NAME

DESCRIPTION

CURRENT IMPLEMENTATION LIMITATIONS

- Same configuration for each read and input

Currently the configuration for filter, timing, context and client_pool affects all read and input. In the future this may be split up so that each read and input can have different configuration.

- Only one client_pool target

Currently there can only be one target for all queries. In the future this may be change to be able to give multiple targets and different ways to distribute the queries amongst them.

- Send from IP/interface

Currently there is no way to specify from where the queries should be sent, instead it is up to the OS to decide that. In the future there will be ways to specify this, sending from different interfaces and/or ranges of IP addresses.

CONFIGURATION

log FACILITY [ LEVEL ] ;

Enable logging for facility, optional log level can be given to enable just that. Can be given multiple times and will be processed in the given order. See LOGGING for more information.

nolog FACILITY [ LEVEL ] ;

Disable logging for facility, optional log level can be given to disable just that. Can be given multiple times and will be processed in the given order. See LOGGING for more information.

read " FILE " ;

Read packets from PCAP file, can be given multiple times. Each read counts as a context and will use the given configuration for starting with context.

input " INTERFACE " ;

Capture packets from interface, can be given multiple times. Each input counts as a context and will use the given configuration for starting with context.

filter " FILTER " ;

Set the Berkeley Packet Filter to use, this will be applied on all read and input.

timing ignore ;

Set the timing mode to ignore all timings and try to send traffic as fast as possible.

timing keep ;

Set the timing mode to try and keep up with interval between the traffic received, will give a warning if it can't keep up sending it out at the same rate. This is the default timing mode if none is specified.

timing best_effort ;

This mode is deprecated and is the same as keep. Will be removed in future major release.

timing add NANOSECONDS ;

Set the timing mode to add the given nanoseconds to the interval between the traffic received.

timing reduce NANOSECONDS ;

Set the timing mode to reduce the interval between the traffic received with the given nano seconds, will give a warning if it can't keep up sending it out at the new rate.

timing multiply MULTIPLY_AS_FLOAT ;

Set the timing mode to multiply the interval between the traffic received, this can be thought as percent with 1.00 being 100% of the interval, 2.00 being 200%, 0.10 being 10% and so on. Will give a warning if it can't keep up sending it out at the new rate.

context client_pools NUMBER ;

Set the number of client pools to use per context (a context is a read or input), default is 1. Each client pool will spin up a thread for sending and receiving and will use the given configuration starting with client_pool. As each read and input will each use this amount of client pools it may be good that the total amount does not exceed the number of CPU cores available.

client_pool target " IP_OR_HOSTNAME " " SERVICE_OR_PORT ";

Set the target of the client pools, where to send the traffic.

client_pool max_clients NUMBER ;

Set the maximum clients each client pool can have, default 100. Each client will use a TCP or UDP port depending on the traffic read/captured, filter and client_pool sendas. The total amount of ports used will be this value * number of read and input * context client_pools and it is advised to keep this within the available ports/file descriptors for the running user.

client_pool client_ttl SECONDS_AS_FLOAT ;

Set the time a client lives for, this is used to timeout clients in case the target does not answer. Default value is 0.05. Specified as a float meaning 0.2 would be 200 milliseconds.

client_pool skip_reply ;

Enables a mode where replies are ignored and client is considered successful after just sending.

client_pool max_reuse_clients NUMBER ;

Set the maximum clients to save for reuse, this only applies to protocol that can be reused. Default value is 20.

client_pool sendas < original | udp | tcp > ;

Set how to send the traffic, default is original which sends the traffic with the same protocol it was received with.

LOGGING

log all; nolog network debug;

The following logging facilities exists:

core

Log messages about initializing, configuration and start up.

network

Log messages about network related tasks.

all

Log messages for all facilities, this is only used to configure logging.

The following logging level exists for all facilities:

debug

Log messages about the very inner workings, use with caution since it generates a lot of messages.

info

Log messages of the informational kind that may not be interesting in normal operation.

notice

Log messages of the informational kind that may be interesting in normal operation.

warning

Log message of the warning kind that indicates possible disruption in operation.

error

Log messages of the error kind that will most likely result in termination of operation.

critical

Log messages of the critical kind that indicates termination of operation.

all

Log messages for all levels, this is only used to configure logging.

SEE ALSO

AUTHORS

Maintained by DNS-OARC

BUGS

For question and help please use: