957..4bcbb9198 100644 --- a/docs/en_us/installation/install_using_binaries.md +++ b/docs/en_us/installation/install_using_binaries.md @@ -2,7 +2,7 @@ ## Download binaries -- [Download the latest release](https://github.com/bfenetworks/bfe/releases) of BFE for your platfrom. +- [Download the latest release](https://github.com/bfenetworks/bfe/releases) of BFE for your platform. ## Installation @@ -22,6 +22,6 @@ $ ./bfe -c ../conf -l ../log ``` ## Further reading + - Get familiar with [Command options](../operation/command.md) - Get started with [Beginner's Guide](../example/guide.md) - diff --git a/docs/en_us/installation/install_using_docker.md b/docs/en_us/installation/install_using_docker.md index 2ed7b35cf..9e8608b83 100644 --- a/docs/en_us/installation/install_using_docker.md +++ b/docs/en_us/installation/install_using_docker.md @@ -9,10 +9,10 @@ docker run -p 8080:8080 -p 8443:8443 -p 8421:8421 bfenetworks/bfe ``` you can access http://127.0.0.1:8080/ and got status code 500 because of there is rule be matched. -you can access http://127.0.0.1:8421/ got monitor infomation. - +you can access http://127.0.0.1:8421/ got monitor information. - Run BFE with your configuration files: + ```bash // prepare your configuration (see section Configuration if you need) to dir /Users/BFE/conf @@ -20,6 +20,6 @@ docker run -p 8080:8080 -p 8443:8443 -p 8421:8421 -v /Users/BFE/Desktop/log:/bfe ``` ## Further reading + - Get familiar with [Command options](../operation/command.md) - Get started with [Beginner's Guide](../example/guide.md) - diff --git a/docs/en_us/installation/install_using_go.md b/docs/en_us/installation/install_using_go.md index f0699625e..d165a419c 100644 --- a/docs/en_us/installation/install_using_go.md +++ b/docs/en_us/installation/install_using_go.md @@ -1,9 +1,11 @@ # Install using go ## Prerequisites + - golang 1.15+ -## Installation +## Installation + - Get the source code and install ```bash @@ -15,8 +17,8 @@ Executable object file location is ${GOPATH}/bin/bfe !!! tip If you encounter an error such as "https fetch: Get ... connect: connection timed out", please set the GOPROXY and try again. See [Installation FAQ](../faq/installation.md) - ## Run + - Run BFE with example configuration files: ```bash @@ -25,6 +27,6 @@ $ ./bfe -c ${GOPATH}/src/github.com/bfenetworks/bfe/conf/ ``` ## Further reading + - Get familiar with [Command options](../operation/command.md) - Get started with [Beginner's Guide](../example/guide.md) - diff --git a/docs/en_us/installation/install_using_snap.md b/docs/en_us/installation/install_using_snap.md index 46517a1b5..f9d106515 100644 --- a/docs/en_us/installation/install_using_snap.md +++ b/docs/en_us/installation/install_using_snap.md @@ -1,9 +1,11 @@ # Install using snap ## Prerequisite + - [snap](https://snapcraft.io/docs/installing-snapd) ## Installation + - Execute the following command to install bfe: ```bash @@ -23,6 +25,6 @@ $ sudo /snap/bin/bfe ``` ## Further reading + - Get familiar with [Command options](../operation/command.md) - Get started with [Beginner's Guide](../example/guide.md) - diff --git a/docs/en_us/introduction/balance.md b/docs/en_us/introduction/balance.md index 93421166b..d7fc0dbd1 100644 --- a/docs/en_us/introduction/balance.md +++ b/docs/en_us/introduction/balance.md @@ -4,14 +4,14 @@ ### Overview -- Usually one cluster has more than one sub clusters. In BFE, it is supported to +- Usually one cluster has more than one sub clusters. In BFE, it is supported to define weights for distributing traffic to each sub cluster. - Also there is a special virtual sub cluster "BLACKHOLE" for each cluster. - Traffic allocated to "BLACKHOLE" will be discarded. - "BLACKHOLE" is used to prevent traffic overloading to the whole cluster. -- Load balance between sub clusters, it is a very important feature for BFE. +- Load balance between sub clusters, it is a very important feature for BFE. This feature is very useful in multi-IDCs scenario. ### Example @@ -32,8 +32,8 @@ This feature is very useful in multi-IDCs scenario. ## Instance level load balance -- Usually, a sub cluster is composed of multiple instances. -- Within sub cluster, several policies is provided for distributing traffic among instances. e.g., +- Usually, a sub cluster is composed of multiple instances. +- Within sub cluster, several policies is provided for distributing traffic among instances. e.g., - WRR(Weighted Round Robin) - WLC(Weighted Least Connection) - Instances can be assigned with different weights based on their capacity。 @@ -42,19 +42,19 @@ This feature is very useful in multi-IDCs scenario. BFE supports health check for each backend instance. -BFE maintains a state machine for each instance, with two states: +BFE maintains a state machine for each instance, with two states: - NORMAL:the instance acts normally in processing request. -- CHECKING:the instance fails to process request and response to BFE. BFE starts health check for this instance, until it acts normally again. +- CHECKING:the instance fails to process request and response to BFE. BFE starts health check for this instance, until it acts normally again. The condition for switching between states: + - NORMAL to CHECKING, when: - Number of consecutive failures, in connecting or sending request to the instance, exceeds a threshhod. - CHECKING to NORMAL, when: - BFE receives correct response for health check request from the instance. - ## Automatic retries If request forwarding fails, BFE supports retry in two ways: @@ -84,10 +84,11 @@ Two ways are supported for TCP connection between BFE and backend instance: BFE supports session stickiness. Session could be defined based on following infos of the request: + - Source IP - Field in request header, cookie etc. Session stickiness is supported for the following two levels: -- Sub cluster level: requests of the same session are forwarded to the same sub cluster (may be different instances in this sub cluster). -- Instance level: requests of the same session are fowarded to the same instance. +- Sub cluster level: requests of the same session are forwarded to the same sub cluster (may be different instances in this sub cluster). +- Instance level: requests of the same session are forwarded to the same instance. diff --git a/docs/en_us/introduction/comparison.md b/docs/en_us/introduction/comparison.md index 6dbf417c7..da597497d 100644 --- a/docs/en_us/introduction/comparison.md +++ b/docs/en_us/introduction/comparison.md @@ -1,12 +1,12 @@ # Comparison to similar systems -Here comparion will be made between BFE and several similar system. +Here comparison will be made between BFE and several similar system. NOTE: Most of the projects below are under active development. Thus some of the information may become out of date. If that is the case please feedback to https://github.com/bfenetworks/bfe/issues. ## Briefs of BFE and similar systems -The brief decriptions of several systems are as follows: +The brief descriptions of several systems are as follows: + BFE: BFE is an open-source layer 7 load balancer. + [Nginx](http://nginx.org/en/): nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server. @@ -63,7 +63,7 @@ Due to difference in language, cost for new features is lower for BFE and Traefi ### Resilience to exception -With recovery mechanism of Golang, Panic can be caught in BFE and Traefik. Both system are immune to sudden crash. +With recovery mechanism of Golang, Panic can be caught in BFE and Traefik. Both system are immune to sudden crash. While Nginx and Envoy can do nothing with wrong memory usage. Debugging such a bug is very time-consuming. @@ -71,7 +71,7 @@ While Nginx and Envoy can do nothing with wrong memory usage. Debugging such a b ### Observability -+ BFE provides [rich internal status](../operation/monitor.md) for external observation. ++ BFE provides [rich internal status](../operation/monitor.md) for external observation. + Nginx and Traefik provide less internal status. + Envoy also provides quite a lot internal status. @@ -81,5 +81,3 @@ While Nginx and Envoy can do nothing with wrong memory usage. Debugging such a b + In Nginx, process must be restarted for the configuration to take effect, while active connections are terminated. NOTE: Nginx Plus supports hot-reload of configuration, with no process restart. - - diff --git a/docs/en_us/introduction/forward_model.md b/docs/en_us/introduction/forward_model.md index 40f1c17d3..684661173 100644 --- a/docs/en_us/introduction/forward_model.md +++ b/docs/en_us/introduction/forward_model.md @@ -18,7 +18,7 @@ - In this scenario, assume the selected cluster is "demo-static". - See [Traffic routing](route.md) -- Step 7-8:Based on balacing policies of product "demo", BFE selects a sub cluster and an instance within cluster "demo-static" +- Step 7-8:Based on balancing policies of product "demo", BFE selects a sub cluster and an instance within cluster "demo-static" - In this scenario, assume the selected sub cluster is "demo-static.idc1" and the selected instance is "demo-static-01.idc1" . - See [Traffic balancing](balance.md) diff --git a/docs/en_us/introduction/getting_help.md b/docs/en_us/introduction/getting_help.md index 814471ce1..c054736d9 100644 --- a/docs/en_us/introduction/getting_help.md +++ b/docs/en_us/introduction/getting_help.md @@ -6,17 +6,14 @@ We are very interested in building a community around BFE. If you are interested Welcome to submit issues at https://github.com/bfenetworks/bfe/issues/new/choose, we will reply you in working days - ## Reporting security vulnerabilities Security issues and bugs should be reported privately to bfe-security@baidu.com. Please do not open issues for anything you think might have a security implication. - ## Contributing to BFE We sincerely appreciate your contribution. Please visit https://github.com/bfenetworks/bfe and follow the [workflow](https://github.com/bfenetworks/bfe/blob/develop/CONTRIBUTING.md). - ## Application for special cooperation Welcome to email us at bfe-osc@baidu.com diff --git a/docs/en_us/introduction/overview.md b/docs/en_us/introduction/overview.md index c0a0bd1ba..33fdcdb89 100644 --- a/docs/en_us/introduction/overview.md +++ b/docs/en_us/introduction/overview.md @@ -2,8 +2,7 @@ ## What is BFE -BFE is an open-source layer 7 load balancer derived from proprietary Baidu Front End. - +BFE is an open-source layer 7 load balancer derived from proprietary Baidu Front End. ## Features and Advantages @@ -11,7 +10,7 @@ BFE is an open-source layer 7 load balancer derived from proprietary Baidu Front BFE is written in a memory safety language and immune to Buffer Overflow vulnerability; BFE recovers from the runtime panics and handles them appropriately without killing the BFE process; BFE runs on Linux, Windows, Mac OS and almost anything to which Go compiles. -* Flexible plugin framework +* Flexible plugin framework BFE has a builtin plugin framework that makes it possible to develop new features rapidly by writing plugins. @@ -25,13 +24,13 @@ BFE supports HTTP, HTTPS, SPDY, HTTP2, WebSocket, TLS, gRPC, FastCGI, etc. Futur * Content based routing -BFE provides an [advanced domain-specific language](../condition/condition_grammar.md) to describe routing rules which are easy to understand and maintain. +BFE provides an [advanced domain-specific language](../condition/condition_grammar.md) to describe routing rules which are easy to understand and maintain. * Advanced load balancing -BFE supports global load balancing and distributed load balancing for zone aware balancing, zone level failure resilience, overload protection etc. +BFE supports global load balancing and distributed load balancing for zone aware balancing, zone level failure resilience, overload protection etc. -* A rich set of builtin plugins +* A rich set of builtin plugins BFE provides a rich set of plugins for traffic management, security, observability, etc. @@ -43,7 +42,6 @@ BFE includes detailed built-in metrics for all subsystems. BFE writes various lo BFE is easily integrated with mainstream layer 4 load balancing solution, and other ecosystem projects(e.g. Kubernetes、Prometheus、Jaeger、Fluentd etc). - ## Components BFE system consists of components in both data plane and control plane: @@ -55,7 +53,6 @@ BFE system consists of components in both data plane and control plane: - [BFE Conf Agent](https://github.com/bfenetworks/conf-agent):component for loading config, fetches latest config from API-Server and triggers BFE Server to reload it - [BFE Dashboard](https://github.com/bfenetworks/dashboard):provides a graphic interface for user to manage and view major config of BFE - ## Architecture overview This diagram illustrates the architecture of BFE and some of its ecosystem components: diff --git a/docs/en_us/introduction/route.md b/docs/en_us/introduction/route.md index e6726aeca..1f04b9d90 100644 --- a/docs/en_us/introduction/route.md +++ b/docs/en_us/introduction/route.md @@ -39,13 +39,13 @@ There's no order among Basic Rules. The matched rule with most specific conditi For each Basic Rule, at least one of two conditions (Host and Path) should be configured. -**Host** condition description's syntax is as follow: +**Host** condition description's syntax is as follow: - Use "." to split labels within a host name - Support "Exact Match", "Wildcard Match", "Any Match" - Exact Match: An exact hostname (for example "www.test1.com") - Wildcard Match: A host name with first label set to "\*". The "\*" can only appear once in a hostname and only covers a single label (for example "\*.test1.com"). Examples of invalid host condition description include "\*est.com" and "\*.\*.com". - - Any Match: A special Wildcard Match. Standalone "\*" can match any host. (A standalone "\*" here can cover a hostname with multiple labels, which is different from Wildcard Match.) + - Any Match: A special Wildcard Match. Standalone "\*" can match any host. (A standalone "\*" here can cover a hostname with multiple labels, which is different from Wildcard Match.) - Host condition of a Basic Rule supports multiple host condition descriptions (for example: "www.test1.com,","\*.example.com"). **Examples:** @@ -58,7 +58,7 @@ For each Basic Rule, at least one of two conditions (Host and Path) should be co | \*.test1.com | example.com | No Match | | \*.test1.com | test1.com | No Match | -**Path** condition description's syntax is as follow: +**Path** condition description's syntax is as follow: - Use "/" to split elements within a path - Start with "/", except for a standalone "\*". @@ -111,7 +111,7 @@ Detailed steps of search in Basic Rule Table are described below: Among above steps, when searching path condition in rules that has matches the host: 1. Search path condition using **Exact Match** -2. If no rule matches as Exact Match, search path condition using **Prefix Match**. Precedence will be given to the longest matching path. So if more than one rule matches the path in the request, the rule with most matching path elements is hit. +2. If no rule matches as Exact Match, search path condition using **Prefix Match**. Precedence will be given to the longest matching path. So if more than one rule matches the path in the request, the rule with most matching path elements is hit. ### Examples @@ -145,10 +145,10 @@ Advanced Rule Table consists of one or more "Advanced Rules" which have an order - Condition of a Advanced Rule is described using a pseudocode description called "[Condition Expression](https://www.bfe-networks.net/en_us/condition/condition_grammar/)". - Destination Cluster is specified by a cluster name. -When searching in Advanced Rule Table, the rules are searched from up to down, in listed order: +When searching in Advanced Rule Table, the rules are searched from up to down, in listed order: - Try to match the condition of the rule with information in the HTTP request (such as host,path,query,cookie,method). If it matches, the rule is hit. -- If a rule is hit, the search stops. +- If a rule is hit, the search stops. - A Default Rule must be configured in the Advanced Rule Table. If no other rule matches a request, the Default Rule is hit. ## Examples @@ -235,4 +235,3 @@ For above configuration, configuration file (/conf/server_data_conf/route_rule.c } } ``` - diff --git a/docs/en_us/introduction/terminology.md b/docs/en_us/introduction/terminology.md index 9cba79296..be0417c74 100644 --- a/docs/en_us/introduction/terminology.md +++ b/docs/en_us/introduction/terminology.md @@ -1,17 +1,20 @@ # Terminology ## Product + - The product equals "tenant" in BFE, which has its own configuration, such as forwarding policies, permission, etc. ## Cluster + - A Cluster means a set of backend servers which provide the same functionality. Multiple clusters can be defined within a product. - Usually,a cluster may span multiple IDC. ## Sub Cluster + - A cluster may be composed of multiple sub clusters conceptually. - Usually, backend servers within the same IDC are defined as a sub cluster. ## Instance + - A sub cluster contains multiple instances (i.e. backend servers). - Each instance is identified by IP address and port. - diff --git a/docs/en_us/modules/mod_access/mod_access.md b/docs/en_us/modules/mod_access/mod_access.md index 0cd3f21fb..76ab6e3a0 100644 --- a/docs/en_us/modules/mod_access/mod_access.md +++ b/docs/en_us/modules/mod_access/mod_access.md @@ -7,6 +7,7 @@ mod_access writes request logs and session logs in the specified format. ## Module Configuration ### Description + conf/mod_access/mod_access.conf | Config Item | Description | @@ -14,13 +15,15 @@ mod_access writes request logs and session logs in the specified format. | Log.LogFile | String
Set file path of log for saving to a single file without rotation | | Log.LogPrefix | String
Filename prefix for log | | Log.LogDir | String
Directory of log files | -| Log.RotateWhen | String
Inteval to rotate log file | +| Log.RotateWhen | String
Interval to rotate log file | | Log.BackupCount | Integer
Max number of rotated log files | | Template.RequestTemplate | String
Template of request log | | Template.SessionTemplate | String
Template of session log | ### Example + #### Save log to a directory + ```ini [Log] # filename prefix for log @@ -43,7 +46,9 @@ RequestTemplate = "REQUEST_LOG $time clientip: $remote_addr serverip: $server_ad SessionTemplate = "SESSION_LOG $time clientip: $ses_clientip start_time: $ses_start_time end_time: $ses_end_time overhead: $ses_overhead read_total: $ses_read_total write_total: $ses_write_total keepalive_num: $ses_keepalive_num error: $ses_error" ``` + #### Save log to a stdout + ```ini [Log] # file path for log @@ -56,4 +61,4 @@ RequestTemplate = "REQUEST_LOG $time clientip: $remote_addr serverip: $server_ad # template of session log SessionTemplate = "SESSION_LOG $time clientip: $ses_clientip start_time: $ses_start_time end_time: $ses_end_time overhead: $ses_overhead read_total: $ses_read_total write_total: $ses_write_total keepalive_num: $ses_keepalive_num error: $ses_error" -``` \ No newline at end of file +``` diff --git a/docs/en_us/modules/mod_auth_basic/mod_auth_basic.md b/docs/en_us/modules/mod_auth_basic/mod_auth_basic.md index 41ce0574a..55aa4d7a3 100644 --- a/docs/en_us/modules/mod_auth_basic/mod_auth_basic.md +++ b/docs/en_us/modules/mod_auth_basic/mod_auth_basic.md @@ -7,6 +7,7 @@ mod_auth_basic implements the HTTP basic authentication. ## Module Configuration ### Description + conf/mod_auth_basic/mod_auth_basic.conf | Config Item | Description | @@ -27,6 +28,7 @@ OpenDebug = false ## Rule Configuration ### Description + | Config Item | Description | | ---------------------| ------------------------------------------- | | Version | String
Version of config file | @@ -41,7 +43,7 @@ OpenDebug = false Description about password configuration: * The password configuration can be generated using htpasswd or openssl -* Generated using openssl: +* Generated using openssl: ``` printf "user1:$(openssl passwd -apr1 123456)\n" >> ./userfile @@ -56,6 +58,7 @@ user2:{SHA}fEqNCco3Yq9h5ZUglD3CZJT4lBs=:user2, 123456 ``` ### Example + ```json { "Config": { diff --git a/docs/en_us/modules/mod_auth_jwt/mod_auth_jwt.md b/docs/en_us/modules/mod_auth_jwt/mod_auth_jwt.md index 5b9c3ab97..2d82365af 100644 --- a/docs/en_us/modules/mod_auth_jwt/mod_auth_jwt.md +++ b/docs/en_us/modules/mod_auth_jwt/mod_auth_jwt.md @@ -1,17 +1,18 @@ # mod_auth_jwt -## Introduction +## Introduction mod_auth_jwt implements JWT([JSON Web Token](https://tools.ietf.org/html/rfc7519)). ## Module Configuration ### Description + conf/mod_auth_jwt/mod_auth_jwt.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | | Log.OpenDebug | Boolean
Debug flag of module | ### Example @@ -24,11 +25,12 @@ DataPath = mod_auth_jwt/auth_jwt_rule.data ## Rule Configuration ### Description + conf/mod_auth_jwt/auth_jwt_rule.data | Config Item | Description | | ----------- | ------------------------------------------------------------ | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Struct
JWT rules for each product | | Config{k} | String
Product name | | Config{v} | Object
A ordered list of rules | diff --git a/docs/en_us/modules/mod_auth_request/mod_auth_request.md b/docs/en_us/modules/mod_auth_request/mod_auth_request.md index 39bb28268..8180876ae 100644 --- a/docs/en_us/modules/mod_auth_request/mod_auth_request.md +++ b/docs/en_us/modules/mod_auth_request/mod_auth_request.md @@ -7,6 +7,7 @@ mod_auth_request supports sending request to the specified service for authentic ## Module Configuration ### Description + conf/mod_auth_request/mod_auth_request.conf | Config Item | Description | @@ -31,6 +32,7 @@ OpenDebug = false ## Rule Configuration ### Description + | Config Item | Description | | ------------------ | ------------------------------------------------------------ | | Version | String
Version of config file | @@ -42,6 +44,7 @@ OpenDebug = false | Config{v}[].Enable | Boolean
