Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
IPCAD.CONF(5)		  FreeBSD File Formats Manual		 IPCAD.CONF(5)

     ipcad.conf	-- ipcad configuration file


     The file /usr/local/etc/ipcad.conf	contains configuration information for
     the ipcad(8) daemon.  The ipcad.conf file consists	of a series of config-
     uration options describing	the interfaces on which	ipcad should be	lis-
     tening and	other configuration data.

   Global configuration
     capture-ports { enable | disable };

	   Make	ipcad account for UDP/TCP ports, IP protocol and ICMP types on
	   a per-interface basis.  This	setting	is relevant for	RSH and	inter-
	   active export methods only.	Capturing UDP and TCP is  disabled  by
	   default  to	maintain historic RSH output format compatibility.  To
	   selectively enable capturing	ports on certain  interfaces,  specify
	   the	capture-ports  between the appropriate interface configuration

     buffers = <number>	[{ k | m }] ;

	   Defines a buffer size to use	for transferring  the  data  from  the
	   kernel. Using larger	buffers	may increase the performance by	lower-
	   ing the number of expensive context switches, whereas using smaller
	   values improves responsiveness.

	   NOTE: This option has no effect on NetFlow operation.

   Interface configuration
     interface <face> [promisc]	[input-only] [netflow-sampled]
     [netflow-disable] [filter "<pcap_filter>"]	;

	   Listen on specified interface using	BPF  or	 PCAP  packet  source.
	   (Please refer to the	Interface options section below).

     interface ulog group <group> [, group <group> ...]	[netflow-sampled]
     [netflow-disable] ;

	   Use Linux iptables' ULOG interface for packet capturing. You	should
	   configure  the iptables to forward the packets into the appropriate

		 iptables -A OUTPUT -j ULOG --ulog-nlgroup <group>

   Interface options:
     promisc: Put interface into promiscuous mode.  This enables listening for
     the packets which are not destined	for this host and thus ipcad will
     count and display all the traffic within the local	network. Note that the
     interface might be	in promiscuous mode for	some other reason.

     input-only: Use kernel feature of counting	only incoming packets.

     NOTE: "input-only"	directive must be supported by kernel.	Probably, you
     were noticed about	it during the compilation process if it	was not	sup-
     ported.  FreeBSD 3.x and elder kernels do not support this	feature.

     netflow-sampled: If the NetFlow export mechanism is used, this option in-
     structs the interface to supply only one out of N packets to the NetFlow
     accounting	code, thus lowering the	CPU and	memory requirements.  The
     value of N	is configured explicitly in a NetFlow configuration section.

     NOTE: This	option is NOT used to enable NetFlow on	the interface, it just
     modifies the NetFlow behavior on this interface.

     netflow-disable: By default, all interfaces are included into NetFlow ac-
     counting.	This option is used to disable NetFlow accounting on a partic-
     ular interface.

     filter: Install a custom filter on	packets	instead	of basic IP protocol
     filter. Requires libpcap (even if BPF is being used).  May	be employed to
     eliminate CPU overhead on passing unnecessary data	between	the kernel and
     user space	(by installing the filter directly into	the kernel).

   IP aggregation
     aggregate <ip>/<masklen> strip <maskbits>;

	   Aggregate addresses from the	specified network (<ip>/<masklen>), by
	   AND'ing  with specified mask	(<maskbits>). Use of aggregation helps
	   to save memory space	and recomendeed	for efficiency.

     aggregate <port_from>-<port_to> into <port>;

     aggregate <port> into <port>;

	   Aggregate specified UDP/TCP ports range into	a given	 port  number.
	   Use	of  aggregation	helps to save memory space and recomendeed for

   RSH server configuration
     rsh { enable | disable } [at <listen_ip>];

	   Enable/disable RSH server  (disabled	 by  default).	Optionally,  a
	   server's IP address may be specified.

     rsh [[<user>@]<host_addr>]	[access] ;

	   Specifies an	rsh access list	entry.	access values are:

		 admin	   Can shutdown	ipcad

		 backup	   Can dump/restore/import accounting tables

		 default   Can view and	modify accounting tables

		 view-only Can view accounting tables

		 deny	   Deny	all activity

     rsh ttl = <ttl>;

	   Keep	 the  IP  time to live (TTL) value reasonably low to lower the
	   possibility of remote attacks. Default is 3.	This means that	if you
	   are	trying	to  gather IP accounting from a	distant	(a few network
	   "hops", see traceroute(1)) ipcad server using  RSH,	such  attempts
	   may fail.

     rsh timeout = <seconds>;

	   Set rsh timeout for the same	purpose.

     dumpfile =	<filename>;

	   Dump	 memory	 table to this file on exit and	read on	startup	(refer
	   to ipcad(8) and read	about -s and -r	options).

	   NOTE: This setting has no effect on NetFlow operation. The contents
	   of  the flow	cache are flushed to the collector upon	ipcad termina-

   NetFlow export configuration
     netflow export destination	<collector-ip> <collector-port>;

	   Enable NetFlow information export to	the specified destination.  By
	   default, ipcad does not export NetFlow information.

     netflow export version { 1	| 5 };

	   Specify the NetFlow export format version. By default, version 5 is

     netflow export timeout active <time-minutes>;

	   Configure the timer to expire active	flows after the	given value in

     netflow export timeout inactive <time-seconds>;

	   Configure  the timer	to expire inactive flows after the given value
	   in seconds.

   Other options:
     memory_limit = <number> [{	k | m |	e }] ;

	   Defines a memory limit for  storing	the  per-stream	 associations.
	   Shortcuts are for kilobytes,	megabytes or entries respectively.

     chroot = </path>;

	   Chroot to this directory before processing.

     uid = <number>;

	   Set this uid	to be safe in the long run. Please change it if	you're
	   aware of the	consequences. RSH service will NOT work	if process  is
	   not privileged. Default is to not to	change privileges.

     gid = <number>;

	   Set	this  gid to be	safe in	the long run. Default is not to	change

     pidfile = <filename>;

	   File	to keep	the process PID	in it. ipcad will also	hold  a	 lock.
	   Creation of the PID file is done after chroot()'ing.


     Lev Walkin	<>

				 May 25, 2001


Want to link to this manual page? Use this URL:

home | help