HomeIPCAD → ipcad.conf manual

IPCAD.CONF(5)		  FreeBSD File Formats Manual		 IPCAD.CONF(5)


     ipcad.conf -- ipcad configuration file




     The file /usr/local/etc/ipcad.conf contains configuration information for
     the ipcad(8) daemon.  The ipcad.conf file consists of a series of config-
     uration options describing the interfaces on which ipcad should be lis-
     tening and other configuration data.

   Global configuration
     capture-ports { enable | disable };

	   Make ipcad account for UDP/TCP ports, IP protocol and ICMP types on
	   a per-interface basis.  This setting is relevant for RSH and inter-
	   active export methods only.	Capturing UDP and TCP is  disabled  by
	   default  to	maintain historic RSH output format compatibility.  To
	   selectively enable capturing ports on certain  interfaces,  specify
	   the	capture-ports  between the appropriate interface configuration

     buffers = <number> [{ k | m }] ;

	   Defines a buffer size to use for transferring  the  data  from  the
	   kernel. Using larger buffers may increase the performance by lower-
	   ing the number of expensive context	switches,  but	using  smaller
	   values improves responsiveness.

	   NOTE: This option has no effect on NetFlow operation.

   Interface configuration
     interface <face> [promisc] [input-only] [netflow-sampled]
     [netflow-disable] [filter "<pcap_filter>"] ;

	   Listen on specified interface using	BPF  or  PCAP  packet  source.
	   (Please refer to the Interface configuration section below).

     interface ulog group <group> [, group <group> ...] [netflow-sampled]
     [netflow-disable] ;

	   Use Linux iptables' ULOG interface for packet capturing. You should
	   configure  the iptables to forward the packets into the appropriate

		 iptables -A OUTPUT -j ULOG --ulog-nlgroup <group>

   Interface options:
     promisc: Put interface into promiscuous mode.  This enables listening for
     the packets which are not destined for this host and thus ipcad will
     count and display all the traffic within the local network. Note that the
     interface might be in promiscuous mode for some other reason.

     input-only: Use kernel feature of counting only incoming packets.

     NOTE: "input-only" directive must be supported by kernel.	Probably, you
     were noticed about it during the compilation process if it was not sup-
     ported.  FreeBSD 3.x and elder kernels do not support this feature.

     netflow-sampled: If the NetFlow export mechanism is used, this option
     instructs the interface to supply only one out of N packets to the Net-
     Flow accounting code, thus lowering the CPU and memory requirements.  The
     value of N is configured explicitly in a NetFlow configuration section.

     NOTE: This option is NOT used to enable NetFlow on the interface, it just
     modifies the NetFlow behavior on this interface.

     netflow-disable: By default, all interfaces are included into NetFlow
     accounting.  This option is used to disable NetFlow accounting on a par-
     ticular interface.

     filter: Install a custom filter on packets instead of basic IP protocol
     filter. Requires libpcap (even if BPF is being used).  May be employed to
     eliminate CPU overhead on passing unnecessary data between the kernel and
     user space (by installing the filter directly into the kernel).

   IP aggregation
     aggregate <ip>/<masklen> strip <maskbits>;

	   Aggregate addresses from the specified network (<ip>/<masklen>), by
	   AND'ing  with specified mask (<maskbits>). Use of aggregation helps
	   to save memory space and recomendeed for efficiency.

     aggregate <port_from>-<port_to> into <port>;

     aggregate <port> into <port>;

	   Aggregate specified UDP/TCP ports range into a given  port  number.
	   Use	of  aggregation helps to save memory space and recomendeed for

   RSH server configuration
     rsh { enable | disable } [at <listen_ip>];

	   Enable/disable RSH server  (disabled  by  default).	Optionally,  a
	   server's IP address may be specified.

     rsh [[<user>@]<host_addr>] [access] ;

	   Specifies an rsh access list entry.	access values are:

		 admin	   Can shutdown ipcad

		 backup    Can dump/restore/import accounting tables

		 default   Can view and modify accounting tables

		 view-only Can view accounting tables

		 deny	   Deny all activity

     rsh ttl = <ttl>;

	   Keep  the  IP  time to live (TTL) value reasonably low to lower the
	   possibility of remote attacks. Default is 3. This means that if you
	   are	trying	to  gather IP accounting from a distant (a few network
	   "hops", see traceroute(1)) ipcad server using  RSH,	such  attempts
	   may fail.

     rsh timeout = <seconds>;

	   Set rsh timeout for the same purpose.

     dumpfile = <filename>;

	   Dump  memory  table to this file on exit and read on startup (refer
	   to ipcad(8) and read about -s and -r options).

	   NOTE: This setting has no effect on NetFlow operation. The contents
	   of  the flow cache are flushed to the collector upon ipcad termina-

   NetFlow export configuration
     netflow export destination <collector-ip> <collector-port>;

	   Enable NetFlow information export to the specified destination.  By
	   default, ipcad does not export NetFlow information.

     netflow export version { 1 | 5 };

	   Specify the NetFlow export format version. By default, version 5 is

     netflow export timeout active <time-minutes>;

	   Configure the timer to expire active flows after the given value in

     netflow export timeout inactive <time-seconds>;

	   Configure  the timer to expire inactive flows after the given value
	   in seconds.

   Other options:
     memory_limit = <number> [{ k | m | e }] ;

	   Defines a memory limit for  storing	the  per-stream  associations.
	   Shortcuts are for kilobytes, megabytes or entries respectively.

     chroot = </path>;

	   Chroot to this directory before processing.

     uid = <number>;

	   Set this uid to be safe in the long run. Please change it if you're
	   aware of the consequences. RSH service will NOT work if process  is
	   not privileged. Default is to not to change privileges.

     gid = <number>;

	   Set	this  gid to be safe in the long run. Default is not to change

     pidfile = <filename>;

	   File to keep the process PID in it. ipcad will also	hold  a  lock.
	   Creation of the PID file is done after chroot()'ing.




     Lev Walkin <vlm@lionet.info>

				 May 25, 2001