Home → IPCAD → ipcad.conf manual
IPCAD.CONF(5) FreeBSD File Formats Manual IPCAD.CONF(5)
NAME
ipcad.conf -- ipcad configuration file
SYNOPSIS
/usr/local/etc/ipcad.conf
DESCRIPTION
The file /usr/local/etc/ipcad.conf contains configuration information for
the ipcad(8) daemon. The ipcad.conf file consists of a series of config-
uration options describing the interfaces on which ipcad should be lis-
tening and other configuration data.
Global configuration
capture-ports { enable | disable };
Make ipcad account for UDP/TCP ports, IP protocol and ICMP types on
a per-interface basis. This setting is relevant for RSH and inter-
active export methods only. Capturing UDP and TCP is disabled by
default to maintain historic RSH output format compatibility. To
selectively enable capturing ports on certain interfaces, specify
the capture-ports between the appropriate interface configuration
statements.
buffers = <number> [{ k | m }] ;
Defines a buffer size to use for transferring the data from the
kernel. Using larger buffers may increase the performance by lower-
ing the number of expensive context switches, but using smaller
values improves responsiveness.
NOTE: This option has no effect on NetFlow operation.
Interface configuration
interface <face> [promisc] [input-only] [netflow-sampled]
[netflow-disable] [filter "<pcap_filter>"] ;
Listen on specified interface using BPF or PCAP packet source.
(Please refer to the Interface configuration section below).
interface ulog group <group> [, group <group> ...] [netflow-sampled]
[netflow-disable] ;
Use Linux iptables' ULOG interface for packet capturing. You should
configure the iptables to forward the packets into the appropriate
group:
iptables -A OUTPUT -j ULOG --ulog-nlgroup <group>
Interface options:
promisc: Put interface into promiscuous mode. This enables listening for
the packets which are not destined for this host and thus ipcad will
count and display all the traffic within the local network. Note that the
interface might be in promiscuous mode for some other reason.
input-only: Use kernel feature of counting only incoming packets.
NOTE: "input-only" directive must be supported by kernel. Probably, you
were noticed about it during the compilation process if it was not sup-
ported. FreeBSD 3.x and elder kernels do not support this feature.
netflow-sampled: If the NetFlow export mechanism is used, this option
instructs the interface to supply only one out of N packets to the Net-
Flow accounting code, thus lowering the CPU and memory requirements. The
value of N is configured explicitly in a NetFlow configuration section.
NOTE: This option is NOT used to enable NetFlow on the interface, it just
modifies the NetFlow behavior on this interface.
netflow-disable: By default, all interfaces are included into NetFlow
accounting. This option is used to disable NetFlow accounting on a par-
ticular interface.
filter: Install a custom filter on packets instead of basic IP protocol
filter. Requires libpcap (even if BPF is being used). May be employed to
eliminate CPU overhead on passing unnecessary data between the kernel and
user space (by installing the filter directly into the kernel).
IP aggregation
aggregate <ip>/<masklen> strip <maskbits>;
Aggregate addresses from the specified network (<ip>/<masklen>), by
AND'ing with specified mask (<maskbits>). Use of aggregation helps
to save memory space and recomendeed for efficiency.
aggregate <port_from>-<port_to> into <port>;
aggregate <port> into <port>;
Aggregate specified UDP/TCP ports range into a given port number.
Use of aggregation helps to save memory space and recomendeed for
efficiency.
RSH server configuration
rsh { enable | disable } [at <listen_ip>];
Enable/disable RSH server (disabled by default). Optionally, a
server's IP address may be specified.
rsh [[<user>@]<host_addr>] [access] ;
Specifies an rsh access list entry. access values are:
admin Can shutdown ipcad
backup Can dump/restore/import accounting tables
default Can view and modify accounting tables
view-only Can view accounting tables
deny Deny all activity
rsh ttl = <ttl>;
Keep the IP time to live (TTL) value reasonably low to lower the
possibility of remote attacks. Default is 3. This means that if you
are trying to gather IP accounting from a distant (a few network
"hops", see traceroute(1)) ipcad server using RSH, such attempts
may fail.
rsh timeout = <seconds>;
Set rsh timeout for the same purpose.
dumpfile = <filename>;
Dump memory table to this file on exit and read on startup (refer
to ipcad(8) and read about -s and -r options).
NOTE: This setting has no effect on NetFlow operation. The contents
of the flow cache are flushed to the collector upon ipcad termina-
tion.
NetFlow export configuration
netflow export destination <collector-ip> <collector-port>;
Enable NetFlow information export to the specified destination. By
default, ipcad does not export NetFlow information.
netflow export version { 1 | 5 };
Specify the NetFlow export format version. By default, version 5 is
used.
netflow export timeout active <time-minutes>;
Configure the timer to expire active flows after the given value in
minutes.
netflow export timeout inactive <time-seconds>;
Configure the timer to expire inactive flows after the given value
in seconds.
Other options:
memory_limit = <number> [{ k | m | e }] ;
Defines a memory limit for storing the per-stream associations.
Shortcuts are for kilobytes, megabytes or entries respectively.
chroot = </path>;
Chroot to this directory before processing.
uid = <number>;
Set this uid to be safe in the long run. Please change it if you're
aware of the consequences. RSH service will NOT work if process is
not privileged. Default is to not to change privileges.
gid = <number>;
Set this gid to be safe in the long run. Default is not to change
privileges.
pidfile = <filename>;
File to keep the process PID in it. ipcad will also hold a lock.
Creation of the PID file is done after chroot()'ing.
SEE ALSO
ipcad(8).
AUTHORS
Lev Walkin <vlm@lionet.info>
May 25, 2001