Whether enable request auth rule | ### Example + ```json { "Config": { @@ -83,6 +86,3 @@ For example_product, for request to path /auth_request (e.g., www.example.com/au * Delete following headers: Content-Length/Connection/Keep-Alive/Proxy-Authenticate/Proxy-Authorization/Te/Trailers/Transfer-Encoding/Upgrade * Add following headers: X-Forwarded-Method(Original Request Method)、X-Forwarded-Uri(Original Request URI) * Body: Body of HTTP Request created by BFE is **null** - - - diff --git a/docs/en_us/modules/mod_block/mod_block.md b/docs/en_us/modules/mod_block/mod_block.md index 2f3db8b86..c4b34ed60 100644 --- a/docs/en_us/modules/mod_block/mod_block.md +++ b/docs/en_us/modules/mod_block/mod_block.md @@ -1,20 +1,22 @@ # mod_block -## Introduction +## Introduction mod_block blocks incoming connections/requests based on defined rules. ## Module Configuration ### Description + conf/mod_block/mod_block.conf -| Config Item | Description | +| Config Item | Description | | ----------- | ----------- | | Basic.ProductRulePath | Path of product rule configuration | | Basic.IPBlocklistPath | Path of ip blocklist file | ### Example + ```ini [Basic] # product rule config file path @@ -39,7 +41,7 @@ conf/mod_block/block_rules.data | Config Item | Description | | ----------- | ------------------------------------------------------------ | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Struct
Block rules for each product | | Config{k} | String
Product name | | Config{v} | Object
A list of rules | @@ -100,4 +102,3 @@ conf/mod_block/block_rules.data | REQ_TOTAL | Counter for all request in | | REQ_TO_CHECK | Counter for request to check | | WRONG_COMMAND | Counter for request with condition satisfied, but wrong command | - diff --git a/docs/en_us/modules/mod_compress/mod_compress.md b/docs/en_us/modules/mod_compress/mod_compress.md index 130f2f35f..b046b5a71 100644 --- a/docs/en_us/modules/mod_compress/mod_compress.md +++ b/docs/en_us/modules/mod_compress/mod_compress.md @@ -7,6 +7,7 @@ mod_compress compresses responses based on specified rules. ## Module Configuration ### Description + conf/mod_compress/mod_compress.conf | Config Item | Description | @@ -27,9 +28,10 @@ OpenDebug = false ## Rule Configuration ### Description + | Config Item | Description | | ----------- | -------------------------------------------------------------- | -| Version | String
Vesion of config file | +| Version | String
Version of config file | | Config | Object
Compress rule for each product | | Config{k} | String
Product name | | Config{v} | Object
A list of compress rules | @@ -42,12 +44,13 @@ OpenDebug = false ### Module Actions -| Action | Descrition | +| Action | Description | | ------------------------| ------------------------------------| | GZIP | Compress response using gzip method | | BROTLI | Compress response using brotli method | ### Example + ```json { "Config": { diff --git a/docs/en_us/modules/mod_cors/mod_cors.md b/docs/en_us/modules/mod_cors/mod_cors.md index f1f209fda..7234e81ed 100644 --- a/docs/en_us/modules/mod_cors/mod_cors.md +++ b/docs/en_us/modules/mod_cors/mod_cors.md @@ -7,14 +7,16 @@ mod_cors support Cross-Origin Resource Sharing ## Module configuration ### Description + conf/mod_cors/mod_cors.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | | Log.OpenDebug | Boolean
Debug flag of module | ### Example + ```ini [Basic] DataPath = mod_cors/cors_rule.data @@ -26,6 +28,7 @@ OpenDebug = false ## Rule Configuration ### Description + conf/mod_cors/cors_rule.data | Config Item | Description | @@ -36,15 +39,15 @@ conf/mod_cors/cors_rule.data | Config[v] | Object
A list of cors rules | | Config[v][] | Object
A cors rule | | Config[v][].Cond | String
Condition expression, See [Condition](../../condition/condition_grammar.md) | -| Config[v][].AccessControlAllowOrigins | List
Indicates whether the response can be shared with requesting code from the given origin; for requests without credentials, the "*" wildcard, to tell browsers to allow any origin to access the resource. "%origin" specifies the orign from the request header "Origin" | -| Config[v][].AccessControlAllowCredentials| Boolen
Indicates whether or not the response to the request can be exposed.| -| Config[v][].AccessControlExposeHeaders | Boolen
Specifies the response headers that browsers are allowed to access. | +| Config[v][].AccessControlAllowOrigins | List
Indicates whether the response can be shared with requesting code from the given origin; for requests without credentials, the "*" wildcard, to tell browsers to allow any origin to access the resource. "%origin" specifies the origin from the request header "Origin" | +| Config[v][].AccessControlAllowCredentials| Boolean
Indicates whether or not the response to the request can be exposed.| +| Config[v][].AccessControlExposeHeaders | Boolean
Specifies the response headers that browsers are allowed to access. | | Config[v][].AccessControlAllowMethods | List
Specifies the method or methods allowed when accessing the resource. This is used in response to a preflight request.| | Config[v][].AccessControlAllowHeaders | List
Indicates which HTTP headers can be used when making the actual request. This is used in response to a preflight request.| | Config[v][].AccessControlMaxAge | Int
Indicates how long the results of a preflight request can be cached. This is used in response to a preflight request.| - ### Example + ```json { "Version": "cors_rule.data.version", diff --git a/docs/en_us/modules/mod_doh/mod_doh.md b/docs/en_us/modules/mod_doh/mod_doh.md index 2b255aba4..f96656fb1 100644 --- a/docs/en_us/modules/mod_doh/mod_doh.md +++ b/docs/en_us/modules/mod_doh/mod_doh.md @@ -5,7 +5,9 @@ Module doh supports DNS over HTTPS. ## Module configuration + ### Description + conf/mod_doh/mod_doh.conf | Config Item | Description | diff --git a/docs/en_us/modules/mod_errors/mod_errors.md b/docs/en_us/modules/mod_errors/mod_errors.md index 6467b7eb4..2869fe534 100644 --- a/docs/en_us/modules/mod_errors/mod_errors.md +++ b/docs/en_us/modules/mod_errors/mod_errors.md @@ -7,21 +7,24 @@ mod_errors replaces error responses based on specified rules. ## Module Configuration ### Description + conf/mod_errors/mod_errors.conf | Config Item | Description | | ---------------------| ------------------------------------------- | -| Basic.DataPath | String
Path fo rule configuration | +| Basic.DataPath | String
Path for rule configuration | | Log.OpenDebug | Boolean
Whether enable debug logs
Default False | ### Example + ```ini [Basic] DataPath = mod_errors/errors_rule.data ``` ## Rule Configuration -### Description + +### Description | Config Item | Description | | ----------- | ---------------------------------------------------------- | @@ -37,12 +40,14 @@ DataPath = mod_errors/errors_rule.data | Config{v}[].Actions.Params[] | String
A Parameter | ### Module Actions + | Action | Description | | -------- | ---------------------- | | RETURN | Return response generated from specified static html | | REDIRECT | Redirect to specified location | ### Example + ```json { "Version": "20190101000000", @@ -74,4 +79,3 @@ DataPath = mod_errors/errors_rule.data } } ``` - diff --git a/docs/en_us/modules/mod_geo/mod_geo.md b/docs/en_us/modules/mod_geo/mod_geo.md index 00100d6ef..cd0bade3c 100644 --- a/docs/en_us/modules/mod_geo/mod_geo.md +++ b/docs/en_us/modules/mod_geo/mod_geo.md @@ -7,6 +7,7 @@ mod_geo creates [variables](../mod_header/mod_header.md) with values depending o ## Module Configuration ### Description + conf/mod_geo/mod_geo.conf | Config Item | Description | @@ -14,10 +15,11 @@ conf/mod_geo/mod_geo.conf | Basic.GeoDBPath | String
Path of geo db file | | Log.OpenDebug | Boolean
Whether enable debug logs
Default False | -mod_geo supports GeoDB in MaxMind format which can be downloaded from +mod_geo supports GeoDB in MaxMind format which can be downloaded from https://dev.maxmind.com/geoip/geoip2/geolite2/ ### Example + ```ini [Basic] GeoDBPath = mod_geo/geo.db diff --git a/docs/en_us/modules/mod_header/mod_header.md b/docs/en_us/modules/mod_header/mod_header.md index 2e1f8be65..296a8dcdf 100644 --- a/docs/en_us/modules/mod_header/mod_header.md +++ b/docs/en_us/modules/mod_header/mod_header.md @@ -1,17 +1,18 @@ # mod_header -## Introduction +## Introduction mod_header modifies header of HTTP request/response based on defined rules. ## Module Configuration ### Description + conf/mod_header/mod_header.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | | Log.OpenDebug | Boolean
Debug flag of module | ### Example @@ -24,11 +25,12 @@ DataPath = mod_header/header_rule.data ## Rule Configuration ### Description + conf/mod_header/header_rule.data | Config Item | Description | | ----------- | ------------------------------------------------------------ | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Struct
Header rules for each product | | Config{k} | String
Product name | | Config{v} | Object
A ordered list of rules | @@ -41,6 +43,7 @@ conf/mod_header/header_rule.data | Config{v}[].Actions.Params[] | String
A parameter | ### Actions + | Action | Description | Parameters | | -------------- | ---------------------- | ---------- | | REQ_HEADER_SET | Set request header | HeaderName, HeaderValue | @@ -90,6 +93,7 @@ conf/mod_header/header_rule.data ``` ## Builtin Variables + BFE provides a list of variables which are evaluated in the runtime during the processing of each request. See the **Example** above. @@ -110,6 +114,7 @@ See the **Example** above. | %bfe_ssl_version | TLS/SSL version | | %bfe_ssl_ja3_raw | JA3 fingerprint string for TLS/SSL client | | %bfe_ssl_ja3_hash | JA3 fingerprint hash for TLS/SSL client | +| %bfe_http2_fingerprint | HTTP/2 fingerprint | | %bfe_protocol | Application level protocol | | %client_cert_serial_number | Serial number of client certificate | | %client_cert_subject_title | Subject title of client certificate | diff --git a/docs/en_us/modules/mod_http_code/mod_http_code.md b/docs/en_us/modules/mod_http_code/mod_http_code.md index 22991e8f5..ddfc08fce 100644 --- a/docs/en_us/modules/mod_http_code/mod_http_code.md +++ b/docs/en_us/modules/mod_http_code/mod_http_code.md @@ -1,6 +1,6 @@ # mod_http_code -## Introduction +## Introduction mod_http_code reports statistics of HTTP response codes. @@ -13,7 +13,6 @@ Not required | Metric | Description | | -------------------- | --------------------- | | ALL2_X_X | Counter of 2XX status | -| ALL3_X_X | Coutner of 3XX status | -| ALL4_X_X | Coutner of 4XX status | -| ALL5_X_X | Coutner of 5XX status | - +| ALL3_X_X | Counter of 3XX status | +| ALL4_X_X | Counter of 4XX status | +| ALL5_X_X | Counter of 5XX status | diff --git a/docs/en_us/modules/mod_key_log/mod_key_log.md b/docs/en_us/modules/mod_key_log/mod_key_log.md index 64f406c78..cfeda6d09 100644 --- a/docs/en_us/modules/mod_key_log/mod_key_log.md +++ b/docs/en_us/modules/mod_key_log/mod_key_log.md @@ -1,6 +1,6 @@ # mod_key_log -## Introduction +## Introduction mod_key_log writes tls key logs in NSS key log format so that external programs(eg. wireshark) can decrypt TLS connections for trouble shooting. @@ -11,6 +11,7 @@ https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format ## Module Configuration ### Description + conf/mod_key_log/mod_key_log.conf | Config Item | Description | @@ -18,12 +19,13 @@ conf/mod_key_log/mod_key_log.conf | Log.LogFile | String
Set file path of log for saving to a single file without rotation | | Log.LogPrefix | String
Filename prefix for log | | Log.LogDir | String
Directory of log files | -| Log.RotateWhen | String
Inteval to rotate log file | +| Log.RotateWhen | String
Interval to rotate log file | | Log.BackupCount | Integer
Max number of rotated log files | ### Example #### Save log to a directory + ```ini [Log] # filename prefix for log @@ -41,7 +43,9 @@ RotateWhen = H # max number of rotated log files BackupCount = 3 ``` + #### Output log to stdout + ```ini [Log] # filename prefix for log diff --git a/docs/en_us/modules/mod_logid/mod_logid.md b/docs/en_us/modules/mod_logid/mod_logid.md index 8bf324244..b98e00830 100644 --- a/docs/en_us/modules/mod_logid/mod_logid.md +++ b/docs/en_us/modules/mod_logid/mod_logid.md @@ -1,8 +1,8 @@ # mod_logid -## Introduction +## Introduction -mod_logid generates log ids for sessions/requests. +mod_logid generates log ids for sessions/requests. ## Module Configuration @@ -13,4 +13,3 @@ Not required | Metric | Description | | -------------------- | ----------------------------------- | | LOGID_CONVERT_FAILED | Counter for old logid convert error | - diff --git a/docs/en_us/modules/mod_prison/mod_prison.md b/docs/en_us/modules/mod_prison/mod_prison.md index 2a49b1cd7..6d3fa9f3d 100644 --- a/docs/en_us/modules/mod_prison/mod_prison.md +++ b/docs/en_us/modules/mod_prison/mod_prison.md @@ -1,17 +1,18 @@ # mod_prison -## Introduction +## Introduction mod_prison limits the amount of requests a user can make in a given period of time based on defined rules. ## Module Configuration ### Description + conf/mod_prison/mod_prison.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.ProductRulePath | String
path of rule configuraiton | +| Basic.ProductRulePath | String
path of rule configuration | ### Example @@ -23,11 +24,12 @@ ProductRulePath = mod_prison/prison.data ## Rule Configuration ### Description + conf/mod_prison/prison.data | Config Item | Description | | ----------- | ------------------------------------------------------------ | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Object
Prison rules for each product | | Config{k} | String
Product name | | Config{v} | Array
A ordered list of prison rules | @@ -41,10 +43,10 @@ conf/mod_prison/prison.data | Config{v}[].AccessSignConf.UseHost | Boolean
Whether using host to generate access sign | | Config{v}[].AccessSignConf.UsePath | Boolean
Whether using path to generate access sign | | Config{v}[].AccessSignConf.UseHeaders | Boolean
Whether using headers to generate access sign | -| Config{v}[].AccessSignConf.UrlRegexp | String
Substrings in url matching UrlRegexp which are used for generating acess sign | -| Config{v}[].AccessSignConf.[]Qeury | Array
Qeury keys used for generating acess sign | -| Config{v}[].AccessSignConf.[]Header | Array
Header keys used for generating acess sign | -| Config{v}[].AccessSignConf.[]Cookie | Array
Cookie keys used for generating acess sign | +| Config{v}[].AccessSignConf.UrlRegexp | String
Substrings in url matching UrlRegexp which are used for generating access sign | +| Config{v}[].AccessSignConf.[]Qeury | Array
Qeury keys used for generating access sign | +| Config{v}[].AccessSignConf.[]Header | Array
Header keys used for generating access sign | +| Config{v}[].AccessSignConf.[]Cookie | Array
Cookie keys used for generating access sign | | Config{v}[].Action | Object
Prison action if visits exceed the limit | | Config{v}[].Action.Cmd | String
Name of prison action | | Config{v}[].Action.Params | Array
Parameters of prison action | @@ -54,8 +56,8 @@ conf/mod_prison/prison.data | Config{v}[].AccessDictSize | Integer
Size of LRU cache for access records | | Config{v}[].PrisonDictSize | Integer
Size of LRU cache for prison records | - ### Actions + | Action | Description | | -------------- | -------------------------------------------- | | CLOSE | Close the connection | @@ -94,4 +96,3 @@ conf/mod_prison/prison.data } } ``` - diff --git a/docs/en_us/modules/mod_redirect/mod_redirect.md b/docs/en_us/modules/mod_redirect/mod_redirect.md index 292e88628..06dc54bfc 100644 --- a/docs/en_us/modules/mod_redirect/mod_redirect.md +++ b/docs/en_us/modules/mod_redirect/mod_redirect.md @@ -1,17 +1,18 @@ # mod_redirect -## Introduction +## Introduction mod_redirect redirects HTTP requests based on defined rules. ## Module Configuration ### Description + conf/mod_redirect/mod_redirect.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | ### Example @@ -23,11 +24,12 @@ DataPath = mod_redirect/redirect.data ## Rule Configuration ### Description + conf/mod_redirect/redirect.data | Config Item | Description | | ----------- | ------------------------------------------------------------ | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Struct
Redirect rules for each product. | | Config{k} | String
Product name | | Config{v} | Object
A ordered list of redirect rules | @@ -40,6 +42,7 @@ conf/mod_redirect/redirect.data | Config{v}[].Status | Integer
Status code | ### Actions + | Action | Description | | -------------- | ----------------------------------------------------------------------------------- | | URL_SET | Redirect to specified URL | diff --git a/docs/en_us/modules/mod_rewrite/mod_rewrite.md b/docs/en_us/modules/mod_rewrite/mod_rewrite.md index f31942295..9230c7786 100644 --- a/docs/en_us/modules/mod_rewrite/mod_rewrite.md +++ b/docs/en_us/modules/mod_rewrite/mod_rewrite.md @@ -1,17 +1,18 @@ # mod_rewrite -## Introduction +## Introduction mod_rewrite modifies the URI of HTTP request based on defined rules. ## Module Configuration ### Description + conf/mod_rewrite/mod_rewrite.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | ### Example @@ -23,11 +24,12 @@ DataPath = mod_rewrite/rewrite.data ## Rule Configuration ### Description + conf/mod_rewrite/rewrite.data | Config Item | Description | | ----------- | ------------------------------------------------------------ | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Struct
Rewrite rules for each product | | Config{k} | String
Product name | | Config{v} | Object
A ordered list of rewrite rules | @@ -39,16 +41,16 @@ conf/mod_rewrite/rewrite.data | Config{v}[].Actions[].Params | Object
Parameters of rewrite action | | Config{v}[].Last | Integer
If true, stop to check the remaining rules | - ### Actions + | Action | Description | | ------------------------- | ---------------------------------------- | | HOST_SET | Set host to specified value | | HOST_SET_FROM_PATH_PREFIX | Set host to specified path prefix | | HOST_SUFFIX_REPLACE | Replace suffix of host | | PATH_SET | Set path to specified value | -| PATH_PREFIX_ADD | Add prefix to orignal path | -| PATH_PREFIX_TRIM | Trim prefix from orignal path | +| PATH_PREFIX_ADD | Add prefix to original path | +| PATH_PREFIX_TRIM | Trim prefix from original path | | QUERY_ADD | Add query | | QUERY_DEL | Delete query | | QUERY_DEL_ALL_EXCEPT | Del all queries except specified queries | @@ -77,4 +79,4 @@ conf/mod_rewrite/rewrite.data } } ``` - + \ No newline at end of file diff --git a/docs/en_us/modules/mod_secure_link/mod_secure_link.md b/docs/en_us/modules/mod_secure_link/mod_secure_link.md index 24ddbf47c..906bb7669 100644 --- a/docs/en_us/modules/mod_secure_link/mod_secure_link.md +++ b/docs/en_us/modules/mod_secure_link/mod_secure_link.md @@ -1,17 +1,18 @@ # mod_secure_link -## Introduction +## Introduction mod_secure_link is used to check authenticity of requested links, protect resources from unauthorized access, and limit link lifetime. ## Module Configuration ### Description + the basic config in: conf/mod_secure_link/mod_secure_link.conf | Config Item | Description | | -------------- | ------------------------------------ | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | | Log.OpenDebug | Boolean
Debug flag of module | ### Example @@ -27,6 +28,7 @@ OpenDebug = true ## Rule Configuration ### Description + conf/mod_secure_link/secure_link_rule.data | Config Item | Description | @@ -38,15 +40,15 @@ conf/mod_secure_link/secure_link_rule.data | Config{v}[].Cond | String
Condition expression, See [Condition](../../condition/condition_grammar.md) | | Config[v][].ChecksumKey | String
The key which stored Checksum Value in Query | | Config[v][].ExpiresKey | String
The key which stored Expired time in Query | -| Config[v][].ExpressionNodes | Array
Nodes which join caculate Checksum | +| Config[v][].ExpressionNodes | Array
Nodes which join calculate Checksum | | Config[v][].ExpressionNodes[].Type | String
Node Type, see Node Type to get more information | | Config[v][].ExpressionNodes[].Param | String
The param may be used to get Final Value | - ### Node Type -be supported node type and Caculate logic: -| type | Caculate logic | +be supported node type and Calculate logic: + +| type | Calculate logic | | ----------- | ---------------------- | | label | $Param | | query | req.URL.Query($Param) | @@ -55,8 +57,8 @@ be supported node type and Caculate logic: | uri | req.RequestURI | | remote_addr | req.RemoteAddr | - ### Example + ```json { "Version": "2019-12-10184356", @@ -86,6 +88,7 @@ be supported node type and Caculate logic: ``` ### Link generate logic + With above config, the pseudo code to generate link is: ``` @@ -112,10 +115,11 @@ func WrapSecureLinkParam (req *http.Request) { ``` step2: the sign logic in shell is: + ``` echo -n $origin | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = // one example: echo -n '2147483647/s/link127.0.0.1 secret' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = _e4Nc3iduzkWRm01TBBNYw -``` \ No newline at end of file +``` diff --git a/docs/en_us/modules/mod_static/mod_static.md b/docs/en_us/modules/mod_static/mod_static.md index bfb314946..c8508a03b 100644 --- a/docs/en_us/modules/mod_static/mod_static.md +++ b/docs/en_us/modules/mod_static/mod_static.md @@ -1,19 +1,21 @@ # mod_static -## Introduction +## Introduction mod_static serves static files. ## Module Configuration ### Description + conf/mod_static/mod_static.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | ### Example + ```ini [Basic] DataPath = mod_static/static_rule.data @@ -22,11 +24,12 @@ DataPath = mod_static/static_rule.data ## Rule Configuration ### Description + conf/mod_static/static_rule.data | Config Item | Description | | ----------- | ------------------------------------------------------------ | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Struct
Static rules for each product | | Config{k} | String
Product name | | Config{v} | Object
A ordered list of static rules | @@ -37,11 +40,13 @@ conf/mod_static/static_rule.data | Config{v}[].Action.Params | Object
Parameters of static action | ### Actions + | Action | Description | | ------------------------- | ---------------------------------- | | BROWSE | Serve static files.
The first parameter is the location of root directory.
The second parameter is the name of default file.| ### Example + ```json { "Config": { @@ -70,4 +75,3 @@ conf/mod_static/static_rule.data | FILE_CURRENT_OPENED | Counter for current opend files | | FILE_BROWSE_NOT_EXIST | Counter for "file not exists" requests | | FILE_BROWSE_SIZE | Total served file size | - diff --git a/docs/en_us/modules/mod_tag/mod_tag.md b/docs/en_us/modules/mod_tag/mod_tag.md index bb8ad926b..584ca0cbe 100644 --- a/docs/en_us/modules/mod_tag/mod_tag.md +++ b/docs/en_us/modules/mod_tag/mod_tag.md @@ -1,20 +1,22 @@ # mod_tag -## Introduction +## Introduction mod_tag sets tags for requests based on defined rules. ## Module Configuration ### Description + conf/mod_tag/mod_tag.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | | Log.OpenDebug | Boolean
Debug flag of module | ### Example + ```ini [Basic] DataPath = mod_tag/tag_rule.data @@ -26,11 +28,12 @@ OpenDebug = true ## Rule Configuration ### Description + conf/mod_tag/tag_rule.data | Config Item | Description | | ----------- | ------------------------------------------------------- | -| Version | String
Verson of the config file | +| Version | String
Version of the config file | | Config | Object
Tag rules for each product | | Config{k} | String
Product name | | Config{v} | Object
A list of tag rules | diff --git a/docs/en_us/modules/mod_tcp_keepalive/mod_tcp_keepalive.md b/docs/en_us/modules/mod_tcp_keepalive/mod_tcp_keepalive.md index cecaadd46..e64f1d1d5 100644 --- a/docs/en_us/modules/mod_tcp_keepalive/mod_tcp_keepalive.md +++ b/docs/en_us/modules/mod_tcp_keepalive/mod_tcp_keepalive.md @@ -18,6 +18,7 @@ conf/mod_tcp_keepalive/mod_tcp_keepalive.conf | Log.OpenDebug | Boolean
Open debug mode or not | ### Example + ```ini [Basic] DataPath = ../data/mod_tcp_keepalive/tcp_keepalive.data diff --git a/docs/en_us/modules/mod_trace/mod_trace.md b/docs/en_us/modules/mod_trace/mod_trace.md index 81983348c..9b8eb34a5 100644 --- a/docs/en_us/modules/mod_trace/mod_trace.md +++ b/docs/en_us/modules/mod_trace/mod_trace.md @@ -1,21 +1,22 @@ # mod_trace -## Introduction +## Introduction mod_trace enables tracing for requests based on defined rules. ## Module Configuration ### Description + conf/mod_trace/mod_trace.conf - + #### Basic Configuration | Config Item | Description | | ------------------------------| --------------------------------| -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | | Basic.ServiceName | String
Service name | -| Basic.TraceAgent | String
Which trace agent to use (jaeger/zipkin) | +| Basic.TraceAgent | String
Which trace agent to use (jaeger/zipkin) | | Log.OpenDebug | Boolean
Debug flag of module | #### Configuration about Zipkin @@ -34,7 +35,7 @@ mod_trace enables tracing for requests based on defined rules. | Jaeger.SamplingServerURL | String
The address of jaeger-agent's HTTP sampling server | | Jaeger.SamplingType | String
The type of the sampler: const, probabilistic, rateLimiting, or remote | | Jaeger.SamplingParam | Float
Param passed to the sampler | -| Jaeger.LocalAgentHostPort | String
The address of jaeger-agent which recives spans | +| Jaeger.LocalAgentHostPort | String
The address of jaeger-agent which receives spans | | Jaeger.Propagation | String
Which propagation format to use (jaeger/b3) | | Jaeger.Gen128Bit | Boolean
Whether to use 128 bit root span IDs | | Jaeger.TraceContextHeaderName | String
The http header name used to propagate tracing context | @@ -49,7 +50,6 @@ mod_trace enables tracing for requests based on defined rules. | Elastic.ServerURL | String
Set the URL of the Elastic APM server | | Elastic.SecretToken | String
Set the token used to connect to Elastic APM Server | - ### Example #### Example for Zipkin @@ -161,11 +161,12 @@ SecretToken = "" ## Rule Configuration ### Description + conf/mod_trace/trace_rule.data | Config Item | Description | | -------------------------- | -------------------------------------------- | -| Version | String
Verson of the config file | +| Version | String
Version of the config file | | Config | Object
Trace rules for each product | | Config[k] | String
Product name | | Config[v] | Object
A list of trace rules | diff --git a/docs/en_us/modules/mod_trust_clientip/mod_trust_clientip.md b/docs/en_us/modules/mod_trust_clientip/mod_trust_clientip.md index ee7fa3962..6ebbe1db5 100644 --- a/docs/en_us/modules/mod_trust_clientip/mod_trust_clientip.md +++ b/docs/en_us/modules/mod_trust_clientip/mod_trust_clientip.md @@ -1,32 +1,35 @@ # mod_trust_clientip -## Introduction +## Introduction -mod_trust_clientip checkes the client IP of incoming request/connnection against trusted ip dictionary. If matched, the request/connection is marked as trusted. +mod_trust_clientip checks the client IP of incoming request/connnection against trusted ip dictionary. If matched, the request/connection is marked as trusted. ## Module Configuration ### Description + conf/mod_trust_clientip/mod_trust_clientip.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | ### Example + ```ini [Basic] DataPath = mod_trust_clientip/trust_client_ip.data ``` -## Rule Configuraiton +## Rule Configuration ### Description + conf/mod_trust_clientip/trust_client_ip.data | Config Item | Type | Description | | ----------------- | ------ | --------------------------------------------------------------- | -| Version | String | Verson of config file | +| Version | String | Version of config file | | Config | Object | Trusted ip config | | Config{k} | Struct | Label | Config{v} | String | A list of ip segments | @@ -35,6 +38,7 @@ DataPath = mod_trust_clientip/trust_client_ip.data | Config{v}[].End | String | End ip address | ### Example + ```json { "Version": "20190101000000", @@ -56,5 +60,4 @@ DataPath = mod_trust_clientip/trust_client_ip.data | CONN_ADDR_INTERNAL | Counter for connection from internal | | CONN_ADDR_INTERNAL_NOT_TRUST | Counter for connection from internal and not trust | | CONN_TOTAL | Counter for all connnetion checked | -| CONN_TRUST_CLIENTIP | Counter for connnection from trust address | - +| CONN_TRUST_CLIENTIP | Counter for connection from trust address | diff --git a/docs/en_us/modules/mod_userid/mod_userid.md b/docs/en_us/modules/mod_userid/mod_userid.md index 8f700feab..ed85feb82 100644 --- a/docs/en_us/modules/mod_userid/mod_userid.md +++ b/docs/en_us/modules/mod_userid/mod_userid.md @@ -1,20 +1,22 @@ # mod_userid -## Introduction +## Introduction mod_userid generates user id for client identification. ## Module Configuration ### Description + conf/mod_userid/mod_userid.conf | Config Item | Description | | ----------- | --------------------------------------- | -| Basic.DataPath | String
Path of rule configuraiton | +| Basic.DataPath | String
Path of rule configuration | | Log.OpenDebug | Boolean
Debug flag of module | ### Example + ```ini [Basic] DataPath = mod_userid/userid_rule.data @@ -26,11 +28,12 @@ OpenDebug = true ## Rule Configuration ### Description + conf/mod_userid/userid_rule.data | Config Item | Description | | ----------- | ------------------------------------------------------- | -| Version | String
Verson of config file | +| Version | String
Version of config file | | Config | Object
Rules for each product | | Config{k} | String
Product name | | Config{v} | Object
A list of rules | @@ -42,6 +45,7 @@ conf/mod_userid/userid_rule.data | Config{v}[].Params.MaxAge | Integer
The cookie max age | ### Example + ```json { "Version": "2019-12-10184356", diff --git a/docs/en_us/modules/modules.md b/docs/en_us/modules/modules.md index 73d88087d..2cff4f821 100644 --- a/docs/en_us/modules/modules.md +++ b/docs/en_us/modules/modules.md @@ -20,4 +20,3 @@ - [mod_trace](mod_trace/mod_trace.md) - [mod_trust_clientip](mod_trust_clientip/mod_trust_clientip.md) - [mod_userid](mod_userid/mod_userid.md) - diff --git a/docs/en_us/monitor/bal_state.md b/docs/en_us/monitor/bal_state.md index 1ee478193..38bbfb67b 100644 --- a/docs/en_us/monitor/bal_state.md +++ b/docs/en_us/monitor/bal_state.md @@ -13,4 +13,3 @@ The endpoint `/monitor/bal_state` exposes metrics about subcluster level load ba | ERR_BK_NO_SUB_CLUSTER_CROSS | Counter for no cross sub-cluster found | | ERR_BK_RETRY_TOO_MANY | Counter for reaching retry max times | | ERR_GSLB_BLACKHOLE | Counter for denying by blackhole | - diff --git a/docs/en_us/monitor/bal_table_status.md b/docs/en_us/monitor/bal_table_status.md index 4e3e6d3da..09ad1698a 100644 --- a/docs/en_us/monitor/bal_table_status.md +++ b/docs/en_us/monitor/bal_table_status.md @@ -17,4 +17,3 @@ The endpoint `/monitor/bal_table_status` exposes metrics about backend clusters. | ------------ | ------------------------------------------------------------ | | SubClusters | State of sub-cluster, it is map data, key is sub-cluster name, value is number of sub-cluster backend | | BackendNum | Number of sub-cluster backend | - diff --git a/docs/en_us/monitor/http2_state.md b/docs/en_us/monitor/http2_state.md index 7c2f308b2..441cd5486 100644 --- a/docs/en_us/monitor/http2_state.md +++ b/docs/en_us/monitor/http2_state.md @@ -11,7 +11,7 @@ The endpoint `/monitor/http2_state` exposes metrics about HTTP2 protocol. | H2_ERR_MAX_HEADER_LIST_SIZE | Counter for reaching max size of header list | | H2_ERR_MAX_HEADER_URI_SIZE | Counter for reaching max size of header URI | | H2_ERR_MAX_STREAM_PER_CONN | Counter for reaching advertised concurrent stream limit | -| H2_ERR_GOT_RESET | Counter for gettting RST_STREAM | +| H2_ERR_GOT_RESET | Counter for getting RST_STREAM | | H2_PANIC_CONN | Counter for connection panic | | H2_PANIC_STREAM | Counter for stream panic | | H2_REQ_HEADER_COMPRESS_SIZE | Size of request header after compress | @@ -23,4 +23,3 @@ The endpoint `/monitor/http2_state` exposes metrics about HTTP2 protocol. | H2_TIMEOUT_READ_STREAM | Counter for timeout of waiting for reading stream | | H2_TIMEOUT_SETTING | Counter for timeout of waiting for SETTINGS frames | | H2_TIMEOUT_WRITE_STREAM | Counter for timeout of waiting for writing stream | - diff --git a/docs/en_us/monitor/http_state.md b/docs/en_us/monitor/http_state.md index e802868f1..e81cd16c5 100644 --- a/docs/en_us/monitor/http_state.md +++ b/docs/en_us/monitor/http_state.md @@ -16,4 +16,3 @@ The endpoint `/monitor/http_state` exposes metrics about HTTP protocol. | HTTP_PANIC_BACKEND_WRITE | Counter for writing backend panic | | HTTP_PANIC_CLIENT_FLUSH_LOOP | Counter for client flushing loop panic | | HTTP_PANIC_CLIENT_WATCH_LOOP | Counter for client watching loop panic | - diff --git a/docs/en_us/monitor/latency.md b/docs/en_us/monitor/latency.md index 6e053a952..a2b3eb8bc 100644 --- a/docs/en_us/monitor/latency.md +++ b/docs/en_us/monitor/latency.md @@ -2,7 +2,7 @@ ## Introduction -| Endpoint | Description | +| Endpoint | Description | | ------------------------------------- | ----------------- | | /monitor/proxy_handshake_delay | Latency of the TLS handshake | | /monitor/proxy_handshake_full_delay | Latency of the TLS full handshake | @@ -18,13 +18,13 @@ | ProgramName | Program name | | KeyPrefix | Key prefix | | CurrTime | Start time of current statistics | -| Current | Latency histgram for current statistics | +| Current | Latency histogram for current statistics | | PastTime | Start time of last statistics | -| Past | Latency histgram for last statistics | +| Past | Latency histogram for last statistics | ## Special Notes for Prometheus format -BFE can expose metrics in various formats. +BFE can expose metrics in various formats. Unlike other formats, in the Prometheus format latency histogram, counter for a bucket with lager upper bound will include the number of events in buckets with smaller upper bound. See [Histogram](https://prometheus.io/docs/concepts/metric_types/#histogram) in Prometheus document for more detail. diff --git a/docs/en_us/monitor/module_status.md b/docs/en_us/monitor/module_status.md index a9fcb117c..1348274ce 100644 --- a/docs/en_us/monitor/module_status.md +++ b/docs/en_us/monitor/module_status.md @@ -2,7 +2,7 @@ ## Introduction -The endpoint `/monitor/modules` exposes informations about modules. +The endpoint `/monitor/modules` exposes information about modules. ## Metrics @@ -12,4 +12,3 @@ The endpoint `/monitor/modules` exposes informations about modules. | enabled | List of enable modules | For more details about metrics of each module, see [BFE modules](../modules/modules.md). - diff --git a/docs/en_us/monitor/proxy_mem_stat.md b/docs/en_us/monitor/proxy_mem_stat.md index d7f31dbed..2494b50b9 100644 --- a/docs/en_us/monitor/proxy_mem_stat.md +++ b/docs/en_us/monitor/proxy_mem_stat.md @@ -1,4 +1,4 @@ -# Memory +# Memory ## Introduction @@ -7,4 +7,3 @@ The endpoint `/monitor/proxy_mem_stat` expose information about memory. ## Metrics See [golang runtime.MemStats](https://golang.org/pkg/runtime/#MemStats) - diff --git a/docs/en_us/monitor/tls_state.md b/docs/en_us/monitor/tls_state.md index e56e38727..ebbc93ccb 100644 --- a/docs/en_us/monitor/tls_state.md +++ b/docs/en_us/monitor/tls_state.md @@ -24,4 +24,3 @@ The endpoint `/monitor/tls_state` exposes metrics about TLS protocol. | TLS_HANDSHAKE_SSLV2_NOT_SUPPORT | Counter for unsupported SSLv2 handshake received | | TLS_HANDSHAKE_ZERO_DATA | Counter for zero data | | TLS_STATUS_REQUEST_EXT_COUNT | Counter for request extensions | - diff --git a/docs/en_us/monitor/websocket_state.md b/docs/en_us/monitor/websocket_state.md index 0a87c8dd5..2282eef06 100644 --- a/docs/en_us/monitor/websocket_state.md +++ b/docs/en_us/monitor/websocket_state.md @@ -17,4 +17,3 @@ The endpoint `/monitor/websocket_state` exposes metrics about WebSocket. | WEB_SOCKET_ERR_PROXY | Counter for finding backend | | WEB_SOCKET_ERR_TRANSFER | Counter for transfer error | | WEB_SOCKET_PANIC_CONN | Counter for connection panic | - diff --git a/docs/en_us/operation/capture_packet.md b/docs/en_us/operation/capture_packet.md index 9d24946c6..fc608c4d8 100644 --- a/docs/en_us/operation/capture_packet.md +++ b/docs/en_us/operation/capture_packet.md @@ -18,7 +18,7 @@ Use wireshark to open packet capture file. ### Ciphertext traffic -For TLS-based encrypted traffic, you can use mod_key_log and wireshark for analysis. +For TLS-based encrypted traffic, you can use mod_key_log and wireshark for analysis. * Step1: Enable mod_key_log module and save the TLS session key to key.log file * Note:modify bfe.conf and enable mod_key_log, See module configuration [mod_key_log](../modules/mod_key_log/mod_key_log.md) for details diff --git a/docs/en_us/operation/log_rotation.md b/docs/en_us/operation/log_rotation.md index 4ec863f05..1134bd66b 100644 --- a/docs/en_us/operation/log_rotation.md +++ b/docs/en_us/operation/log_rotation.md @@ -3,7 +3,7 @@ ## Introdution As time passes, the size of log files increases and occupies more and more disk space. -BFE has a built-in feature of log file rotation which can automatically rotate log files, +BFE has a built-in feature of log file rotation which can automatically rotate log files, remove old ones and retain the recent ones. ## Description diff --git a/docs/en_us/operation/monitor.md b/docs/en_us/operation/monitor.md index 0e774c3ee..6d3af6992 100644 --- a/docs/en_us/operation/monitor.md +++ b/docs/en_us/operation/monitor.md @@ -3,6 +3,7 @@ BFE has a variety of built-in metrics which can be exposed in various formats. ## Configure monitor port + Set monitor port in the BFE core configuration file (conf/bfe.conf). ```ini @@ -11,6 +12,7 @@ MonitorPort = 8421 ``` ## Fetch metric categories + Visit the following address for a list of available metric categories ``` @@ -25,7 +27,7 @@ http://:8421/monitor/ ## Fetch metric data in specified format -Currently supported formats: +Currently supported formats: * [prometheus](https://prometheus.io/) * kv @@ -36,4 +38,3 @@ Specify the format of the output like below: ``` http://:8421/monitor/proxy_state?format=prometheus ``` - diff --git a/docs/en_us/operation/performance.md b/docs/en_us/operation/performance.md index 0ca319006..636298c70 100644 --- a/docs/en_us/operation/performance.md +++ b/docs/en_us/operation/performance.md @@ -24,9 +24,11 @@ Which contains stackcollpase-go.pl and flamegraph.pl tools ## Step * Get performance sampling data + ```bash $ go tool pprof -seconds=60 -raw -output=bfe.pprof http://:/debug/pprof/profile ``` + Note: seconds=60 means capturing 60 seconds of stack samples * Transform and draw FlameGraph diff --git a/docs/en_us/operation/signal.md b/docs/en_us/operation/signal.md index ac6e57901..b87d166d7 100644 --- a/docs/en_us/operation/signal.md +++ b/docs/en_us/operation/signal.md @@ -1,7 +1,9 @@ # System signals ## SIGQUIT -Gracefully shutdown the bfe process. + +Gracefully shutdown the bfe process. ## SIGTERM + Forcefully exits the bfe process directly. diff --git a/docs/zh_cn/ABOUT.md b/docs/zh_cn/ABOUT.md index 9c4fb4588..e21fa488a 100644 --- a/docs/zh_cn/ABOUT.md +++ b/docs/zh_cn/ABOUT.md @@ -20,5 +20,4 @@ BFE文档由以下几个主要部分组成: * 条件原语: BFE条件原语的详细说明 - 如果文档没有包含您关注的内容或问题, 请在[Github](https://github.com/bfenetworks/bfe/issues)提交反馈 diff --git a/docs/zh_cn/COMMUNITY.md b/docs/zh_cn/COMMUNITY.md index 82a0cd2d7..9d9cd785e 100644 --- a/docs/zh_cn/COMMUNITY.md +++ b/docs/zh_cn/COMMUNITY.md @@ -13,14 +13,17 @@ **Issue tracker**: 在[GitHub issue tracker](https://github.com/bfenetworks/bfe/issues) 反馈bug或功能需求。 ## 参与开发 + 衷心感谢您的贡献,欢迎您访问Github上[BFE项目](https://github.com/bfenetworks/bfe), 并按[流程](https://github.com/bfenetworks/bfe/blob/develop/CONTRIBUTING.md)参与贡献代码及文档。 ## 项目治理 + BFE是独立的开源项目,BFE项目遵循如下[管理办法](https://github.com/bfenetworks/bfe/blob/develop/GOVERNANCE.md)。 ## 行为准则 + 为了构建一个受欢迎且无骚扰的社区,BFE社区应遵循如下[行为准则](https://github.com/bfenetworks/bfe/blob/develop/CODE_OF_CONDUCT.md)。 ## 申请专项合作 -欢迎[邮件](mailto:bfe-osc@baidu.com)我们洽谈。 +欢迎[邮件](mailto:bfe-osc@baidu.com)我们洽谈。 diff --git a/docs/zh_cn/DOWNLOAD.md b/docs/zh_cn/DOWNLOAD.md index 4056616bb..14f06ca29 100644 --- a/docs/zh_cn/DOWNLOAD.md +++ b/docs/zh_cn/DOWNLOAD.md @@ -11,7 +11,6 @@ BFE提供预编译二进制文件供下载。也可在GitHub下载各平台[最 | [bfe_1.4.0_linux_arm64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.4.0/bfe_1.4.0_linux_arm64.tar.gz) | linux | arm64 | 8.8 MB | 33de43a45fd6c6414b4359aa2c3e1141d2299ee07ad6dfb48d2afd1af1561734 | | [bfe_1.4.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.4.0/bfe_1.4.0_windows_amd64.tar.gz) | windows | amd64 | 9.59 MB | c637b5917a428850dde470e915eaac3076707da8959392d38bce70eee2190767 | - ## bfe v1.3.0 * 2021-09-16 [发布说明](https://github.com/bfenetworks/bfe/releases/tag/v1.3.0) @@ -23,7 +22,6 @@ BFE提供预编译二进制文件供下载。也可在GitHub下载各平台[最 | [bfe_1.3.0_linux_arm64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.3.0/bfe_1.3.0_linux_arm64.tar.gz) | linux | arm64 | 8.72 MB | 43e9fdf9e909af6365727ee88c2b78d9e825f8828d5b2050f4cb8c6b6fb0add2 | | [bfe_1.3.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.3.0/bfe_1.3.0_windows_amd64.tar.gz) | windows | amd64 | 9.48 MB | 87cdadbfa5e7bbd413b1fc853c0824971fdb2777c111c3dea22893c3a48363b8 | - ## bfe v1.2.0 * 2021-06-21 [发布说明](https://github.com/bfenetworks/bfe/releases/tag/v1.2.0) @@ -35,7 +33,6 @@ BFE提供预编译二进制文件供下载。也可在GitHub下载各平台[最 | [bfe_1.2.0_linux_arm64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.2.0/bfe_1.2.0_linux_arm64.tar.gz) | linux | arm64 | 11.8 MB | 87c83da7e182fe556f60be951c7c611f9ae144fa04d87986a5c18bcd93d9dde9 | | [bfe_1.2.0_windows_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v1.2.0/bfe_1.2.0_windows_amd64.tar.gz) | windows | amd64 | 12.1 MB | e1b920fd6d8a4454120822e1640d2fd65c90fd7ec77983a661f426c82918cecd | - ## bfe v1.1.0 * 2021-04-08 [发布说明](https://github.com/bfenetworks/bfe/releases/tag/v1.1.0) @@ -68,7 +65,6 @@ BFE提供预编译二进制文件供下载。也可在GitHub下载各平台[最 | [bfe_0.10.0_linux_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v0.10.0/bfe_0.10.0_linux_amd64.tar.gz) | linux | amd64 | 7.36 MB | f8b136990daf5f59498c7f86a9adcbabc6c93b1599614bb9d32796b538537a9c | | [bfe_0.10.0_windows_amd64.zip](https://github.com/bfenetworks/bfe/releases/download/v0.10.0/bfe_0.10.0_windows_amd64.zip) | windows | amd64 | 5.99 MB | 914ec8025ad6c5dc57e59f4a93a3a562c2be1f71c475d7022b9ad74f6223b861 | - ## bfe v0.9.0 * 2020-04-16 [发布说明](https://github.com/bfenetworks/bfe/releases/tag/v0.9.0) @@ -78,4 +74,3 @@ BFE提供预编译二进制文件供下载。也可在GitHub下载各平台[最 | [bfe_0.9.0_darwin_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v0.9.0/bfe_0.9.0_darwin_amd64.tar.gz) | darwin | amd64 | 9.75 MB | 3bdbb80cc4946bc85b7295fc86ca86800e7811d20f37b36037aadfc7df718ad9 | | [bfe_0.9.0_linux_amd64.tar.gz](https://github.com/bfenetworks/bfe/releases/download/v0.9.0/bfe_0.9.0_linux_amd64.tar.gz) | linux | amd64 | 10.90 MB | 9b6aaac88651d88e86e67835b5ae0bdbe1c76076382b198f0aeb0b94b7572887 | | [bfe_0.9.0_windows_amd64.zip](https://github.com/bfenetworks/bfe/releases/download/v0.9.0/bfe_0.9.0_windows_amd64.zip) | windows | amd64 | 9.75 MB | 4079f97b544b3070bec3ad65a28ccb816290890a278a51c88c81c15405c1f8cf | - diff --git a/docs/zh_cn/SUMMARY.md b/docs/zh_cn/SUMMARY.md index 176d587ce..b80e52c08 100644 --- a/docs/zh_cn/SUMMARY.md +++ b/docs/zh_cn/SUMMARY.md @@ -91,7 +91,7 @@ * [性能相关](faq/performance.md) * [开发相关](faq/development.md) * 附录A: 监控 - * 协议 + * 协议 * [TLS](monitor/tls_state.md) * [HTTP](monitor/http_state.md) * [HTTP2](monitor/http2_state.md) diff --git a/docs/zh_cn/condition/condition_grammar.md b/docs/zh_cn/condition/condition_grammar.md index 27ef697cb..654101805 100644 --- a/docs/zh_cn/condition/condition_grammar.md +++ b/docs/zh_cn/condition/condition_grammar.md @@ -14,6 +14,7 @@ req_host_in("bfe-networks.com|bfe-networks.org") - BFE支持一系列预定义的内置[条件原语](condition_primitive_index.md) ### 条件表达式 + - 条件表达式是多个条件原语与操作符(例如与、或、非)的组合 ```go @@ -33,6 +34,7 @@ bfe_host = req_host_in("bfe-networks.com") ``` ### 高级条件表达式 + - 高级条件表达式是多个条件原语和条件变量与操作符(例如与、或、非)的组合 - 在高级条件表达式中,条件变量以$前缀作为标示 @@ -90,4 +92,4 @@ ACE = ACE && ACE | 1 | () | 括号 | 从左至右 | | 2 | ! | 逻辑非 | 从右至左 | | 3 | && | 逻辑与 | 从左至右 | -| 4 | \|\| | 逻辑或 | 从左至右 | \ No newline at end of file +| 4 | \|\| | 逻辑或 | 从左至右 | diff --git a/docs/zh_cn/condition/condition_naming_convention.md b/docs/zh_cn/condition/condition_naming_convention.md index a2ce6266c..33458d2da 100644 --- a/docs/zh_cn/condition/condition_naming_convention.md +++ b/docs/zh_cn/condition/condition_naming_convention.md @@ -3,6 +3,7 @@ 条件原语名称会使用以下规范: ## 条件原语名称前缀 + - 针对Request的原语,会以"**req_**"开头 - 如:req_host_in() @@ -16,6 +17,7 @@ - 如:bfe_time_range() ## 条件原语中比较的动作名称 + - **match**:精确匹配 - 如:req_tag_match() - **in**:值是否在某个集合中 diff --git a/docs/zh_cn/condition/condition_primitive_index.md b/docs/zh_cn/condition/condition_primitive_index.md index 12b235b63..7b5a4ba85 100644 --- a/docs/zh_cn/condition/condition_primitive_index.md +++ b/docs/zh_cn/condition/condition_primitive_index.md @@ -1,54 +1,114 @@ # 条件原语索引 ## 请求相关 + +### cip + * [req_cip_hash_in(value_list)](./request/ip.md#req_cip_hash_invalue_list) * [req_cip_range(start_ip, end_ip)](./request/ip.md#req_cip_rangestart_ip-end_ip) * [req_cip_trusted()](./request/ip.md#req_cip_trusted) + +### context + + * [req_context_value_in(key, value_list, case_insensitive)](./request/context.md#req_context_value_inkey-value_list-case_insensitive) + +### cookie + * [req_cookie_key_in(key_list)](./request/cookie.md#req_cookie_key_inkey_list) * [req_cookie_value_contain(key, value, case_insensitive)](./request/cookie.md#req_cookie_value_containkey-value-case_insensitive) - * [req_cookie_value_in(key, value_list, case_insensitive)](./request/cookie.md#req_cookie_value_inkey-value_list-case_insensitive) * [req_cookie_value_hash_in(key, value_list, case_insensitive)](./request/cookie.md#req_cookie_value_hash_inkey-value_list-case_insensitive) + * [req_cookie_value_in(key, value_list, case_insensitive)](./request/cookie.md#req_cookie_value_inkey-value_list-case_insensitive) * [req_cookie_value_prefix_in(key, value_prefix_list, case_insensitive)](./request/cookie.md#req_cookie_value_prefix_inkey-value_prefix_list-case_insensitive) * [req_cookie_value_suffix_in(key, value_suffix_list, case_insensitive)](./request/cookie.md#req_cookie_value_suffix_inkey-value_suffix_list-case_insensitive) + +### header + * [req_header_key_in(key_list)](./request/header.md#req_header_key_inkey_list) * [req_header_value_contain(key, value_list, case_insensitive)](./request/header.md#req_header_value_containheader_name-value_list-case_insensitive) - * [req_header_value_in(header_name, value_list, case_insensitive)](./request/header.md#req_header_value_inheader_name-value_list-case_insensitive) * [req_header_value_hash_in(header_name, value_list, case_insensitive)](./request/header.md#req_header_value_hash_inheader_name-value_list-case_insensitive) + * [req_header_value_in(header_name, value_list, case_insensitive)](./request/header.md#req_header_value_inheader_name-value_list-case_insensitive) * [req_header_value_prefix_in(header_name, value_prefix_list, case_insensitive)](./request/header.md#req_header_value_prefix_inheader_name-value_prefix_list-case_insensitive) * [req_header_value_suffix_in(header_name, value_suffix_list, case_insensitive)](./request/header.md#req_header_value_suffix_inheader_name-value_suffix_list-case_insensitive) + +### host + * [req_host_in(host_list)](./request/uri.md#req_host_inhost_list) + +### method + * [req_method_in(method_list)](./request/method.md#req_method_inmethod_list) - * [req_proto_secure()](./request/protocol.md#req_proto_secure) - * [req_tag_match(tagName, tagValue)](./request/tag.md#req_tag_matchtagname-tagvalue) - * [req_path_in(path_list, case_insensitive)](./request/uri.md#req_path_inpath_list-case_insensitive) + +### path + * [req_path_contain(path_list, case_insensitive)](./request/uri.md#req_path_containpath_list-case_insensitive) - * [req_path_prefix_in(prefix_list, case_insensitive)](./request/uri.md#req_path_prefix_inprefix_list-case_insensitive) * [req_path_element_prefix_in(prefix_list, case_insensitive)](./request/uri.md#req_path_element_prefix_inprefix_list-case_insensitive) + * [req_path_in(path_list, case_insensitive)](./request/uri.md#req_path_inpath_list-case_insensitive) + * [req_path_prefix_in(prefix_list, case_insensitive)](./request/uri.md#req_path_prefix_inprefix_list-case_insensitive) * [req_path_suffix_in(suffix_list, case_insensitive)](./request/uri.md#req_path_suffix_insuffix_list-case_insensitive) + +### port + + * [req_port_in(port_list)](./request/uri.md#req_port_inport_list) + +### protocol + + * [req_proto_secure()](./request/protocol.md#req_proto_secure) + +### query + * [req_query_key_in(key_list)](./request/uri.md#req_query_key_inkey_list) * [req_query_key_prefix_in(prefix_list)](./request/uri.md#req_query_key_prefix_inprefix_list) - * [req_query_value_in(key, value_list, case_insensitive)](./request/uri.md#req_query_value_inkey-value_list-case_insensitive) * [req_query_value_hash_in(key, value_list, case_insensitive)](./request/uri.md#req_query_value_hash_inkey-value_list-case_insensitive) + * [req_query_value_in(key, value_list, case_insensitive)](./request/uri.md#req_query_value_inkey-value_list-case_insensitive) * [req_query_value_prefix_in(key, prefix_list, case_insensitive)](./request/uri.md#req_query_value_prefix_inkey-prefix_list-case_insensitive) * [req_query_value_suffix_in(key, suffix_list, case_insensitive)](./request/uri.md#req_query_value_suffix_inkey-suffix_list-case_insensitive) - * [req_port_in(port_list)](./request/uri.md#req_port_inport_list) + +### tag + + * [req_tag_match(tagName, tagValue)](./request/tag.md#req_tag_matchtagname-tagvalue) + +### url + * [req_url_regmatch(reg_exp)](./request/uri.md#req_url_regmatchreg_exp) + +### vip + * [req_vip_in(vip_list)](./request/ip.md#req_vip_invip_list) * [req_vip_range(start_ip, end_ip)](./request/ip.md#req_vip_rangestart_ip-end_ip) ## 响应相关 + +### code + * [res_code_in(codes)](./response/code.md#res_code_incodes) + +### header + * [res_header_key_in(key_list)](./response/header.md#res_header_key_inkey_list) * [res_header_value_in(key, value_list, case_insensitive)](./response/header.md#res_header_value_inkey-value_list-case_insensitive) ## 会话相关 + +### sip + * [ses_sip_range(start_ip, end_ip)](./session/ip.md#ses_sip_rangestart_ip-end_ip) - * [ses_vip_range(start_ip, end_ip)](./session/ip.md#ses_vip_rangestart_ip-end_ip) - * [ses_tls_sni_in(host_list)](./session/tls.md#ses_tls_sni_inhost_list) + +### tls client + * [ses_tls_client_auth()](./session/tls.md#ses_tls_client_auth) * [ses_tls_client_ca_in(ca_list)](./session/tls.md#ses_tls_client_ca_inca_list) +### tls sni + + * [ses_tls_sni_in(host_list)](./session/tls.md#ses_tls_sni_inhost_list) + +### vip + + * [ses_vip_range(start_ip, end_ip)](./session/ip.md#ses_vip_rangestart_ip-end_ip) + ## 系统相关 - * [bfe_time_range(start_time, end_time)](./system/time.md#bfe_time_rangestart_time-end_time) - * [bfe_periodic_time_range(start_time, end_time, period)](./system/time.md#bfe_periodic_time_rangestart_time-end_time-period) +### time + + * [bfe_periodic_time_range(start_time, end_time, period)](./system/time.md#bfe_periodic_time_rangestart_time-end_time-period) + * [bfe_time_range(start_time, end_time)](./system/time.md#bfe_time_rangestart_time-end_time) diff --git a/docs/zh_cn/condition/request/context.md b/docs/zh_cn/condition/request/context.md new file mode 100644 index 000000000..3c8f52b60 --- /dev/null +++ b/docs/zh_cn/condition/request/context.md @@ -0,0 +1,16 @@ +## req_context_value_in(key, value_list, case_insensitive) + +* 含义: 判断请求context中key的值是否精确匹配value_list之一 +* 参数 + +| 参数 | 描述 | +| -------- | ---------------------- | +| key | String
context中的key | +| value_list | String
value列表,多个之间使用‘|’连接 | +| case_insensitive | Boolean
是否忽略大小写 | + +* 示例 + +```go +req_context_value_in("cmd", "add|del|list", true) +``` diff --git a/docs/zh_cn/condition/request/cookie.md b/docs/zh_cn/condition/request/cookie.md index b886916ed..26cd718b9 100644 --- a/docs/zh_cn/condition/request/cookie.md +++ b/docs/zh_cn/condition/request/cookie.md @@ -1,90 +1,101 @@ # 请求Cookie相关条件原语 ## req_cookie_key_in(key_list) + * 含义: 判断Cookie key是否为key_list之一 * 参数 | 参数 | 描述 | | -------- | ---------------------- | -| key_list | String
key列表,多个之间使用‘|’连接 | +| key_list | String
key列表,多个之间使用‘|’连接 | * 示例 + ```go req_cookie_key_in("uid|cid|uss") ``` ## req_cookie_value_in(key, value_list, case_insensitive) + * 含义: 判断cookie中key对应的值是否为value_list之一 * 参数 | 参数 | 描述 | | -------- | ---------------------- | | key | String
cookie中的key | -| value_list | String
value列表,多个之间使用‘|’连接 | +| value_list | String
value列表,多个之间使用‘|’连接 | | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_cookie_value_in("deviceid", "testid", true) ``` ## req_cookie_value_prefix_in(key, prefix_list, case_insensitive) + * 含义: 判断cookie中key的值是否前缀匹配prefix_list之一 * 参数 | 参数 | 描述 | | -------- | ---------------------- | | key | String
cookie中的key | -| prefix_list | String
prefix列表,多个之间使用‘|’连接 | +| prefix_list | String
prefix列表,多个之间使用‘|’连接 | | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_cookie_value_prefix_in("deviceid", "x", true) ``` ## req_cookie_value_suffix_in(key, suffix_list, case_insensitive) + * 含义: 判断cookie中key的值是否后缀匹配suffix_list之一 * 参数 | 参数 | 描述 | | -------- | ---------------------- | | key | String
cookie中的key | -| suffix_list | String
suffix列表,多个之间使用‘|’连接 | +| suffix_list | String
suffix列表,多个之间使用‘|’连接 | | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_cookie_value_suffix_in("deviceid", "1", true) ``` ## req_cookie_value_hash_in(key, hash_value_list, case_insensitive) + * 含义: 对cookie中key的值哈希取模,判断是否匹配hash_value_list之一(模值0~9999) * 参数 | 参数 | 描述 | | -------- | ---------------------- | | key | String
cookie中的key | -| hash_value_list | String
hash value列表,多个之间使用‘|’连接 | +| hash_value_list | String
hash value列表,多个之间使用‘|’连接 | | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_cookie_value_hash_in("uid", "100", true) ``` ## req_cookie_value_contain(key, value_list, case_insensitive) + * 含义: 判断cookie中key的值是否包含value_list之一 * 参数 | 参数 | 描述 | | -------- | ---------------------- | | key | String
cookie中的key | -| value_list | String
value列表,多个之间使用‘|’连接 | +| value_list | String
value列表,多个之间使用‘|’连接 | | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_cookie_value_contain("deviceid", "test", true) ``` - diff --git a/docs/zh_cn/condition/request/header.md b/docs/zh_cn/condition/request/header.md index 4c115530c..e4bf69b56 100644 --- a/docs/zh_cn/condition/request/header.md +++ b/docs/zh_cn/condition/request/header.md @@ -1,6 +1,7 @@ # 请求头部相关条件原语 ## req_header_key_in(key_list) + * 含义: 判断请求头部中key是否为key_list之一 * 参数 @@ -10,6 +11,7 @@ | key_list | String
key列表, 多个之间使用‘|’连接
