summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-05-15 01:51:29 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2012-08-01 19:20:06 +0200
commit5e8f64f46cb1dd71b0a94cb7dad87da00b8c5e32 (patch)
tree49a4e4123ca5be197a2f33ce87289db9d7af5880 /doc
parent5a0d0ecf30fb1686cfb10aaa852fee9c8ed4360a (diff)
conntrackd: add cthelper infrastructure (+ example FTP helper)
This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/helper/conntrackd.conf82
1 files changed, 82 insertions, 0 deletions
diff --git a/doc/helper/conntrackd.conf b/doc/helper/conntrackd.conf
new file mode 100644
index 0000000..711b309
--- /dev/null
+++ b/doc/helper/conntrackd.conf
@@ -0,0 +1,82 @@
+#
+# Helper settings
+#
+
+Helper {
+ # Before this, you have to make sure you have registered the `ftp'
+ # user-space helper stub via:
+ #
+ # nfct helper add ftp inet tcp
+ #
+ Type ftp inet tcp {
+ #
+ # Set NFQUEUE number you want to use to receive traffic from
+ # the kernel.
+ #
+ QueueNum 0
+ #
+ # Set the Expectation policy for this helper.
+ #
+ Policy ftp {
+ #
+ # Maximum number of simultaneous expectations
+ #
+ ExpectMax 1
+ #
+ # Maximum living time for one expectation (in seconds).
+ #
+ ExpectTimeout 300
+ }
+ }
+}
+
+#
+# General settings
+#
+General {
+ #
+ # Set the nice value of the daemon, this value goes from -20
+ # (most favorable scheduling) to 19 (least favorable). Using a
+ # very low value reduces the chances to lose state-change events.
+ # Default is 0 but this example file sets it to most favourable
+ # scheduling as this is generally a good idea. See man nice(1) for
+ # more information.
+ #
+ Nice -20
+
+ #
+ # Select a different scheduler for the daemon, you can select between
+ # RR and FIFO and the process priority (minimum is 0, maximum is 99).
+ # See man sched_setscheduler(2) for more information. Using a RT
+ # scheduler reduces the chances to overrun the Netlink buffer.
+ #
+ # Scheduler {
+ # Type FIFO
+ # Priority 99
+ # }
+
+ #
+ # Logfile: on (/var/log/conntrackd.log), off, or a filename
+ # Default: off
+ #
+ LogFile on
+
+ #
+ # Syslog: on, off or a facility name (daemon (default) or local0..7)
+ # Default: off
+ #
+ #Syslog on
+
+ #
+ # Lockfile
+ #
+ LockFile /var/lock/conntrack.lock
+
+ #
+ # Unix socket configuration
+ #
+ UNIX {
+ Path /var/run/conntrackd.ctl
+ Backlog 20
+ }
+}