func NewFilter(config *Config) (_ filters.Filter, err error) {
onceCA.Do(func() {
defaultCA, err = NewRootCA(config.RootCA.Name,
time.Duration(config.RootCA.Duration)*time.Second,
config.RootCA.RsaBits,
config.RootCA.Dirname,
config.RootCA.Portable)
if err != nil {
glog.Fatalf("NewRootCA(%#v) error: %v", config.RootCA.Name, err)
}
})
f := &Filter{
Config: *config,
CA: defaultCA,
CAExpiry: time.Duration(config.RootCA.Duration) * time.Second,
TLSConfigCache: lrucache.NewMultiLRUCache(4, 4096),
Ports: make(map[string]struct{}),
Sites: helpers.NewHostMatcher(config.Sites),
}
for _, port := range config.Ports {
f.Ports[strconv.Itoa(port)] = struct{}{}
}
return f, nil
}
func NewFilter(config *Config) (_ filters.Filter, err error) {
var ca *RootCA
ca, err = NewRootCA(config.RootCA.Name, time.Duration(config.RootCA.Duration)*time.Second, config.RootCA.RsaBits, config.RootCA.Dirname)
if err != nil {
return nil, err
}
if _, err := os.Stat(config.RootCA.Dirname); os.IsNotExist(err) {
if err = os.Mkdir(config.RootCA.Dirname, 0755); err != nil {
return nil, err
}
}
f := &Filter{
CA: ca,
CAExpires: time.Duration(config.RootCA.Duration) * time.Second,
CACache: lrucache.NewMultiLRUCache(4, 4096),
SiteLists1: make(map[string]struct{}),
SiteLists2: make([]string, 0),
}
for _, site := range config.Sites {
if !strings.Contains(site, "*") {
f.SiteLists1[site] = struct{}{}
} else {
f.SiteLists2 = append(f.SiteLists2, site)
}
}
return f, nil
}
func NewIplist(lists map[string][]string, blacklist []string, dualStack bool) (*Iplist, error) {
iplist := &Iplist{
lists: lists,
blacklist: httpproxy.NewHostMatcher(blacklist),
dnsCache: lrucache.NewMultiLRUCache(4, 10240),
dualStack: dualStack,
}
return iplist, nil
}
func NewFilter(config *Config) (filters.Filter, error) {
f := &Filter{
ByPassHeaders: lrucache.NewMultiLRUCache(4, uint(config.CacheSize)),
Basic: make(map[string]string),
WhiteList: make(map[string]struct{}),
}
for _, v := range config.Basic {
f.Basic[v.Username] = v.Password
}
for _, v := range config.WhiteList {
f.WhiteList[v] = struct{}{}
}
return f, nil
}
func NewFilter(config *Config) (filters.Filter, error) {
d := &Dailer{}
d.Timeout = time.Duration(config.Dialer.Timeout) * time.Second
d.KeepAlive = time.Duration(config.Dialer.KeepAlive) * time.Second
d.DNSCache = lrucache.NewMultiLRUCache(4, uint(config.DNSCache.Size))
d.DNSCacheExpires = time.Duration(config.DNSCache.Expires) * time.Second
d.Blacklist = make(map[string]struct{})
// d.Blacklist["127.0.0.1"] = struct{}{}
d.Blacklist["::1"] = struct{}{}
if addrs, err := net.InterfaceAddrs(); err == nil {
for _, addr := range addrs {
switch addr.Network() {
case "ip":
d.Blacklist[addr.String()] = struct{}{}
}
}
}
// glog.V(2).Infof("add blacklist=%v to direct filter", d.Blacklist)
return &Filter{
transport: &http.Transport{
Dial: d.Dial,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: false,
ClientSessionCache: tls.NewLRUClientSessionCache(1000),
},
TLSHandshakeTimeout: time.Duration(config.Transport.TLSHandshakeTimeout) * time.Second,
MaxIdleConnsPerHost: config.Transport.MaxIdleConnsPerHost,
DisableCompression: config.Transport.DisableCompression,
},
ratelimt: RateLimit{
Threshold: int64(config.RateLimit.Threshold),
Capacity: int64(config.RateLimit.Capacity),
Rate: float64(config.RateLimit.Rate),
},
}, nil
}
func NewFilter(config *Config) (filters.Filter, error) {
d := &Dialer{}
d.Timeout = time.Duration(config.Dialer.Timeout) * time.Second
d.KeepAlive = time.Duration(config.Dialer.KeepAlive) * time.Second
d.Blacklist = make(map[string]struct{})
d.Window = config.Dialer.Window
d.Blacklist["127.0.0.1"] = struct{}{}
d.Blacklist["::1"] = struct{}{}
if addrs, err := net.InterfaceAddrs(); err == nil {
for _, addr := range addrs {
switch addr.Network() {
case "ip":
d.Blacklist[addr.String()] = struct{}{}
}
}
}
var err error
d.hosts = httpproxy.NewHostMatcherWithString(config.Hosts)
d.iplist, err = NewIplist(config.Iplist, config.DNS.Servers, config.DNS.Blacklist, d.DualStack)
if err != nil {
return nil, err
}
d.TLSConfig = &tls.Config{
InsecureSkipVerify: true,
ClientSessionCache: tls.NewLRUClientSessionCache(1000),
}
d.connTCPDuration = lrucache.NewMultiLRUCache(4, 4096)
d.connTLSDuration = lrucache.NewMultiLRUCache(4, 4096)
d.connExpireDuration = 5 * time.Minute
for _, name := range config.DNS.Expand {
if _, ok := config.Iplist[name]; ok {
go func(name string) {
t := time.Tick(3 * time.Minute)
for {
select {
case <-t:
d.iplist.ExpandList(name)
}
}
}(name)
}
}
return &Filter{
transport: &http.Transport{
Dial: d.Dial,
DialTLS: d.DialTLS,
DisableKeepAlives: config.Transport.DisableKeepAlives,
DisableCompression: config.Transport.DisableCompression,
TLSHandshakeTimeout: time.Duration(config.Transport.TLSHandshakeTimeout) * time.Second,
MaxIdleConnsPerHost: config.Transport.MaxIdleConnsPerHost,
},
dialer: d,
}, nil
}
func makeMultiLRU(capacity uint64) lrucache.Cache {
shards := uint(2)
return lrucache.NewMultiLRUCache(shards, uint(capacity)/shards)
}
// New returns a new Cache using the provided memcache server(s) with equal
// weight. If a server is listed multiple times, it gets a proportional amount
// of weight.
func New(capacity uint) *Cache {
return &Cache{
cache: lrucache.NewMultiLRUCache(4, capacity),
}
}