Header名称使用HTTP协议规范形式| * 示例 + ```go // 正确: req_header_key_in("Header-Test") @@ -21,6 +23,7 @@ req_header_key_in("header-Test") ``` ## req_header_value_in(header_name, value_list, case_insensitive) + * 含义: 判断http消息头部字段是否为value_list之一 * 参数 @@ -31,11 +34,13 @@ req_header_key_in("header-Test") | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_header_value_in("Referer", "https://example.org/login", true) ``` ## req_header_value_prefix_in(header_name, prefix_list, case_insensitive) + * 含义: 判断http消息头部字段值是否前缀匹配prefix_list之一 * 参数 @@ -46,11 +51,13 @@ req_header_value_in("Referer", "https://example.org/login", true) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_header_value_prefix_in("Referer", "https://example.org", true) ``` ## req_header_value_suffix_in(header_name, suffix_list, case_insensitive) + * 含义: 判断http消息头部字段值是否后缀匹配suffix_list之一 * 参数 @@ -61,11 +68,13 @@ req_header_value_prefix_in("Referer", "https://example.org", true) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_header_value_suffix_in("User-Agent", "2.0.4", true) ``` ## req_header_value_hash_in(header_name, hash_value_list, case_insensitive) + * 含义: 对http消息头部字段值哈希取模,判断是否匹配hash_value_list之一(模值0~9999) * 参数 @@ -76,11 +85,13 @@ req_header_value_suffix_in("User-Agent", "2.0.4", true) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_header_value_hash_in("X-Device-Id", "100-200|400", true) ``` ## req_header_value_contain(header_name, value_list, case_insensitive) + * 含义: 判断http消息头部字段值是否包含value_list之一 * 参数 @@ -91,6 +102,7 @@ req_header_value_hash_in("X-Device-Id", "100-200|400", true) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_header_value_contain("User-Agent", "Firefox|Chrome", true) ``` diff --git a/docs/zh_cn/condition/request/ip.md b/docs/zh_cn/condition/request/ip.md index 90b5982ac..9fbd6d960 100644 --- a/docs/zh_cn/condition/request/ip.md +++ b/docs/zh_cn/condition/request/ip.md @@ -1,6 +1,7 @@ -# 请求IP相关条件原语 +# 请求IP相关条件原语 ## req_cip_range(start_ip, end_ip) + * 含义:判断请求的clientip是否在 [start_ip, end_ip] 区间内 * 参数 @@ -17,9 +18,11 @@ req_cip_range("10.0.0.1", "10.0.0.10") ``` ## req_cip_trusted() + * 含义:判断clientip是否为信任IP ## req_cip_hash_in(value_list) + * 含义:对cip哈希取模,判断值是否匹配value_list * 参数 @@ -28,7 +31,6 @@ req_cip_range("10.0.0.1", "10.0.0.10") | --------- | ---------------------- | | value_list | String
哈希值列表, 多个元素之间使用|分隔;
列表中每个元素,可以是单个数值,或取值范围;
哈希值范围0~9999 | - * 示例 ```go @@ -38,7 +40,8 @@ req_cip_hash_in("100-200|1000-1100") ``` ## req_vip_in(vip_list) -* 含义: 判断访问VIP是否在指定vip_list中 + +* 含义: 判断访问VIP是否在指定vip_list中 * 参数 @@ -53,6 +56,7 @@ req_vip_in("10.0.0.1|10.0.0.2") ``` ## req_vip_range(start_ip, end_ip) + * 含义: 判断访问VIP是否在指定 [start_ip, end_ip] 区间内 * 参数 @@ -67,4 +71,3 @@ req_vip_in("10.0.0.1|10.0.0.2") ```go req_vip_range("10.0.0.1", "10.0.0.10") ``` - diff --git a/docs/zh_cn/condition/request/method.md b/docs/zh_cn/condition/request/method.md index 13e8b07c2..996a9780a 100644 --- a/docs/zh_cn/condition/request/method.md +++ b/docs/zh_cn/condition/request/method.md @@ -1,6 +1,7 @@ # 请求方法相关条件原语 ## req_method_in(method_list) + * 含义: 请求方法是否匹配method_list之一 * 参数 diff --git a/docs/zh_cn/condition/request/protocol.md b/docs/zh_cn/condition/request/protocol.md index cd0b5fbd2..ddc562759 100644 --- a/docs/zh_cn/condition/request/protocol.md +++ b/docs/zh_cn/condition/request/protocol.md @@ -1,4 +1,5 @@ # 请求协议相关条件原语 ## req_proto_secure() -* 语义: 判断请求是否基于TLS安全传输协议,包括HTTPS/SPDY/HTTP2 + +* 语义: 判断请求是否基于TLS安全传输协议,包括HTTPS/SPDY/HTTP2 diff --git a/docs/zh_cn/condition/request/tag.md b/docs/zh_cn/condition/request/tag.md index 07473a98c..94e525070 100644 --- a/docs/zh_cn/condition/request/tag.md +++ b/docs/zh_cn/condition/request/tag.md @@ -1,9 +1,10 @@ # 请求标签相关条件原语 ## req_tag_match(tagName, tagValue) + * 含义: 判断请求标签tagName的值是否为tagValue 注:请求在处理过程中可能会设置一些标签; 例: 请求在经过词典模块处理后,设置clientIP标签的值为blocklist - + * 参数 | 参数 | 描述 | diff --git a/docs/zh_cn/condition/request/uri.md b/docs/zh_cn/condition/request/uri.md index 8d1f42c19..807213403 100644 --- a/docs/zh_cn/condition/request/uri.md +++ b/docs/zh_cn/condition/request/uri.md @@ -1,5 +1,7 @@ # 请求URI相关条件原语 + ## req_host_in(host_list) + * 含义: 判断http的host是否为host_list之一 * 注:忽略大小写精确匹配 * 参数 @@ -9,11 +11,13 @@ | host_list | String
host列表,host之间使用‘|’连接 | * 示例 + ```go req_host_in("www.bfe-networks.com|bfe-networks.com") ``` ## req_path_in(path_list, case_insensitive) + * 含义: 判断http的path是否为path_list之一 * 参数 @@ -24,11 +28,13 @@ req_host_in("www.bfe-networks.com|bfe-networks.com") | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_path_in("/api/search|/api/list", true) ``` ## req_path_contain(path_list, case_insensitive) + * 含义: 判断http的path是否包含path_list中的子串 * 参数 @@ -39,11 +45,13 @@ req_path_in("/api/search|/api/list", true) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_path_contain("search", true) ``` ## req_path_prefix_in(prefix_list, case_insensitive) + * 含义: 判断http的path是否前缀匹配prefix_list之一 * 参数 @@ -54,11 +62,13 @@ req_path_contain("search", true) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_path_prefix_in("/api/report|/api/analytics", false) ``` ## req_path_element_prefix_in(prefix_list, case_insensitive) + * 含义:判断http的path element是否前缀匹配prefix_list之一 * 参数 @@ -69,11 +79,13 @@ req_path_prefix_in("/api/report|/api/analytics", false) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_path_element_prefix_in("/api/report/|/api/analytics/", false) ``` ## req_path_suffix_in(suffix_list, case_insensitive) + * 含义: 判断http的path是否后缀匹配suffix_list之一 * 参数 @@ -83,11 +95,13 @@ req_path_element_prefix_in("/api/report/|/api/analytics/", false) | case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_path_suffix_in(".php|.jsp", false) ``` ## req_query_key_in(key_list) + * 含义: 判断请求query key是否为key_list之一 * 参数 @@ -96,11 +110,13 @@ req_path_suffix_in(".php|.jsp", false) | key_list | String
query key列表, 多个之间使用‘|’连接 | * 示例 + ```go req_query_key_in("word|wd") ``` ## req_query_key_prefix_in(prefix_list) + * 含义: 判断query key是否为前缀匹配prefix_list之一 * 参数 @@ -109,11 +125,13 @@ req_query_key_in("word|wd") | prefix_list | String
key prefix列表, 多个之间使用‘|’连接 | * 示例 + ```go req_query_key_prefix_in("rid") ``` ## req_query_value_in(key, value_list, case_insensitive) + * 含义: 判断query中key的值是否精确匹配value_list之一 * 参数 @@ -121,14 +139,16 @@ req_query_key_prefix_in("rid") | -------- | ---------------------- | | key | String
query中的key | | value_list | String
value列表,多个之间使用‘|’连接 | -| case_insensitive | Boolean
是否忽略大小写 | +| case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_query_value_in("uid", "x|y|z", true) ``` ## req_query_value_prefix_in(key, prefix_list, case_insensitive) + * 含义: 判断query中key的值是否前缀匹配prefix_list之一 * 参数 @@ -136,66 +156,75 @@ req_query_value_in("uid", "x|y|z", true) | -------- | ---------------------- | | key | String
query中的key | | prefix_list | String
prefix列表,多个之间使用‘|’连接 | -| case_insensitive | Boolean
是否忽略大小写 | +| case_insensitive | Boolean
是否忽略大小写 | * 示例 + ```go req_query_value_prefix_in("uid", "100|200", true) ``` ## req_query_value_suffix_in(key, suffix_list, case_insensitive) + * 含义: 判断query中key的值是否后缀匹配suffix_list之一 * 参数 - + | 参数 | 描述 | | -------- | ---------------------- | | key | String
query中的key | | suffix_list | String
suffix列表, 多个之间使用‘|’连接 | -| case_insensitive | Boolean
是否忽略大小写 | - +| case_insensitive | Boolean
是否忽略大小写 | + * 示例 + ```go req_query_value_suffix_in("uid", "1|2|3", true) ``` ## req_query_value_hash_in(key, hash_value_list, case_insensitive) + * 含义: 对query中key的值哈希取模,判断是否匹配hash_value_list之一(模值0~9999) * 参数 - + | 参数 | 描述 | | -------- | ---------------------- | | key | String
query中的key | | hash_value_list | String
hash value列表, 多个之间使用‘|’连接 | -| case_insensitive | Boolean
是否忽略大小写 | - +| case_insensitive | Boolean
是否忽略大小写 | + * 示例 + ```go req_query_value_hash_in("cid", "100", true) ``` ## req_port_in(port_list) + * 含义: 判断请求端口是否为port_list之一 * 参数 - + | 参数 | 描述 | | -------- | ---------------------- | | port_list | String
port列表,多个port之间使用‘|’连接 | - + * 示例 + ```go req_port_in("80|8080") ``` ## req_url_regmatch(reg_exp) + * 含义: 判断 url 是否匹配正则表达式reg_exp * 注: 推荐使用反引号,不需要额外进行转义 * 参数 - + | 参数 | 描述 | | -------- | ---------------------- | | reg_exp | String
表示正则表达式 | - + * 示例 + ```go req_url_regmatch(`/s\?word=123`) ``` diff --git a/docs/zh_cn/condition/response/code.md b/docs/zh_cn/condition/response/code.md index 14cce90d4..56c3abe3c 100644 --- a/docs/zh_cn/condition/response/code.md +++ b/docs/zh_cn/condition/response/code.md @@ -1,6 +1,7 @@ # 响应状态码相关条件原语 ## res_code_in(codes) + * 语义: 判断响应状态码是否为指定的状态码codes之一 * 参数 @@ -14,4 +15,3 @@ ```go res_code_in("200|500") ``` - diff --git a/docs/zh_cn/condition/response/header.md b/docs/zh_cn/condition/response/header.md index a91fe6f97..8daef9343 100644 --- a/docs/zh_cn/condition/response/header.md +++ b/docs/zh_cn/condition/response/header.md @@ -1,6 +1,7 @@ # 响应头部相关条件原语 ## res_header_key_in(key_list) + * 语义: 判断响应头部中key是否满足key_list之一 * 参数 @@ -16,6 +17,7 @@ res_header_key_in("X-Bfe-Debug") ``` ## res_header_value_in(key, value_list, case_insensitive) + * 语义: 判断header中key值是否满足value_list之一 * 参数 @@ -31,4 +33,4 @@ res_header_key_in("X-Bfe-Debug") ```go res_header_value_in("X-Bfe-Debug", "1", true) ``` - + \ No newline at end of file diff --git a/docs/zh_cn/condition/session/ip.md b/docs/zh_cn/condition/session/ip.md index e919a5af4..8a0219aa9 100644 --- a/docs/zh_cn/condition/session/ip.md +++ b/docs/zh_cn/condition/session/ip.md @@ -1,12 +1,13 @@ # 会话IP相关条件原语 ## ses_sip_range(start_ip, end_ip) + * 语义: 判断会话的源ip是否在 [start_ip, end_ip] 区间内 * 参数 | 参数 | 描述 | -| -------- | ---------------------- | +| -------- | ---------------------- | | start_ip | String
起始IP地址 | | end_ip | String
结束IP地址 | @@ -17,12 +18,13 @@ ses_sip_range("10.0.0.1", "10.0.0.10") ``` ## ses_vip_range(start_ip, end_ip) + * 语义: 判断访问VIP是否在 [start_ip, end_ip] 区间内 * 参数 | 参数 | 描述 | -| -------- | ---------------------- | +| -------- | ---------------------- | | start_ip | String
起始IP地址 | | end_ip | String
结束IP地址 | @@ -31,4 +33,3 @@ ses_sip_range("10.0.0.1", "10.0.0.10") ```go ses_vip_range("10.0.0.1", "10.0.0.10") ``` - diff --git a/docs/zh_cn/condition/session/tls.md b/docs/zh_cn/condition/session/tls.md index 43a555270..d067a12fb 100644 --- a/docs/zh_cn/condition/session/tls.md +++ b/docs/zh_cn/condition/session/tls.md @@ -1,6 +1,7 @@ # TLS相关条件原语 ## ses_tls_sni_in(host_list) + * 语义: 判断TLS握手中的sni字段是否为host_list之一 * 参数 @@ -16,9 +17,11 @@ ses_tls_sni_in("example.com|example.org") ``` ## ses_tls_client_auth() + * 语义: 判断是否启用TLS双向认证 ## ses_tls_client_ca_in(ca_list) + * 语义: 判断是否启用TLS双向认证且客户端证书签发根CA为ca_list之一 * 参数 @@ -27,7 +30,6 @@ ses_tls_sni_in("example.com|example.org") | --------- | ---------------------- | | ca_list | String
CA标识列表, 多个CA标识之间使用|分隔 | - * 示例 ```go diff --git a/docs/zh_cn/condition/system/time.md b/docs/zh_cn/condition/system/time.md index e0b42422f..4ff62176f 100644 --- a/docs/zh_cn/condition/system/time.md +++ b/docs/zh_cn/condition/system/time.md @@ -1,6 +1,7 @@ # 时间相关条件原语 ## bfe_time_range(start_time, end_time) + * 语义: 判断当前时间是否属于[start_time, end_time] * 参数 @@ -19,6 +20,7 @@ bfe_time_range("20190204203000H", "20190204204500H") ``` ## bfe_periodic_time_range(start_time, end_time, period) + * 语义: 判断当前时间是否周期性属于[start_time, end_time] * 参数 @@ -37,11 +39,11 @@ bfe_time_range("20190204203000H", "20190204204500H") bfe_periodic_time_range("203000H", "204500H", "") ``` -# 附A.时间原语测试 +## 附A.时间原语测试 - 为便于测试条件时间原语,可以在请求中增加 **X-Bfe-Debug-Time** 头部携带时间,来mock系统时间 -# 附B.时区字符编码 +## 附B.时区字符编码 | **Time zone name** | **Letter** | **Offset** | **说明** | | :----------------- | :--------- | :----------------------------------------------------- | :--------------- | diff --git a/docs/zh_cn/configuration/bfe.conf.md b/docs/zh_cn/configuration/bfe.conf.md index 5c7fc2bc3..d79ac39c3 100644 --- a/docs/zh_cn/configuration/bfe.conf.md +++ b/docs/zh_cn/configuration/bfe.conf.md @@ -13,6 +13,7 @@ bfe.conf是BFE的核心配置 | Server.HttpPort | Integer
HTTP监听端口
默认值8080 | | Server.HttpsPort | Integer
HTTPS(TLS)监听端口
默认值8443 | | Server.MonitorPort | Integer
Monitor监听端口
默认值8421 | +| Server.MonitorEnabled | Boolean
Monitor服务器是否开启
默认值True | | Server.MaxCpus | Integer
最大使用CPU核数; 0代表使用所有CPU核
默认值0 | | Server.Layer4LoadBalancer | String
四层负载均衡器类型(PROXY/NONE)
默认值NONE | | Server.TlsHandshakeTimeout | Integer
TLS握手超时时间,单位为秒
默认值30 | diff --git a/docs/zh_cn/configuration/cluster_conf/cluster_table.data.md b/docs/zh_cn/configuration/cluster_conf/cluster_table.data.md index ea09ec7e9..b298eb0bb 100644 --- a/docs/zh_cn/configuration/cluster_conf/cluster_table.data.md +++ b/docs/zh_cn/configuration/cluster_conf/cluster_table.data.md @@ -18,6 +18,7 @@ cluster_table.data配置文件记录各后端集群包含的子集群及实例 | Config{v}{v} | Object
子集群配置信息,包含多个实例配置 | ### 实例配置 + | 配置项 | 描述 | | ------- | -------------------------------------------------------------- | | Addr | String
实例监听地址 | @@ -25,7 +26,6 @@ cluster_table.data配置文件记录各后端集群包含的子集群及实例 | Weight | Integer
实例权重 | | Name | String
实例名称 | - ## 配置示例 ```json @@ -45,6 +45,3 @@ cluster_table.data配置文件记录各后端集群包含的子集群及实例 "Version": "20190101000000" } ``` - - - diff --git a/docs/zh_cn/configuration/cluster_conf/gslb.data.md b/docs/zh_cn/configuration/cluster_conf/gslb.data.md index 256c2f6ac..ebf54c569 100644 --- a/docs/zh_cn/configuration/cluster_conf/gslb.data.md +++ b/docs/zh_cn/configuration/cluster_conf/gslb.data.md @@ -1,4 +1,4 @@ -# 子集群负载均衡配置 +# 子集群负载均衡配置 ## 配置简介 @@ -30,4 +30,3 @@ gslb.data配置文件记录各集群内的多个子集群之间分流比例(GSLB "Ts": "20190101000000" } ``` - diff --git a/docs/zh_cn/configuration/config.md b/docs/zh_cn/configuration/config.md index 6117f5866..aa19f7e99 100644 --- a/docs/zh_cn/configuration/config.md +++ b/docs/zh_cn/configuration/config.md @@ -12,20 +12,22 @@ - 动态配置:在运行期间修改,热加载生效。 ## BFE配置格式 + - 常规配置:一般基于INI格式 - 动态配置:一般基于JSON格式 (注:特殊的证书、字典文件等例外) ## BFE配置组织 -BFE的核心配置是bfe.conf (conf/bfe.conf),为便于维护, 配置按功能分类存放在相应目录 conf/<feature>/ + +BFE的核心配置是bfe.conf (conf/bfe.conf),为便于维护, 配置按功能分类存放在相应目录 conf/<feature>/ | 功能类别 | 文件位置 | | ------------ | -------- | | 服务基础配置 | conf/bfe.conf | -| 接入协议配置 | conf/tls_conf/ 目录 | +| 接入协议配置 | conf/tls_conf/ 目录 | | 流量路由配置 | conf/server_data_conf/ 目录 | | 负载均衡配置 | conf/cluster_conf/ 目录 | | 扩展模块配置 | conf/mod_<name> 目录 | ## BFE配置热加载 -详见[配置热加载](../operation/reload.md) +详见[配置热加载](../operation/reload.md) diff --git a/docs/zh_cn/configuration/server_data_conf/name_conf.data.md b/docs/zh_cn/configuration/server_data_conf/name_conf.data.md index 10e9b0b37..d85e87059 100644 --- a/docs/zh_cn/configuration/server_data_conf/name_conf.data.md +++ b/docs/zh_cn/configuration/server_data_conf/name_conf.data.md @@ -33,6 +33,3 @@ name_conf.data记录了服务名字和服务实例的映射关系。 } } ``` - - - diff --git a/docs/zh_cn/configuration/server_data_conf/route_rule.data.md b/docs/zh_cn/configuration/server_data_conf/route_rule.data.md index 62e4f0d2d..3f2cced16 100644 --- a/docs/zh_cn/configuration/server_data_conf/route_rule.data.md +++ b/docs/zh_cn/configuration/server_data_conf/route_rule.data.md @@ -1,4 +1,4 @@ -# 分流规则配置 +# 分流规则配置 ## 配置简介 diff --git a/docs/zh_cn/configuration/tls_conf/tls_rule_conf.data.md b/docs/zh_cn/configuration/tls_conf/tls_rule_conf.data.md index 9bea0c3d0..f943f1765 100644 --- a/docs/zh_cn/configuration/tls_conf/tls_rule_conf.data.md +++ b/docs/zh_cn/configuration/tls_conf/tls_rule_conf.data.md @@ -59,7 +59,6 @@ BFE支持多种安全等级(A+/A/B/C)。各安全等级差异在于支持的 | -------- | ------------ | | TLS1.2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA | - ### 安全等级A | 支持协议 | 支持加密套件 | @@ -73,7 +72,6 @@ BFE支持多种安全等级(A+/A/B/C)。各安全等级差异在于支持的 | TLS1.2
TLS1.1
TLS1.0 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA | | SSLv3 | TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA | - ### 安全等级C | 支持协议 | 支持加密套件 | diff --git a/docs/zh_cn/development/local_dev_guide.md b/docs/zh_cn/development/local_dev_guide.md index d3d3e5860..c5edc3326 100644 --- a/docs/zh_cn/development/local_dev_guide.md +++ b/docs/zh_cn/development/local_dev_guide.md @@ -3,12 +3,14 @@ 本文将指导您如何在本地进行代码开发 ## 代码要求 + - 代码注释请遵守 golang 代码规范 - 所有代码必须具有单元测试 - 通过所有单元测试 - 请遵循[提交代码的一些约定](submit_pr_guide.md) 以下教程将指导您提交代码。 + ## [Fork](https://help.github.com/articles/fork-a-repo/) 跳转到[BFE](https://github.com/bfenetworks/bfe) GitHub首页,然后单击 `Fork` 按钮,生成自己目录下的仓库,比如 @@ -36,33 +38,40 @@ $ git checkout -b my-cool-stuff 值得注意的是,在 checkout 之前,需要保持当前分支目录 clean,否则会把 untracked 的文件也带到新分支上,这可以通过 `git status` 查看。 -## 使用 `pre-commit` 钩子 +### 安装工具集 + +`make deps` 一键安装所有依赖工具,包括 `pre-commit` `goyacc` `license-eye` `staticcheck`。 + +### 使用 `pre-commit` 钩子 BFE 开发人员使用 [pre-commit](http://pre-commit.com/) 工具来管理 Git 预提交钩子。 它可以帮助我们格式化源代码,在提交(commit)前自动检查一些基本事宜(如每个文件只有一个 EOL,Git 中不要添加大文件等)。 `pre-commit`测试是 Travis-CI 中单元测试的一部分,不满足钩子的 PR 不能被提交到 BFE,首先安装并在当前目录运行它: ```bash -$ pip install pre-commit -$ pre-commit install +# 确保安装pre-commit +$ make deps +# 开启自动更新以及安装钩子 +$ make precommit ``` BFE 使用 `gofmt` 来调整 golang源代码格式。 - -## 使用 `license-eye` 工具 +### 使用 `license-eye` 工具 [license-eye](http://github.com/apache/skywalking-eyes) 工具可以帮助我们检查和修复所有文件的证书声明,在提交 (commit) 前证书声明都应该先完成。 `license-eye` 检查是 Github-Action 中检测的一部分,检测不通过的 PR 不能被提交到 BFE,安装使用它: ```bash -$ go install github.com/apache/skywalking-eyes/cmd/license-eye@latest -$ license-eye header check -$ license-eye header fix +# 确保安装license-eye +$ make deps +# 检查所有许可证 +$ make license-check +# 修复所有许可证 +$ make license-fix ``` - ## 开始开发 在本例中,我删除了 README.md 中的一行,并创建了一个新文件。 @@ -118,7 +127,7 @@ Check for merge conflicts................................................Passed Check for broken symlinks................................................Passed Detect Private Key...................................(no files to check)Skipped Fix End of Files.....................................(no files to check)Skipped -clang-formater.......................................(no files to check)Skipped +clang-formatter.......................................(no files to check)Skipped [my-cool-stuff c703c041] add test file 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 233 diff --git a/docs/zh_cn/development/module/bfe_callback.md b/docs/zh_cn/development/module/bfe_callback.md index a8b3f878a..cd61fa962 100644 --- a/docs/zh_cn/development/module/bfe_callback.md +++ b/docs/zh_cn/development/module/bfe_callback.md @@ -6,6 +6,7 @@ BFE转发过程中的回调点如下图所示。 ![BFE转发过程中的回调点](../../../images/bfe-callback.png) ## 回调点列表 + 在BFE中,设置了以下9个回调点: - HandleAccept: 位于和客户端的TCP连接建立后 @@ -56,7 +57,7 @@ BFE转发过程中的回调点如下图所示。 + HandleAccept + HandleHandshake - 回调函数形式: - + handler(session *bfe_basic.Session) int + + `handler(session *bfe_basic.Session) int` ### HandlersRequest @@ -65,14 +66,14 @@ BFE转发过程中的回调点如下图所示。 + HandleFoundProduct + HandleAfterLocation - 回调函数形式: - + handler(req *bfe_basic.Request) (int, *bfe_http.Response) + + `handler(req *bfe_basic.Request) (int, *bfe_http.Response)` ### HandlersForward - 适用回调点: + HandleForward - 回调函数形式: - + handler(req *bfe_basic.Request) int + + `handler(req *bfe_basic.Request) int` ### HandlersResponse @@ -80,11 +81,11 @@ BFE转发过程中的回调点如下图所示。 + HandleReadResponse + HandleRequestFinish - 回调函数形式: - + handler(req *bfe_basic.Request, res *bfe_http.Response) int + + `handler(req *bfe_basic.Request, res *bfe_http.Response) int` ### HandlersFinish - 适用回调点: + HandleFinish - 回调函数形式: - + handler(session *bfe_basic.Session) int + + `handler(session *bfe_basic.Session) int` diff --git a/docs/zh_cn/development/module/how_to_write_module.md b/docs/zh_cn/development/module/how_to_write_module.md index bf96ddb56..13b454a32 100644 --- a/docs/zh_cn/development/module/how_to_write_module.md +++ b/docs/zh_cn/development/module/how_to_write_module.md @@ -35,7 +35,6 @@ mod_block的代码位于[/bfe_modules/mod_block](https://github.com/bfenetworks/ - 模块的配置文件,应该统一放置于[/conf](https://github.com/bfenetworks/bfe/tree/master/conf)目录下为每个模块独立建立的目录中 - 如:mod_block的配置文件,都放置在[/conf/mod_block](https://github.com/bfenetworks/bfe/tree/master/conf/mod_block)中 - ### 配置加载的检查 无论对于静态加载的配置,还是对于可动态加载的配置,为了保证程序正常的运行,在配置加载的时候,都需要对于配置文件的正确性进行检查。 diff --git a/docs/zh_cn/development/module/overview.md b/docs/zh_cn/development/module/overview.md index 20dad72fa..e5a44c3ec 100644 --- a/docs/zh_cn/development/module/overview.md +++ b/docs/zh_cn/development/module/overview.md @@ -11,7 +11,7 @@ - 在模块初始化时,把这些回调函数注册到对应的回调点 - 在处理一个连接或请求时,当执行到某个回调点,会顺序执行所有注册的回调函数 - ## 深入了解BFE的模块机制 + - [BFE的回调机制](bfe_callback.md) - [如何编写一个模块](how_to_write_module.md) diff --git a/docs/zh_cn/development/release_regulation.md b/docs/zh_cn/development/release_regulation.md index 62f7c0d6d..c3e7483e8 100644 --- a/docs/zh_cn/development/release_regulation.md +++ b/docs/zh_cn/development/release_regulation.md @@ -2,7 +2,6 @@ BFE使用git-flow branching model做分支管理,使用[Semantic Versioning](http://semver.org/)标准表示BFE版本号。 - ## 分支规范说明 BFE开发过程使用[git-flow](http://nvie.com/posts/a-successful-git-branching-model/)分支规范,并适应github的特性做了一些区别。 @@ -15,11 +14,10 @@ BFE开发过程使用[git-flow](http://nvie.com/posts/a-successful-git-branching * 开发者的fork版本库并不需要严格遵守[git-flow](http://nvie.com/posts/a-successful-git-branching-model/)分支规范,所有fork的版本库的所有分支都相当于特性分支。具体建议如下: * 开发者fork的版本库使用`develop`分支同步主版本库的`develop`分支。 * 开发者fork的版本库中,再基于`develop`版本fork出自己的功能分支。 - * 当功能分支开发完毕后,向BFE的主版本库提交`Pull Reuqest`,进而进行代码评审。 + * 当功能分支开发完毕后,向BFE的主版本库提交`Pull Request`,进而进行代码评审。 * 在评审过程中,开发者修改自己的代码,可以继续在自己的功能分支提交代码。 * 另外,`bugfix`分支也是在开发者自己的fork版本库维护,与功能分支不同的是,`bugfix`分支需要分别给主版本库的`master`、`develop`与可能有的`release/vX.Y.Z`分支,同时提起`Pull Request`。 - ## 版本发布流程 BFE每次发新的版本,遵循以下流程: diff --git a/docs/zh_cn/development/source_code_layout.md b/docs/zh_cn/development/source_code_layout.md index 1b28a0f35..5f96707e8 100644 --- a/docs/zh_cn/development/source_code_layout.md +++ b/docs/zh_cn/development/source_code_layout.md @@ -1,6 +1,7 @@ # BFE源代码结构 ## 接入协议 + - `bfe_net`: BFE网络相关基础库代码 - `bfe_http`: BFE HTTP协议基础代码 - `bfe_tls`: BFE TLS协议基础代码 @@ -11,17 +12,21 @@ - `bfe_proxy`: BFE Proxy协议基础代码 ## 分流转发 + - `bfe_route`: BFE分流转发相关代码 - `bfe_balance`: BFE负载均衡相关代码 ## 扩展模块 + - `bfe_module`: BFE模块框架相关代码 - `bfe_modules`: BFE扩展模块相关代码 ## 服务框架 + - `bfe_server`: BFE服务端主体部分 ## 基础工具 + - `bfe_basic`: BFE基础数据类型定义 - `bfe_config`: BFE配置加载相关代码 - `bfe_debug`: BFE模块调试开关相关代码 diff --git a/docs/zh_cn/development/submit_pr_guide.md b/docs/zh_cn/development/submit_pr_guide.md index 84f3eb7fa..5b53d4ef7 100644 --- a/docs/zh_cn/development/submit_pr_guide.md +++ b/docs/zh_cn/development/submit_pr_guide.md @@ -22,7 +22,6 @@ 如果所需的测试后出现了红色叉号,代表您本次的commit未通过某项单元测试,在这种情况下,请您点击detail查看报错详情,并将报错原因截图,以评论的方式添加在您的Pull Request中,我们的工作人员将帮您查看 - ## 删除远程分支 在 PR 被 merge 进主仓库后,我们可以在 PR 的页面删除远程仓库的分支。 @@ -61,6 +60,7 @@ $ git branch -D my-cool-stuff # 删除 my-cool-stuff 分支 - 请注意每个commit的名称:应能反映当前commit的内容,不能太随意。 3)如果解决了某个Issue的问题,请在该Pull Request的**第一个**评论框中加上:`fix #issue_number`,这样当该PUll Request被合并后,会自动关闭对应的Issue。 + - 关键词包括:close, closes, closed, fix, fixes, fixed, resolve, resolves, resolved,请选择合适的词汇。 - 详细可参考[Closing issues via commit messages](https://help.github.com/articles/closing-issues-via-commit-messages)。 @@ -77,4 +77,3 @@ $ git branch -D my-cool-stuff # 删除 my-cool-stuff 分支 - 请给出总体的修改情况。 - 请采用[start a review](https://help.github.com/articles/reviewing-proposed-changes-in-a-pull-request/)进行回复,而非直接回复的方式。原因是每个回复都会发送一封邮件,会造成邮件灾难。 - diff --git a/docs/zh_cn/development/write_doc_guide.md b/docs/zh_cn/development/write_doc_guide.md index acf134dee..b579ed359 100644 --- a/docs/zh_cn/development/write_doc_guide.md +++ b/docs/zh_cn/development/write_doc_guide.md @@ -14,7 +14,6 @@ BFE的文档主要分为以下几个类别: 撰写文档完成后,您可以使用预览工具查看文档显示的效果,以验证您的文档是否能够在官网正确显示。 - ## 如何使用预览工具 ### 安装依赖项 @@ -51,18 +50,15 @@ Serving book on http://localhost:8000 >*网站可能需要几秒钟才能成功加载,因为构建需要一定的时间* - ## 贡献文档 所有内容都应该以[Markdown](https://guides.github.com/features/mastering-markdown/) (GitHub风格)的形式编写。 - ### 贡献编写文档 -- 创建一个新的` .md` 文件或在您当前操作的仓库中修改已存在的文章 +- 创建一个新的`.md` 文件或在您当前操作的仓库中修改已存在的文章 - 如果是新增文档,需将新增的文档名,添加到对应的index文件中(SUMMARY.md) - ### 运行预览工具 - 在文档基目录(docs/LANG)启动预览工具 @@ -78,12 +74,10 @@ $ gitbook serve --port 8000 在要更新的页面上,单击右上角的Refresh Content - ## 提交修改 修改文档, 提交修改与PR的步骤可以参考[如何贡献代码](../development/local_dev_guide.md) - ## 帮助改进预览工具 我们非常欢迎您对平台和支持内容的各个方面做出贡献,以便更好地呈现这些内容。您可以Fork或Clone这个存储库,或者提出问题并提供反馈,以及在issues上提交bug信息。详细内容请参考[开发指南](https://github.com/bfenetworks/bfe/blob/develop/README.md)。 diff --git a/docs/zh_cn/example/block.md b/docs/zh_cn/example/block.md index 885798a8f..afc33d085 100644 --- a/docs/zh_cn/example/block.md +++ b/docs/zh_cn/example/block.md @@ -58,4 +58,5 @@ IPBlocklistPath = mod_block/ip_blocklist.data ```bash curl -v -H "host: example.org" "http://127.1:8080/bonus" ``` + 连接将会被直接关闭 diff --git a/docs/zh_cn/example/client_auth.md b/docs/zh_cn/example/client_auth.md index 452245854..56308812c 100644 --- a/docs/zh_cn/example/client_auth.md +++ b/docs/zh_cn/example/client_auth.md @@ -113,6 +113,7 @@ ClientCABaseDir = tls_conf/client_ca ``` 启动BFE + ```bash ./bfe -c ../conf ``` diff --git a/docs/zh_cn/example/fastcgi.md b/docs/zh_cn/example/fastcgi.md index 830f93b7e..39aea5801 100644 --- a/docs/zh_cn/example/fastcgi.md +++ b/docs/zh_cn/example/fastcgi.md @@ -8,6 +8,7 @@ * 其他的请求都转发至HTTP协议服务实例;地址:10.0.0.1:8002 ## 配置说明 + 在[样例配置](../../../conf/)上稍做修改,就可以实现上述转发功能 * Step 1.在 conf/bfe.conf配置转发功能使用的配置文件路径 diff --git a/docs/zh_cn/example/install_on_openbsd.md b/docs/zh_cn/example/install_on_openbsd.md index c77ddf14c..9a8ead97f 100644 --- a/docs/zh_cn/example/install_on_openbsd.md +++ b/docs/zh_cn/example/install_on_openbsd.md @@ -7,12 +7,14 @@ * 设置OpenBSD 6.6软件源安装路径并安装相关软件包: amd64 + ```bash # export PKG_PATH="https://mirrors.tuna.tsinghua.edu.cn/OpenBSD/6.6/packages/amd64/" # pkg_add wget go ``` i386 + ```bash # export PKG_PATH="https://mirrors.tuna.tsinghua.edu.cn/OpenBSD/6.6/packages/i386/" # pkg_add llvm wget go @@ -21,6 +23,7 @@ i386 * 由于OpenBSD 6.6自带的make 无法编译BFE,因此需要安装gnu make amd64 + ```bash # wget http://ftp.gnu.org/gnu/make/make-4.2.tar.bz2 # tar -xvjf make-4.2.tar.bz2 @@ -31,6 +34,7 @@ amd64 ``` i386 + ```bash # cd /usr/bin # ln -s clang gcc @@ -46,6 +50,7 @@ i386 ## 编译安装BFE * 下载bfe 0.4.0 并编译安装 + ```bash # wget https://github.com/bfenetworks/bfe/archive/v0.4.0.tar.gz # tar -xvzf v0.4.0.tar.gz @@ -59,6 +64,7 @@ i386 ``` * 修改配置文件 + ```bash # cd /usr/local/bfe/conf/mod_access/ # vi mod_access.conf @@ -67,6 +73,7 @@ LogDir = ../log ``` * 创建启动脚本及运行 + ```bash # mkdir /root/run_bfe # cd /root/run_bfe diff --git a/docs/zh_cn/example/redirect.md b/docs/zh_cn/example/redirect.md index ea184f14c..0a19d8453 100644 --- a/docs/zh_cn/example/redirect.md +++ b/docs/zh_cn/example/redirect.md @@ -6,6 +6,7 @@ * 域名:example.org ## 配置说明 + 在样例配置(conf/)上添加一些新的配置,就可以实现上述重定向行为 * Step 1. bfe启用mod_redirect模块 (conf/bfe.conf) @@ -47,4 +48,5 @@ DataPath = mod_redirect/redirect.data ```bash curl -H "host: example.org" "http://127.1:8080/test" ``` + 将返回301响应,响应Location头部为https://example.org/test diff --git a/docs/zh_cn/example/rewrite.md b/docs/zh_cn/example/rewrite.md index ec1d8d374..d9f7b274e 100644 --- a/docs/zh_cn/example/rewrite.md +++ b/docs/zh_cn/example/rewrite.md @@ -7,6 +7,7 @@ * 我们希望老版本的APP也可以直接请求新的服务,而不用同时维护两套服务 ## 配置说明 + 在样例配置(conf/)上添加一些新的配置,就可以实现上述功能 * Step 1. bfe启用mod_rewrite模块(conf/bfe.conf) diff --git a/docs/zh_cn/example/route.md b/docs/zh_cn/example/route.md index bcf2223a8..aab57073d 100644 --- a/docs/zh_cn/example/route.md +++ b/docs/zh_cn/example/route.md @@ -8,6 +8,7 @@ * 其他的请求都转发至动态服务实例;地址:10.0.0.1:8002 ## 配置说明 + 在[样例配置](../../../conf/)上稍做修改,就可以实现上述转发功能 * Step 1.在 conf/bfe.conf配置转发功能使用的配置文件路径 diff --git a/docs/zh_cn/faq/configuration.md b/docs/zh_cn/faq/configuration.md index 5ca160bc5..d73594414 100644 --- a/docs/zh_cn/faq/configuration.md +++ b/docs/zh_cn/faq/configuration.md @@ -1,7 +1,9 @@ # 配置常见问题 ## 如何启用TLS客户端认证 + - 具体见[TLS客户端认证示例](../example/client_auth.md) ## 如何启用HTTP2协议 + - 参考[conf/tls_conf/tls_rule_conf.data](../configuration/tls_conf/tls_rule_conf.data.md)配置说明 diff --git a/docs/zh_cn/faq/development.md b/docs/zh_cn/faq/development.md index 4ed51b548..53d13b059 100644 --- a/docs/zh_cn/faq/development.md +++ b/docs/zh_cn/faq/development.md @@ -1,4 +1,5 @@ # 开发常见问题 ## 如何开发BFE扩展模块 + - 具体见[模块开发介绍](https://github.com/bfenetworks/bfe/blob/develop/docs/zh_cn/modules/modules.md) diff --git a/docs/zh_cn/faq/installation.md b/docs/zh_cn/faq/installation.md index 12cc0dc9d..cc1998edd 100644 --- a/docs/zh_cn/faq/installation.md +++ b/docs/zh_cn/faq/installation.md @@ -1,12 +1,16 @@ # 安装常见问题 ## 安装时遇到go get超时错误 + - 设置GOPROXY环境变量(go1.15及以上版本) + ```bash $ go env -w GO111MODULE=on $ go env -w GOPROXY=https://goproxy.cn,direct ``` + - 详见[https://goproxy.cn](https://goproxy.cn)或[https://goproxy.io](https://goproxy.io) ## 是否支持在MAC/Windows环境编译 + - BFE 0.7.0+版本已支持 diff --git a/docs/zh_cn/faq/performance.md b/docs/zh_cn/faq/performance.md index ad457cc9b..2d232b607 100644 --- a/docs/zh_cn/faq/performance.md +++ b/docs/zh_cn/faq/performance.md @@ -1,4 +1,5 @@ # 性能常见问题 ## 遇到性能问题如何调优 -- 请邮件反馈至bfe-osc@baidu.com获取帮助,后续版本文档将提供性能调优指南 \ No newline at end of file + +- 请邮件反馈至bfe-osc@baidu.com获取帮助,后续版本文档将提供性能调优指南 diff --git a/docs/zh_cn/installation/install.md b/docs/zh_cn/installation/install.md index 9b9cebe3f..f0546bb88 100644 --- a/docs/zh_cn/installation/install.md +++ b/docs/zh_cn/installation/install.md @@ -15,6 +15,7 @@ - [docker方式安装](install_using_docker.md) ## 平台支持 + | 操作系统 | 支持说明 | | ---------- | -------------------------------------------------- | | Linux OS | 支持
*建议的开发及部署环境* | diff --git a/docs/zh_cn/installation/install_from_source.md b/docs/zh_cn/installation/install_from_source.md index c2b30ec4d..1c82dc83b 100644 --- a/docs/zh_cn/installation/install_from_source.md +++ b/docs/zh_cn/installation/install_from_source.md @@ -1,16 +1,19 @@ # 源码编译安装 ## 环境准备 -- golang 1.15+ + +- golang 1.17+ - git 2.0+ - glibc-static 2.17+ ## 源码下载 + ```bash $ git clone https://github.com/bfenetworks/bfe ``` ## 编译 + - 执行如下命令编译: ```bash @@ -44,5 +47,6 @@ $ ./bfe -c ../conf -l ../log ``` ## 下一步 + * 了解[命令行参数](../operation/command.md) * 了解[基本功能配置使用](../example/guide.md) diff --git a/docs/zh_cn/installation/install_using_binaries.md b/docs/zh_cn/installation/install_using_binaries.md index 76266e08f..1d218deef 100644 --- a/docs/zh_cn/installation/install_using_binaries.md +++ b/docs/zh_cn/installation/install_using_binaries.md @@ -22,5 +22,6 @@ $ ./bfe -c ../conf -l ../log ``` ## 下一步 + * 了解[命令行参数](../operation/command.md) * 了解[基本功能配置使用](../example/guide.md) diff --git a/docs/zh_cn/installation/install_using_docker.md b/docs/zh_cn/installation/install_using_docker.md index 1056d549d..edf43b3fd 100644 --- a/docs/zh_cn/installation/install_using_docker.md +++ b/docs/zh_cn/installation/install_using_docker.md @@ -1,6 +1,5 @@ # docker安装 - ## 安装 && 运行 - 基于示例配置运行BFE: @@ -21,5 +20,6 @@ docker run -p 8080:8080 -p 8443:8443 -p 8421:8421 -v /Users/BFE/Desktop/log:/bfe ``` ## 下一步 + * 了解[命令行参数](../operation/command.md) * 了解[基本功能配置使用](../example/guide.md) diff --git a/docs/zh_cn/installation/install_using_go.md b/docs/zh_cn/installation/install_using_go.md index df3266c8d..406dc1796 100644 --- a/docs/zh_cn/installation/install_using_go.md +++ b/docs/zh_cn/installation/install_using_go.md @@ -1,9 +1,11 @@ # go方式安装 ## 环境准备 + * golang 1.15+ -## 安装 +## 安装 + - 获取并安装 ```bash @@ -15,8 +17,8 @@ $ go get github.com/bfenetworks/bfe !!! tip 如果遇到超时错误"https fetch: Get ... connect: connection timed out", 请设置代理后重试,详见[安装常见问题](../faq/installation.md) - ## 运行 + - 基于示例配置运行BFE: ```bash @@ -25,6 +27,6 @@ $ ./bfe -c ${GOPATH}/src/github.com/bfenetworks/bfe/conf/ ``` ## 下一步 + * 了解[命令行参数](../operation/command.md) * 了解[基本功能配置使用](../example/guide.md) - diff --git a/docs/zh_cn/installation/install_using_snap.md b/docs/zh_cn/installation/install_using_snap.md index 4c0250bbf..326d75c8d 100644 --- a/docs/zh_cn/installation/install_using_snap.md +++ b/docs/zh_cn/installation/install_using_snap.md @@ -1,9 +1,11 @@ # SNAP方式安装 ## 环境准备 + 在Linux环境可以使用snap工具安装bfe。如果您的系统还未安装snap工具,参见[安装snap](https://snapcraft.io/docs/installing-snapd) ## 安装 + - 执行如下命令: ```bash @@ -23,6 +25,6 @@ $ sudo /snap/bin/bfe ``` ## 下一步 + * 了解[命令行参数](../operation/command.md) * 了解[基本功能配置使用](../example/guide.md) - diff --git a/docs/zh_cn/introduction/balance.md b/docs/zh_cn/introduction/balance.md index 90853a5dd..0bfc4217c 100644 --- a/docs/zh_cn/introduction/balance.md +++ b/docs/zh_cn/introduction/balance.md @@ -12,7 +12,6 @@ - 子集群粒度的负载均衡,这是BFE的一个重要功能。这个功能在多IDC场景非常有用。 - ### 示例场景 - 示例场景如下图所示,包含: @@ -63,7 +62,6 @@ - BFE从该实例收到健康检查请求的正确响应 - ## 失败重试机制 BFE在转发时,支持以下两种失败重试机制: @@ -76,7 +74,6 @@ BFE在转发时,支持以下两种失败重试机制: - 在原目标子集群之外、使用另外一个子集群进行重试 - ## 连接池 BFE和下游实例的连接支持两种方式: @@ -110,4 +107,3 @@ BFE向下游转发请求时,支持将相同来源请求,转发至固定的 - 子集群级别:相同来源请求,被转发至固定的业务子集群(注:子集群中的任意实例) - 实例级别:相同来源请求,被转发至固定的业务实例 - diff --git a/docs/zh_cn/introduction/comparison.md b/docs/zh_cn/introduction/comparison.md index 3c5825044..e6a220706 100644 --- a/docs/zh_cn/introduction/comparison.md +++ b/docs/zh_cn/introduction/comparison.md @@ -79,5 +79,3 @@ + Nginx配置生效需重启进程,中断活跃长连接 注:Nginx商业版支持动态配置,在不重启进程的情况下热加载配置生效 - - diff --git a/docs/zh_cn/introduction/getting_help.md b/docs/zh_cn/introduction/getting_help.md index a87317410..6d24550ae 100644 --- a/docs/zh_cn/introduction/getting_help.md +++ b/docs/zh_cn/introduction/getting_help.md @@ -3,14 +3,17 @@ 我们致力于围绕BFE建立开源社区。如果您有兴趣使用或希望获取帮助,欢迎联系我们。 ## 咨询问题或需求 + 欢迎您在https://github.com/bfenetworks/bfe/issues/new/choose 提交问题或需求,我们将在工作日内响应回复 ## 反馈安全问题 + 如果可能是安全相关问题,请您单独邮件联系 bfe-security@baidu.com ## 参与BFE开发 + 欢迎您按[流程](https://github.com/bfenetworks/bfe/blob/develop/CONTRIBUTING.md) 在https://github.com/bfenetworks/bfe 参与贡献代码及文档,也欢迎邮件我们 bfe-osc@baidu.com交流 ## 申请专项合作 -欢迎邮件我们 bfe-osc@baidu.com 洽谈 +欢迎邮件我们 bfe-osc@baidu.com 洽谈 diff --git a/docs/zh_cn/introduction/overview.md b/docs/zh_cn/introduction/overview.md index 2cd132970..ab3aaaa7d 100644 --- a/docs/zh_cn/introduction/overview.md +++ b/docs/zh_cn/introduction/overview.md @@ -4,7 +4,6 @@ BFE是基于百度统一接入前端开源的七层流量接入系统。 - ## 功能特性及优点 * 基于Golang构建 @@ -43,7 +42,6 @@ BFE是基于百度统一接入前端开源的七层流量接入系统。 兼容适配主流四层负载均衡方案,及其它生态项目如 Kubernetes、Prometheus、Jaeger、Fluentd 等。 - ## 功能组件 BFE开源项目包含数据平面和控制平面的多个组件: @@ -55,7 +53,6 @@ BFE开源项目包含数据平面和控制平面的多个组件: - [Conf-Agent](https://github.com/bfenetworks/conf-agent):配置加载组件,从 API-Server 获取最新配置,并触发 BFE Server 进行配置热加载 - [Dashboard](https://github.com/bfenetworks/dashboard):为用户提供了图形化操作界面,以对 BFE 的主要配置进行管理和查看 - ## 架构介绍 下图展示了BFE的架构及BFE生态中的一些依赖系统。 @@ -68,4 +65,4 @@ BFE开源项目包含数据平面和控制平面的多个组件: ### 控制平面 -BFE 用户可通过 BFE Dashboard 或 RESTful API 管理流量接入和转发策略配置。BFE Conf Agent 会触发 BFE Server 加载最新配置。 +BFE 用户可通过 BFE Dashboard 或 RESTful API 管理流量接入和转发策略配置。BFE Conf Agent 会触发 BFE Server 加载最新配置。 diff --git a/docs/zh_cn/introduction/route.md b/docs/zh_cn/introduction/route.md index 83804336d..21d5cf1b4 100644 --- a/docs/zh_cn/introduction/route.md +++ b/docs/zh_cn/introduction/route.md @@ -1,13 +1,11 @@ # 集群间分流 - ## 概述 - 在BFE的[接入转发流程](./forward_model.md)中,在确定产品线后,要进一步确定处理该请求的目标集群 - BFE为每个产品线维护一张“转发表” - 对每个属于该产品线的请求,查询转发表,获得目标集群 - ## 转发表的组成 转发表包括2部分: @@ -27,8 +25,6 @@ BFE会按照基础规则表、高级规则表的顺序来查找,以确定目 ![route table](../../images/route-tables-cn.png) - - ## 基础规则表 ### 基础规则说明 @@ -111,7 +107,6 @@ path条件的描述语法遵循以下规则: - 若匹配path条件未成功,则判定为未命中基础规则,转由高级规则进行匹配 4. 基础规则匹配结束,未命中的,转由高级规则进行匹配 - 其中,对于上面步骤中,对host条件匹配到的规则,进行匹配path条件时的匹配逻辑如下: 1. 首先对path进行精确匹配 @@ -193,6 +188,7 @@ path条件的描述语法遵循以下规则: 高级规则表中包含默认规则,对于没有命中其它规则的请求将被转发到Demo-E。 以上配置信息,对应的配置文件(/conf/server_data_conf/route_rule.conf)如下: + ``` { "Version": "1.0", diff --git a/docs/zh_cn/introduction/terminology.md b/docs/zh_cn/introduction/terminology.md index 28035f9cf..d968475e4 100644 --- a/docs/zh_cn/introduction/terminology.md +++ b/docs/zh_cn/introduction/terminology.md @@ -1,16 +1,20 @@ # 概念说明 ## 产品线 + - 产品线(Product)即为BFE中的"租户"。BFE中的配置,比如转发策略、权限等,是以产品线为单位来进行设置的。 ## 集群 + - 具有同类功能的后端的集合定义为一个集群(Cluster)。一个产品线中可定义多个集群。 - 通常,一个集群的范围可能跨越多个IDC。 ## 子集群 + - 集群又可以划分为多个子集群(Subcluster)。 - 通常,将集群中处于同一IDC中的后端定义为一个子集群。 ## 实例 + - 每个子集群可包含多个后端服务实例(Instance)。 - 每个后端实例通过"IP地址 + 端口号"标识。 diff --git a/docs/zh_cn/modules/mod_access/mod_access.md b/docs/zh_cn/modules/mod_access/mod_access.md index 078f65d4c..691a472dd 100644 --- a/docs/zh_cn/modules/mod_access/mod_access.md +++ b/docs/zh_cn/modules/mod_access/mod_access.md @@ -1,10 +1,13 @@ # mod_access -## 模块简介 +## 模块简介 + mod_access以指定格式记录请求日志和会话日志。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_access/mod_access.conf | 配置项 | 描述 | @@ -25,6 +28,7 @@ mod_access以指定格式记录请求日志和会话日志。 ### 配置示例 #### 将日志保存到指定路径 + ```ini [Log] # filename prefix for log @@ -48,6 +52,7 @@ SessionTemplate = "SESSION_LOG $time clientip: $ses_clientip start_time: $ses_s ``` #### 将日志输出到标准输出 + ```ini [Log] # file path for log @@ -90,7 +95,7 @@ SessionTemplate = "SESSION_LOG $time clientip: $ses_clientip start_time: $ses_s | server_addr | 连接本地地址 | | backend | 请求转发后端信息(集群、子集群、实例) | | cluster_name | 请求转发集群名称 | -| subcluster | 请求转发子集群名称 | +| subcluster | 请求转发子集群名称 | | retry_num | 请求转发重试次数 | | all_time | 请求总处理时间 | | read_req_duration | 读请求头持续时间 | @@ -103,7 +108,6 @@ SessionTemplate = "SESSION_LOG $time clientip: $ses_clientip start_time: $ses_s | readwrite_serve_time | 从请求后端到完成响应转发持续时间 | | since_ses_start_time | 接收到请求时当前会话持续时间 | - ### 会话日志变量 | 变量名 | 含义 | @@ -121,10 +125,8 @@ SessionTemplate = "SESSION_LOG $time clientip: $ses_clientip start_time: $ses_s | ses_use100 | 是否出现Expect: 100-continue请求 | | ses_keepalive_num | 会话总处理请求数 | - ### 通用日志变量 | 变量名 | 含义 | | --------------------- | ------------------------------------------- | | time | 日志记录时间 | - diff --git a/docs/zh_cn/modules/mod_auth_basic/mod_auth_basic.md b/docs/zh_cn/modules/mod_auth_basic/mod_auth_basic.md index 683c67c48..7f8a55fbc 100644 --- a/docs/zh_cn/modules/mod_auth_basic/mod_auth_basic.md +++ b/docs/zh_cn/modules/mod_auth_basic/mod_auth_basic.md @@ -1,11 +1,13 @@ # mod_auth_basic -## 模块简介 +## 模块简介 mod_auth_basic支持HTTP基本认证。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_auth_basic/mod_auth_basic.conf | 配置项 | 描述 | @@ -24,7 +26,9 @@ OpenDebug = false ``` ## 规则配置 + ### 配置描述 + | 配置项 | 描述 | | ---------------------| ------------------------------------------- | | Version | String
配置文件版本 | @@ -37,12 +41,16 @@ OpenDebug = false | Config{v}[].Realm | String
安全域名称
默认值"Restricted" | 用户密码文件说明: + * 密码使用MD5、SHA1 或 BCrypt 进行哈希编码, 可使用 htpasswd、openssl 生成 userfile 文件 * openssl 生成密码示例 + ``` printf "user1:$(openssl passwd -apr1 123456)\n" >> ./userfile ``` + * 用户密码文件配置示例 + ``` # user1, 123456 user1:$apr1$mI7SilJz$CWwYJyYKbhVDNl26sdUSh/ @@ -50,6 +58,7 @@ user2:{SHA}fEqNCco3Yq9h5ZUglD3CZJT4lBs=:user2, 123456 ``` ### 配置示例 + ```json { "Config": { @@ -73,4 +82,3 @@ user2:{SHA}fEqNCco3Yq9h5ZUglD3CZJT4lBs=:user2, 123456 | REQ_AUTH_CHALLENGE | 命中规则、未携带AUTHORIZATION头的请求数 | | REQ_AUTH_SUCCESS | 认证成功的请求数 | | REQ_AUTH_FAILURE | 认证失败的请求数 | - diff --git a/docs/zh_cn/modules/mod_auth_jwt/mod_auth_jwt.md b/docs/zh_cn/modules/mod_auth_jwt/mod_auth_jwt.md index bec395d0f..eacb9a45b 100644 --- a/docs/zh_cn/modules/mod_auth_jwt/mod_auth_jwt.md +++ b/docs/zh_cn/modules/mod_auth_jwt/mod_auth_jwt.md @@ -7,6 +7,7 @@ mod_auth_jwt支持JWT([JSON Web Token](https://tools.ietf.org/html/rfc7519))认 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_auth_jwt/mod_auth_jwt.conf | Config Item | Description | @@ -24,6 +25,7 @@ DataPath = mod_auth_jwt/auth_jwt_rule.data ## 规则配置 ### 配置描述 + conf/mod_auth_jwt/auth_jwt_rule.data | Config Item | Description | diff --git a/docs/zh_cn/modules/mod_auth_request/mod_auth_request.md b/docs/zh_cn/modules/mod_auth_request/mod_auth_request.md index a0fc6b0b9..b4482ba21 100644 --- a/docs/zh_cn/modules/mod_auth_request/mod_auth_request.md +++ b/docs/zh_cn/modules/mod_auth_request/mod_auth_request.md @@ -5,7 +5,9 @@ mod_auth_request支持请求发送至指定的服务进行认证。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_auth_request/mod_auth_request.conf | 配置项 | 描述 | @@ -28,7 +30,9 @@ OpenDebug = false ``` ## 规则配置 + ### 配置描述 + | 配置项 | 描述 | | ------------------ | ------------------------------------------------------------ | | Version | String
配置文件版本 | @@ -75,7 +79,6 @@ OpenDebug = false | AUTH_REQUEST_FAIL | 认证失败的请求数 | | AUTH_REQUEST_UNCERTAIN | 认证状态不确定的请求数 | - ## BFE构造请求的说明 * Method: BFE构造的请求Method为GET diff --git a/docs/zh_cn/modules/mod_block/mod_block.md b/docs/zh_cn/modules/mod_block/mod_block.md index 3ae7a98e5..d7c6f21bd 100644 --- a/docs/zh_cn/modules/mod_block/mod_block.md +++ b/docs/zh_cn/modules/mod_block/mod_block.md @@ -1,11 +1,13 @@ # mod_block -## 模块简介 +## 模块简介 mod_block基于自定义的规则,对连接或请求进行封禁。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_block/mod_block.conf | 配置项 | 描述 | @@ -23,6 +25,7 @@ mod_block基于自定义的规则,对连接或请求进行封禁。 ``` ### 配置示例 + ```ini [Basic] # product rule config file path @@ -33,7 +36,9 @@ IPBlocklistPath = mod_block/ip_blocklist.data ``` ## 规则配置 + ### 配置描述 + | 配置项 | 描述 | | ------- | -------------------------------------------------------------- | | Version | String
配置文件版本 | @@ -49,12 +54,14 @@ IPBlocklistPath = mod_block/ip_blocklist.data | Config{v}[].Action.Params[] | String
参数信息 | ### 模块动作 + | 动作 | 含义 | | ----- | -------- | | CLOSE | 关闭连接 | | ALLOW | 允许请求 | ### 配置示例 + ```json { "Version": "20190101000000", @@ -83,7 +90,6 @@ IPBlocklistPath = mod_block/ip_blocklist.data } ``` - ## 监控项 | 监控项 | 描述 | @@ -95,4 +101,3 @@ IPBlocklistPath = mod_block/ip_blocklist.data | REQ_REFUSE | 请求拒绝的总数 | | REQ_ACCEPT | 请求接受的总数 | | REQ_TO_CHECK | 检查的请求数 | - diff --git a/docs/zh_cn/modules/mod_compress/mod_compress.md b/docs/zh_cn/modules/mod_compress/mod_compress.md index a337a04f0..2e11f18b7 100644 --- a/docs/zh_cn/modules/mod_compress/mod_compress.md +++ b/docs/zh_cn/modules/mod_compress/mod_compress.md @@ -1,11 +1,13 @@ # mod_compress -## 模块简介 +## 模块简介 mod_compress支持对响应主体压缩。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_compress/mod_compress.conf | 配置项 | 描述 | @@ -14,7 +16,9 @@ mod_compress支持对响应主体压缩。 | Log.OpenDebug | Boolean
是否开启 debug 日志
默认值False | ### 配置示例 + - 模块配置文件 + ```ini [Basic] DataPath = mod_compress/compress_rule.data @@ -24,7 +28,9 @@ OpenDebug = false ``` ## 规则配置 + ### 配置描述 + | 配置项 | 描述 | | ------- | -------------------------------------------------------------- | | Version | String
配置文件版本 | @@ -46,6 +52,7 @@ OpenDebug = false | BROTLI | brotli压缩 | ### 配置示例 + ```json { "Config": { @@ -72,4 +79,3 @@ OpenDebug = false | REQ_SUPPORT_COMPRESS |支持压缩请求数 | | REQ_MATCH_COMPRESS_RULE |命中压缩规则请求数 | | RES_ENCODE_COMPRESS |响应被压缩请求数 | - diff --git a/docs/zh_cn/modules/mod_cors/mod_cors.md b/docs/zh_cn/modules/mod_cors/mod_cors.md index 4deb593d1..ca44c8274 100644 --- a/docs/zh_cn/modules/mod_cors/mod_cors.md +++ b/docs/zh_cn/modules/mod_cors/mod_cors.md @@ -1,12 +1,13 @@ # mod_cors -## 模块简介 +## 模块简介 mod_cors支持跨域资源共享 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_cors/mod_cors.conf | 配置项 | 描述 | @@ -15,6 +16,7 @@ mod_cors支持跨域资源共享 | Log.OpenDebug | String
是否启用模块调试日志开关 | ### 配置示例 + ```ini [Basic] DataPath = mod_cors/cors_rule.data @@ -26,6 +28,7 @@ OpenDebug = false ## 规则配置 ### 配置描述 + 规则配置文件: conf/mod_cors/cors_rule.data | 配置项 | 描述 | @@ -37,14 +40,14 @@ OpenDebug = false | Config[v][] | Object
产品线的规则 | | Config[v][].Cond | String
规则的匹配条件, 语法详见[Condition](../../condition/condition_grammar.md) | | Config[v][].AccessControlAllowOrigins | List
告诉浏览器允许哪些网站可以访问跨域资源。
"%origin": 表示允许任意域名,且响应Header中Access-Control-Allow-Origin值为请求Header中"Origin"
"\*":表示对于不具备凭证(credentials)的请求,允许所有域名用于资源访问权限"| -| Config[v][].AccessControlAllowCredentials| Boolen
是否允许浏览器将对请求的响应暴露给页面 | -| Config[v][].AccessControlExposeHeaders | Boolen
允许客户端访问的响应头列表 | +| Config[v][].AccessControlAllowCredentials| Boolean
是否允许浏览器将对请求的响应暴露给页面 | +| Config[v][].AccessControlExposeHeaders | Boolean
允许客户端访问的响应头列表 | | Config[v][].AccessControlAllowMethods | List
用于预检请求,表示允许实际请求中客户端使用的方法列表 | | Config[v][].AccessControlAllowHeaders | List
用于预检请求,表示允许实际请求中客户端使用哪些请求头 | | Config[v][].AccessControlMaxAge | Int
用于预检请求,表示预检请求返回的结果可以被缓存的时间。-1:表示禁用缓存| - ### 配置示例 + ```json { "Version": "cors_rule.data.version", diff --git a/docs/zh_cn/modules/mod_doh/mod_doh.md b/docs/zh_cn/modules/mod_doh/mod_doh.md index c6cc8b34f..10ffd8dee 100644 --- a/docs/zh_cn/modules/mod_doh/mod_doh.md +++ b/docs/zh_cn/modules/mod_doh/mod_doh.md @@ -1,11 +1,13 @@ # mod_doh -## 模块简介 +## 模块简介 mod_doh支持DNS over HTTPS。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_doh/mod_doh.conf | 配置项 | 描述 | diff --git a/docs/zh_cn/modules/mod_errors/mod_errors.md b/docs/zh_cn/modules/mod_errors/mod_errors.md index d99a22c0b..23a49d189 100644 --- a/docs/zh_cn/modules/mod_errors/mod_errors.md +++ b/docs/zh_cn/modules/mod_errors/mod_errors.md @@ -1,11 +1,13 @@ # mod_errors -## 模块简介 +## 模块简介 mod_errors根据自定义的条件,将响应内容替换为/重定向至指定错误页。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_errors/mod_errors.conf | 配置项 | 描述 | @@ -14,12 +16,14 @@ mod_errors根据自定义的条件,将响应内容替换为/重定向至指定 | Log.OpenDebug | Boolean
是否开启 debug 日志
默认值False | ### 配置示例 + ```ini [Basic] DataPath = mod_errors/errors_rule.data ``` ## 规则配置 + ### 配置描述 | 配置项 | 描述 | @@ -36,12 +40,14 @@ DataPath = mod_errors/errors_rule.data | Config{v}[].Actions.Params[] | String
参数信息 | ### 模块动作 + | 动作 | 含义 | | -------- | ---------------------- | | RETURN | 响应返回指定错误页 | | REDIRECT | 响应重定向至指定错误页 | ### 配置示例 + ```json { "Version": "20190101000000", @@ -73,4 +79,3 @@ DataPath = mod_errors/errors_rule.data } } ``` - diff --git a/docs/zh_cn/modules/mod_geo/mod_geo.md b/docs/zh_cn/modules/mod_geo/mod_geo.md index ff092fd75..b22fa910d 100644 --- a/docs/zh_cn/modules/mod_geo/mod_geo.md +++ b/docs/zh_cn/modules/mod_geo/mod_geo.md @@ -1,12 +1,13 @@ # mod_geo -## 模块简介 +## 模块简介 mod_geo基于地理信息字典,通过用户IP获取相关的地理信息。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_geo/mod_geo.conf | 配置项 | 描述 | @@ -17,6 +18,7 @@ mod_geo基于地理信息字典,通过用户IP获取相关的地理信息。 字典文件说明:当前仅支持 MaxMind 地理信息字典, 可在 https://dev.maxmind.com/geoip/geoip2/geolite2/ 下载 ### 配置示例 + ```ini [Basic] GeoDBPath = mod_geo/geo.db diff --git a/docs/zh_cn/modules/mod_header/mod_header.md b/docs/zh_cn/modules/mod_header/mod_header.md index b6ee3585f..5833bac8d 100644 --- a/docs/zh_cn/modules/mod_header/mod_header.md +++ b/docs/zh_cn/modules/mod_header/mod_header.md @@ -1,11 +1,13 @@ # mod_header -## 模块简介 +## 模块简介 mod_header根据自定义条件,修改请求或响应的头部。 ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_header/mod_header.conf | 配置项 | 描述 | @@ -14,13 +16,16 @@ mod_header根据自定义条件,修改请求或响应的头部。 | Log.OpenDebug | Boolean
是否开启 debug 日志
默认值False | ### 配置示例 + ```ini [Basic] DataPath = mod_header/header_rule.data ``` ## 规则配置 + ### 配置描述 + | 配置项 | 描述 | | ------- | -------------------------------------------------------------- | | Version | String
配置文件版本 | @@ -39,7 +44,7 @@ DataPath = mod_header/header_rule.data | 动作名称 | 含义 | 参数列表说明 | | -------------- | ---------- | --------- | -| REQ_HEADER_SET | 设置请求头 | HeaderName, HeaderValue | +| REQ_HEADER_SET | 设置请求头 | HeaderName, HeaderValue | | REQ_HEADER_ADD | 添加请求头 | HeaderName, HeaderValue | | REQ_HEADER_DEL | 删除请求头 | HeaderName | | RSP_HEADER_SET | 设置响应头 | HeaderName, HeaderValue | @@ -47,6 +52,7 @@ DataPath = mod_header/header_rule.data | RSP_HEADER_DEL | 删除响应头 | HeaderName | ### 配置示例 + ```json { "Version": "20190101000000", @@ -85,6 +91,7 @@ DataPath = mod_header/header_rule.data ``` ## 内置变量说明 + BFE支持如下一系列变量并在处理请求阶段求值。关于变量的使用参见如上配置示例。 | 变量名 | 含义 | @@ -104,6 +111,7 @@ BFE支持如下一系列变量并在处理请求阶段求值。关于变量的 | %bfe_ssl_version | TLS/SSL协议版本 | | %bfe_ssl_ja3_raw | TLS/SSL客户端JA3算法指纹数据 | | %bfe_ssl_ja3_hash | TLS/SSL客户端JA3算法指纹哈希值 | +| %bfe_http2_fingerprint | HTTP/2 指纹 | | %bfe_protocol | 访问协议 | | %client_cert_serial_number | 客户端证书序列号 | | %client_cert_subject_title | 客户端证书Subject title | diff --git a/docs/zh_cn/modules/mod_key_log/mod_key_log.md b/docs/zh_cn/modules/mod_key_log/mod_key_log.md index c6bfe4d34..2d220e3f3 100644 --- a/docs/zh_cn/modules/mod_key_log/mod_key_log.md +++ b/docs/zh_cn/modules/mod_key_log/mod_key_log.md @@ -8,7 +8,9 @@ mod_key_log以NSS key log格式记录TLS会话密钥, 便于基于第三方工 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format ## 基础配置 + ### 配置描述 + 模块配置文件: conf/mod_key_log/mod_key_log.conf | 配置项 | 描述 | @@ -22,6 +24,7 @@ https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format ### 配置示例 #### 将日志保存到指定目录 + ```ini [Log] # filename prefix for log @@ -36,9 +39,11 @@ RotateWhen = H # max number of rotated log files BackupCount = 3 ``` + #### 将日志输出到标准输出 + ```ini [Log] # filename prefix for log LogFile = /dev/stdout -``` \ No newline at end of file +``` diff --git a/docs/zh_cn/modules/mod_logid/mod_logid.md b/docs/zh_cn/modules/mod_logid/mod_logid.md index 7386a8a54..c345d6c44 100644 --- a/docs/zh_cn/modules/mod_logid/mod_logid.md +++ b/docs/zh_cn/modules/mod_logid/mod_logid.md @@ -13,4 +13,3 @@ mod_logid用来生成logid。 | 监控项 | 描述 | | ----------------------- | --------------------------------- | | NO_LOGID_FROM_UPPER_BFE | 来自信任上游且未携带logid的请求数 | - diff --git a/docs/zh_cn/modules/mod_prison/mod_prison.md b/docs/zh_cn/modules/mod_prison/mod_prison.md index ff29308f7..18f997c04 100644 --- a/docs/zh_cn/modules/mod_prison/mod_prison.md +++ b/docs/zh_cn/modules/mod_prison/mod_prison.md @@ -1,12 +1,13 @@ # mod_prison -## 模块简介 +## 模块简介 mod_prison根据自定义的条件,限定单位时间用户的访问次数。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_prison/mod_prison.conf | 配置项 | 描述 | @@ -14,6 +15,7 @@ mod_prison根据自定义的条件,限定单位时间用户的访问次数。 | Basic.ProductRulePath | String
规则配置文件路径 | ### 配置示例 + ```ini [Basic] ProductRulePath = mod_prison/prison.data @@ -22,6 +24,7 @@ ProductRulePath = mod_prison/prison.data ## 规则配置 ### 配置描述 + 规则配置文件: conf/mod_prison/prison.data | 配置项 | 描述 | @@ -54,6 +57,7 @@ ProductRulePath = mod_prison/prison.data | Config{v}[].PrisonDictSize | Integer
访问封禁表大小 | ### 模块动作 + | 动作 | 描述 | | ------------------------- | ---------------------------------- | | CLOSE | 关闭用户连接 | @@ -62,6 +66,7 @@ ProductRulePath = mod_prison/prison.data | REQ_HEADER_SET | 修改请求头部 | ### 配置示例 + ```json { "Version": "20190101000000", @@ -91,4 +96,3 @@ ProductRulePath = mod_prison/prison.data } } ``` - diff --git a/docs/zh_cn/modules/mod_redirect/mod_redirect.md b/docs/zh_cn/modules/mod_redirect/mod_redirect.md index a78900c7d..59e19f319 100644 --- a/docs/zh_cn/modules/mod_redirect/mod_redirect.md +++ b/docs/zh_cn/modules/mod_redirect/mod_redirect.md @@ -7,6 +7,7 @@ mod_rediect根据自定义的条件,对请求进行重定向。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_redirect/mod_redirect.conf | 配置项 | 描述 | @@ -14,6 +15,7 @@ mod_rediect根据自定义的条件,对请求进行重定向。 | Basic.DataPath | String
规则配置文件路径 | ### 配置示例 + ```ini [Basic] DataPath = mod_redirect/redirect.data @@ -22,6 +24,7 @@ DataPath = mod_redirect/redirect.data ## 规则配置 ### 配置描述 + 规则配置文件: conf/mod_redirect/redirect.data | 配置项 | 描述 | @@ -38,6 +41,7 @@ DataPath = mod_redirect/redirect.data | Config{v}[].Status | Integer
HTTP状态码 | ### 模块动作 + | 动作 | 描述 | | -------------- | ------------------------------------------------- | | URL_SET | 设置重定向URL为指定值 | @@ -46,6 +50,7 @@ DataPath = mod_redirect/redirect.data | SCHEME_SET | 设置重定向URL为原始URL并修改协议(支持HTTP和HTTPS) | ### 配置示例 + ```json { "Version": "20190101000000", diff --git a/docs/zh_cn/modules/mod_rewrite/mod_rewrite.md b/docs/zh_cn/modules/mod_rewrite/mod_rewrite.md index 034af7be9..e9e672b1e 100644 --- a/docs/zh_cn/modules/mod_rewrite/mod_rewrite.md +++ b/docs/zh_cn/modules/mod_rewrite/mod_rewrite.md @@ -1,12 +1,13 @@ # mod_rewrite -## 模块简介 +## 模块简介 mod_rewrite根据自定义的条件,修改请求的URI。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_rewrite/mod_rewrite.conf | 配置项 | 描述 | @@ -14,6 +15,7 @@ mod_rewrite根据自定义的条件,修改请求的URI。 | Basic.DataPath | String
规则配置文件路径 | ### 配置示例 + ```ini [Basic] DataPath = mod_rewrite/rewrite.data @@ -22,6 +24,7 @@ DataPath = mod_rewrite/rewrite.data ## 规则配置 ### 配置描述 + 规则配置文件: conf/mod_rewrite/rewrite.data | 配置项 | 描述 | @@ -32,12 +35,13 @@ DataPath = mod_rewrite/rewrite.data | Config{v} | Object
重写规则列表 | | Config{v}[] | Object
重写规则 | | Config{v}[].Cond | String
规则条件, 语法详见[Condition](../../condition/condition_grammar.md) | -| Config{v}[].Action | Object
规则动作 | -| Config{v}[].Action.Cmd | Object
规则动作名称 | -| Config{v}[].Action.Param | Object
规则动作参数列表 | +| Config{v}[].Action | Object
规则动作 | +| Config{v}[].Action.Cmd | Object
规则动作名称 | +| Config{v}[].Action.Param | Object
规则动作参数列表 | | Config{v}[].Last | Boolean
当该项为true时,命中某条规则后,不再向后匹配 | ### 模块动作 + | 动作 | 描述 | | ------------------------- | ---------------------------------- | | HOST_SET_FROM_PATH_PREFIX | 根据path前缀设置host | @@ -52,6 +56,7 @@ DataPath = mod_rewrite/rewrite.data | QUERY_DEL_ALL_EXCEPT | 删除除指定key外的所有query | ### 配置示例 + ```json { "Version": "20190101000000", @@ -73,4 +78,3 @@ DataPath = mod_rewrite/rewrite.data } } ``` - diff --git a/docs/zh_cn/modules/mod_secure_link/mod_secure_link.md b/docs/zh_cn/modules/mod_secure_link/mod_secure_link.md index b82bd0962..f1fb4ffd8 100644 --- a/docs/zh_cn/modules/mod_secure_link/mod_secure_link.md +++ b/docs/zh_cn/modules/mod_secure_link/mod_secure_link.md @@ -7,6 +7,7 @@ mod_secure_link 校验请求链接是否授权,保护链接不被未授权访 ## 基础配置 ### 配置描述 + 模块基础配置文件: conf/mod_secure_link/mod_secure_link.conf | 配置项 | 描述 | @@ -27,6 +28,7 @@ OpenDebug = true ## 规则配置 ### 配置描述 + 模块规则配置文件:conf/mod_secure_link/secure_link_rule.data | 配置项 | 描述 | @@ -42,8 +44,8 @@ OpenDebug = true | Config[v][].ExpressionNodes[].Type | String
参与签名的数据节点的类型,参考Node Type | | Config[v][].ExpressionNodes[].Param | String
参与签名的数据节点的取值使用的key | - ### Node Type + 当前支持的类型和取值规则有: | type | 取值逻辑 | @@ -55,8 +57,8 @@ OpenDebug = true | uri | req.RequestURI | | remote_addr | req.RemoteAddr | - ### 配置示例 + ```json { "Version": "2019-12-10184356", @@ -86,6 +88,7 @@ OpenDebug = true ``` ### Link生成逻辑 + 以上述配置举例,Path的生成逻辑为: ``` @@ -112,10 +115,11 @@ func WrapSecureLinkParam (req *http.Request) { ``` step2 的逻辑用shell命令表示为: + ``` echo -n $origin | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = // one example: echo -n '2147483647/s/link127.0.0.1 secret' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = _e4Nc3iduzkWRm01TBBNYw -``` \ No newline at end of file +``` diff --git a/docs/zh_cn/modules/mod_static/mod_static.md b/docs/zh_cn/modules/mod_static/mod_static.md index 2685a33f6..fff4fe91b 100644 --- a/docs/zh_cn/modules/mod_static/mod_static.md +++ b/docs/zh_cn/modules/mod_static/mod_static.md @@ -1,12 +1,13 @@ # mod_static -## 模块简介 +## 模块简介 mod_static支持返回静态文件作为响应。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_static/mod_static.conf | 配置项 | 描述 | @@ -15,6 +16,7 @@ mod_static支持返回静态文件作为响应。 | Basic.MimeTypePath | String
MIME配置文件路径 | ### 配置示例 + ```ini [Basic] DataPath = mod_static/static_rule.data @@ -25,6 +27,7 @@ MimeTypePath = mod_static/mime_type.data ## 规则配置 ### 配置描述 + 规则配置文件: conf/mod_static/static_rule.data | 配置项 | 描述 | @@ -42,6 +45,7 @@ MimeTypePath = mod_static/mime_type.data | Config[v][].Action.Param[1] | String
第二个参数为默认静态文件名 | ### 配置示例 + ```json { "Config": { @@ -63,7 +67,9 @@ MimeTypePath = mod_static/mime_type.data ``` ## MIME配置 + ### 配置描述 + MIME配置文件: conf/mod_static/mime_type.data | 配置项 | 描述 | @@ -74,6 +80,7 @@ MIME配置文件: conf/mod_static/mime_type.data | Config[v] | String
MIME类型 | ### 配置示例 + ```json { "Config": { @@ -92,4 +99,3 @@ MIME配置文件: conf/mod_static/mime_type.data | FILE_CURRENT_OPENED |统计当前打开的文件数 | | FILE_BROWSE_NOT_EXIST |文件不存在请求数 | | FILE_BROWSE_SIZE |已处理文件总大小 | - diff --git a/docs/zh_cn/modules/mod_tag/mod_tag.md b/docs/zh_cn/modules/mod_tag/mod_tag.md index 99b78406f..99acbb434 100644 --- a/docs/zh_cn/modules/mod_tag/mod_tag.md +++ b/docs/zh_cn/modules/mod_tag/mod_tag.md @@ -1,12 +1,13 @@ # mod_tag -## 模块简介 +## 模块简介 mod_tag根据自定义的条件,为请求设置Tag标识。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_tag/mod_tag.conf | 配置项 | 描述 | @@ -15,6 +16,7 @@ mod_tag根据自定义的条件,为请求设置Tag标识。 | Log.OpenDebug | String
是否启用模块调试日志开关 | ### 配置示例 + ```ini [Basic] DataPath = mod_tag/tag_rule.data @@ -26,6 +28,7 @@ OpenDebug = false ## 规则配置 ### 配置描述 + 规则配置文件: conf/mod_tag/tag_rule.data | 配置项 | 描述 | @@ -41,6 +44,7 @@ OpenDebug = false | Config[v][].Last | Boolean
设置为true时,命中当前规则后停止处理后续规则 | ### 配置示例 + ```json { "Version": "20200218210000", diff --git a/docs/zh_cn/modules/mod_tcp_keepalive/mod_tcp_keepalive.md b/docs/zh_cn/modules/mod_tcp_keepalive/mod_tcp_keepalive.md index 699450e6a..040c95d0c 100644 --- a/docs/zh_cn/modules/mod_tcp_keepalive/mod_tcp_keepalive.md +++ b/docs/zh_cn/modules/mod_tcp_keepalive/mod_tcp_keepalive.md @@ -18,6 +18,7 @@ mod_tcp_keepalive管理TCP长连接心跳包的发送策略。 | Log.OpenDebug | Boolean
是否开启debug模式 | ### 配置示例 + ```ini [Basic] DataPath = ../data/mod_tcp_keepalive/tcp_keepalive.data diff --git a/docs/zh_cn/modules/mod_trace/mod_trace.md b/docs/zh_cn/modules/mod_trace/mod_trace.md index 28fe5e810..69e767fb9 100644 --- a/docs/zh_cn/modules/mod_trace/mod_trace.md +++ b/docs/zh_cn/modules/mod_trace/mod_trace.md @@ -1,12 +1,13 @@ # mod_trace -## 模块简介 +## 模块简介 mod_trace根据自定义的条件,为请求开启分布式跟踪。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_trace/mod_trace.conf #### 基础配置项 @@ -15,7 +16,7 @@ mod_trace根据自定义的条件,为请求开启分布式跟踪。 | ------------------------------| -------------------------| | Basic.DataPath | String
规则配置文件路径 | | Basic.ServiceName | String
服务名 | -| Basic.TraceAgent | String
设置trace组件,可选值:jaeger和zipkin | +| Basic.TraceAgent | String
设置trace组件,可选值:jaeger和zipkin | | Log.OpenDebug | Boolean
是否启用模块调试日志开关 | #### Zipkin配置项 @@ -81,6 +82,7 @@ SampleRate = 1.0 ``` #### 基于Jaeger示例 + ```ini [Basic] DataPath = mod_trace/trace_rule.data @@ -134,6 +136,7 @@ CollectorPassword = "" ``` #### 基于Elastic示例 + ```ini [Basic] DataPath = mod_trace/trace_rule.data @@ -158,6 +161,7 @@ SecretToken = "" ## 规则配置 ### 配置描述 + 规则配置文件: conf/mod_trace/trace_rule.data | 配置项 | 描述 | @@ -171,6 +175,7 @@ SecretToken = "" | Config[v][].Enable | Boolean
是否开启trace | ### 配置示例 + ```json { "Version": "20200218210000", diff --git a/docs/zh_cn/modules/mod_trust_clientip/mod_trust_clientip.md b/docs/zh_cn/modules/mod_trust_clientip/mod_trust_clientip.md index df25beefd..3e057fb78 100644 --- a/docs/zh_cn/modules/mod_trust_clientip/mod_trust_clientip.md +++ b/docs/zh_cn/modules/mod_trust_clientip/mod_trust_clientip.md @@ -1,12 +1,13 @@ # mod_trust_clientip -## 模块简介 +## 模块简介 mod_trust_clientip基于配置信任IP列表,检查并标识访问用户真实IP是否属于信任IP。 ## 基础配置 ### 配置描述 + 模块配置文件: conf/mod_trust_clientip/mod_trust_clientip.conf | 配置项 | 描述 | @@ -14,6 +15,7 @@ mod_trust_clientip基于配置信任IP列表,检查并标识访问用户真实 | Basic.DataPath | String
IP字典文件路径,包含了所有信任IP | ### 配置示例 + ```ini [Basic] DataPath = mod_trust_clientip/trust_client_ip.data @@ -22,6 +24,7 @@ DataPath = mod_trust_clientip/trust_client_ip.data ## 字典配置 ### 配置描述 + 字典配置文件路径: conf/mod_trust_clientip/trust_client_ip.data | 配置项 | 描述 | @@ -35,6 +38,7 @@ DataPath = mod_trust_clientip/trust_client_ip.data | Config[v][].End | String
IP段结束地址 | ### 配置示例 + ```json { "Version": "20190101000000", @@ -49,7 +53,7 @@ DataPath = mod_trust_clientip/trust_client_ip.data } ``` -# 监控信息 +## 监控信息 | 监控项 | 描述 | | ---------------------------- | -------------------------------------- | diff --git a/docs/zh_cn/modules/mod_userid/mod_userid.md b/docs/zh_cn/modules/mod_userid/mod_userid.md index dd9109e25..aeeaba918 100644 --- a/docs/zh_cn/modules/mod_userid/mod_userid.md +++ b/docs/zh_cn/modules/mod_userid/mod_userid.md @@ -7,6 +7,7 @@ mod_userid为新用户自动在Cookie中添加用户标识。 ## 基础配置 ### 配置描述 + 模块基础配置文件: conf/mod_userid/mod_userid.conf | 配置项 | 描述 | @@ -15,6 +16,7 @@ mod_userid为新用户自动在Cookie中添加用户标识。 | Log.OpenDebug | 是否启用模块调试日志开关 | ### 配置示例 + ```ini [Basic] DataPath = mod_userid/userid_rule.data @@ -26,6 +28,7 @@ OpenDebug = true ## 规则配置 ### 配置描述 + 模块规则配置文件:conf/mod_userid/userid_rule.data | 配置项 | 描述 | @@ -41,6 +44,7 @@ OpenDebug = true | Config[v][].Params.MaxAge | Cookie的MaxAge属性 | ### 配置示例 + ```json { "Version": "2019-12-10184356", diff --git a/docs/zh_cn/monitor/bal_state.md b/docs/zh_cn/monitor/bal_state.md index 4248557ee..2834dc7e0 100644 --- a/docs/zh_cn/monitor/bal_state.md +++ b/docs/zh_cn/monitor/bal_state.md @@ -13,4 +13,3 @@ | ERR_BK_NO_SUB_CLUSTER_CROSS | 跨子集群转发时,未找到子集群的错误数 | | ERR_BK_RETRY_TOO_MANY | 转发请求达到最大重试次数的错误数 | | ERR_GSLB_BLACKHOLE | 转发到黑洞(被丢弃)的请求数 | - diff --git a/docs/zh_cn/monitor/module_status.md b/docs/zh_cn/monitor/module_status.md index 68bf17f9f..e5f775093 100644 --- a/docs/zh_cn/monitor/module_status.md +++ b/docs/zh_cn/monitor/module_status.md @@ -12,4 +12,3 @@ | enabled | 启用的模块列表 | 关于各模块监控项, 详见[模块说明](../modules/modules.md) - diff --git a/docs/zh_cn/monitor/proxy_state.md b/docs/zh_cn/monitor/proxy_state.md index c85c315af..1273f6db6 100644 --- a/docs/zh_cn/monitor/proxy_state.md +++ b/docs/zh_cn/monitor/proxy_state.md @@ -18,7 +18,6 @@ | CLIENT_REQ_SERVED | 处理请求数 | | CLIENT_REQ_FAIL | 转发失败的请求数 | - ### 后端相关错误 | 监控项 | 描述 | @@ -34,7 +33,6 @@ | ERR_BK_TRANSPORT_BROKEN | 与后端连接异常的错误数 | | ERR_BK_WRITE_REQUEST | 向后端写请求失败的错误数 | - ### 客户端相关错误 | 监控项 | 描述 | @@ -50,7 +48,6 @@ | ERR_CLIENT_WRITE | 向客户端发送响应错误数 | | ERR_CLIENT_ZERO_CONTENTLEN | 对于100-continue请求,Content-Length为0错误数 | - ### Panic相关异常 | 监控项 | 描述 | @@ -59,7 +56,6 @@ | PANIC_BACKEND_WRITE | 写后端协程panic的次数 | | PANIC_CLIENT_CONN_SERVE | 客户端连接协程panic的次数 | - ### 流量相关 | 监控项 | 描述 | @@ -87,7 +83,6 @@ | WS_CLIENT_CONN_ACTIVE | WS协议活跃连接数 | | WS_CLIENT_CONN_SERVED | WS协议处理连接数 | - ### TLS协议相关 | 监控项 | 描述 | diff --git a/docs/zh_cn/monitor/tls_state.md b/docs/zh_cn/monitor/tls_state.md index d2f95728d..af28d2b90 100644 --- a/docs/zh_cn/monitor/tls_state.md +++ b/docs/zh_cn/monitor/tls_state.md @@ -24,4 +24,3 @@ | TLS_HANDSHAKE_SSLV2_NOT_SUPPORT | 不支持SSLv2版本握手的次数 | | TLS_HANDSHAKE_ZERO_DATA | 客户端建立连接后未发送消息的错误数 | | TLS_STATUS_REQUEST_EXT_COUNT | ClientHello携带Certificate Status Request扩展的次数| - diff --git a/docs/zh_cn/monitor/websocket_state.md b/docs/zh_cn/monitor/websocket_state.md index c9d157c70..857e76a1c 100644 --- a/docs/zh_cn/monitor/websocket_state.md +++ b/docs/zh_cn/monitor/websocket_state.md @@ -17,4 +17,3 @@ | WEB_SOCKET_ERR_PROXY | 无可用后端错误数 | | WEB_SOCKET_ERR_TRANSFER | 数据传输的错误数 | | WEB_SOCKET_PANIC_CONN | 连接PANIC的异常数 | - diff --git a/docs/zh_cn/operation/command.md b/docs/zh_cn/operation/command.md index 3ac453a4e..aa57f5fcf 100644 --- a/docs/zh_cn/operation/command.md +++ b/docs/zh_cn/operation/command.md @@ -24,7 +24,7 @@ bfe [options] 是否显示bfe的版本号并退出,默认否 -* -V +* -V 是否显示bfe的版本相关信息并退出,默认否 diff --git a/docs/zh_cn/operation/env_var.md b/docs/zh_cn/operation/env_var.md index fa2fb7ef7..49cb46a84 100644 --- a/docs/zh_cn/operation/env_var.md +++ b/docs/zh_cn/operation/env_var.md @@ -3,11 +3,13 @@ ## GODEBUG * 输出HTTP2 Header日志信息 + ```bash $ export GODEBUG="http2debug=1" ``` * 输出HTTP2 Header及HTTP2 Frame日志信息 + ```bash $ export GODEBUG="http2debug=2" ``` diff --git a/docs/zh_cn/operation/log_rotation.md b/docs/zh_cn/operation/log_rotation.md index 8a05c5344..3628fe6cd 100644 --- a/docs/zh_cn/operation/log_rotation.md +++ b/docs/zh_cn/operation/log_rotation.md @@ -1,6 +1,6 @@ # 日志切割备份 -## 简介 +## 简介 日志文件随着时间推移会变大并占用越来多越的磁盘空间。 BEF内置日志自动切割及备份功能,可定期切割日志,删除并仅保留最近的日志文件。 diff --git a/docs/zh_cn/operation/monitor.md b/docs/zh_cn/operation/monitor.md index ac8dc7027..e013263dd 100644 --- a/docs/zh_cn/operation/monitor.md +++ b/docs/zh_cn/operation/monitor.md @@ -12,6 +12,7 @@ MonitorPort = 8421 ``` ## 获取指标类别列表 + 访问如下地址,以获取监控项列表: ``` diff --git a/docs/zh_cn/operation/performance.md b/docs/zh_cn/operation/performance.md index 24f3a9752..927da07d6 100644 --- a/docs/zh_cn/operation/performance.md +++ b/docs/zh_cn/operation/performance.md @@ -24,9 +24,11 @@ $ git clone https://github.com/brendangregg/FlameGraph ## 操作步骤 * 获取性能采样数据 + ```bash $ go tool pprof -seconds=60 -raw -output=bfe.pprof http://:/debug/pprof/profile ``` + 注:seconds=60 表示抓取60s的采样数据 * 转换并绘制火焰图 diff --git a/docs/zh_cn/operation/reload.md b/docs/zh_cn/operation/reload.md index df38114ea..3d56f2ee5 100644 --- a/docs/zh_cn/operation/reload.md +++ b/docs/zh_cn/operation/reload.md @@ -14,6 +14,7 @@ MonitorPort = 8421 ## 使用方式 * reload接口仅允许使用localhost访问(127.0.0.1/::1), 仅支持GET请求, 示例: + ```bash # 重加载分流转发配置 $ curl http://localhost:8421/reload/server_data_conf diff --git a/docs/zh_cn/operation/signal.md b/docs/zh_cn/operation/signal.md index 18aa93ce1..93a82f0bc 100644 --- a/docs/zh_cn/operation/signal.md +++ b/docs/zh_cn/operation/signal.md @@ -1,10 +1,12 @@ # 系统信号说明 ## SIGQUIT + 优雅退出BFE进程 !!! note BFE进程不再接收新的连接请求,继续完成活跃请求处理后退出, 或超过GracefulShutdownTimeout(conf/bfe.conf)后强制退出 ## SIGTERM + 强制退出BFE进程 diff --git a/go.mod b/go.mod index 5a5c886a6..04ee3e5fd 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect github.com/golang-jwt/jwt v3.2.2+incompatible github.com/gomodule/redigo v2.0.0+incompatible - github.com/json-iterator/go v1.1.10 + github.com/json-iterator/go v1.1.12 github.com/microcosm-cc/bluemonday v1.0.16 github.com/miekg/dns v1.1.29 github.com/opentracing/opentracing-go v1.1.0 @@ -49,7 +49,7 @@ require ( github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869 // indirect github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect - github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect github.com/oschwald/maxminddb-golang v1.6.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -60,6 +60,6 @@ require ( golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/grpc v1.22.1 // indirect - gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect ) diff --git a/go.sum b/go.sum index 143ea1ad1..53d5a12f5 100644 --- a/go.sum +++ b/go.sum @@ -58,8 +58,8 @@ github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869/go.mod h1:cJ6Cj github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4= github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= -github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -72,8 +72,8 @@ github.com/miekg/dns v1.1.29 h1:xHBEhR+t5RzcFJjBLJlax2daXOrTYtr9z4WdKEfWFzg= github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLDQ0W1YjYsBW+p8U2u7vzgW2SQVmlNazg= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -219,8 +219,9 @@ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= diff --git a/release_local.sh b/release_local.sh index d5248799d..fd599804c 100644 --- a/release_local.sh +++ b/release_local.sh @@ -1,4 +1,4 @@ -#/bin/bash +#! /bin/bash # Copyright 2021 The BFE Authors # diff --git a/revive.toml b/revive.toml new file mode 100644 index 000000000..b3ef426c7 --- /dev/null +++ b/revive.toml @@ -0,0 +1,16 @@ +# Copyright (c) 2022 The BFE Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[rule.var-naming] + arguments = [["bfe_http2"], []] diff --git a/staticcheck.conf b/staticcheck.conf index d6d2f3455..d9abd4a45 100644 --- a/staticcheck.conf +++ b/staticcheck.conf @@ -1,4 +1,4 @@ -checks = ["all", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1005"] +checks = ["all", "-ST1000", "-ST1003", "-ST1005", "-ST1011", "-ST1016", "-ST1017", "-ST1020", "-SA1021", "-SA4006", "-SA6002", "-SA9004", "-S1024", "-U1000"] initialisms = ["ACL", "API", "ASCII", "CPU", "CSS", "DNS", "EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", "IP", "JSON", "QPS", "RAM", "RPC", "SLA",