-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathmmt-5greplay.conf
105 lines (90 loc) · 4.36 KB
/
mmt-5greplay.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# option only when using DPDK to capture packets or to forwarding packets
dpdk-option = "--syslog=syslog --log-level=5 -c 0x55555555555"
#root stack of network protocol
# for Ethernet: 1
# for ieee802154: 800
# for Linux cooked capture: 624
stack-type = 1
input {
# in case for PCAP the input mode can be ONLINE or OFFLINE, however for DPDK it's only ONLINE
mode = ONLINE
# input source for PCAP online mode (interface name) and for offline mode (pcap name),
# however for DPDK its interface port number
# in DPDK mode, MMT supports also multi-port inputs,
# - e.g., source="0,1" will tell MMT to capture packets on port 0 and 1
# - MMT will aggregate traffic on these 2 ports, thus 2 packets of one flow can be received on 2 different ports
source = "lo"
# maximal size of a packet
snap-len = 65535 #
}
output {
enable = false
output-dir = "./" # Location where files are written:
sample-interval = 5 #a new sample file is created each x seconds given by output.cache-period
report-description = true # true to include rule's description into the alert reports,
# otherwise it will be excluded (thus rules's descriptions will be an empty string in the reports)
# Excluding rules's descriptions will reduce the size of reports.
}
engine {
thread-nb = 0 # the number of security threads per one probe thread , e .g . , if we have 16 probe threads and thread-nb = x ,
# then x*16 security threads will be used .
# If set to zero this means that the security analysis will be done by the threads of the probe .
exclude-rules = "" # Range of rules to be excluded from the verification
rules-mask = "" # Mapping of rules to the security threads:
# Format: rules-mask = (thread-index:rule-range);
# thread-index = a number greater than 0
# rule-range = number greater than 0, or a range of numbers greater than 0.
# Example: If we have thread-nb = 3 and "(1:1,2,4-6)(2:3)" ,
# this means that:
# thread 1 verifies rules 1 ,2 ,4 ,5 ,6;
# thread 2 verifies only rule 3; and
# thread 3 verifies the rest
# Note: if we have thread-nb = 2 and "(1:1)(2:3)", then only rules 1 and 3 are verified (the others are not)
ip-encapsulation-index = LAST # If traffic is ip-in-ip, this option selects which IP will be analysed.
# - FIRST: first ip in the protocol hierarchy
# - LAST: last ip in the protocol hierarchy
# - i: i-th ip in ther protocol hierarchy.
# For example, given ETH.IP.UDP.GTP.IP.TCP.VPN.IP.SSL,
# - FIRST, or 1, indicates IP after ETH
# - LAST, or any number >= 3, indicates IP after VPN
# - 2 indicates IP after GTP
# NOTE: this option will be ignored in non ip-in-ip traffic
# number of fsm instances of one rule
max-instances = 100000
}
# A mem_pool contains several pools. Each pool stores several blocks of memory
# having the same size.
# This parameter set the maximum elements of a pool.
mempool {
# This parameter set the Maximum bytes of a pool: 2 GBytes
max-bytes = 2000000000
# Max number of elements in a pool
max-elements = 1000
# maximum size, in bytes, of a report received from mmt-probe
max-message-size = 3000
# Number of reports can be stored in a ring buffer
smp-ring-size = 1000
}
# Beside inject packets to the outgoing NIC, we can save it into a pcap file
dump-packet
{
enable = false # set to true/false to enable/disable dumping packet
output-file = "./pcap/dump.pcap" # Location where the file will be located
}
forward
{
enable = true
output-nic = "lo"
nb-copies = 1024 #number of copies of a packet to be sent
snap-len = 0 #specifies the snapshot length to be set on the handle.
promisc = 1 #specifies whether the interface is to be put into promiscuous mode. If promisc is non-zero, promiscuous mode will be set, otherwise it will not be set.
default = DROP #default action when packets are not selected/satisfied by any rule
# either FORWARD to forward the packets or DROP to drop the packets
#forward packets to a target using SCTP protocol: 5Greplay will be a SCTP client,
# - it connects to the given "sctp-host" at "sctp-port"
# - the SCTP packets' payload will be sent to the target using this SCTP connection
# target-protocols = { SCTP, UDP, HTTP2}
# target-hosts = { "127.0.0.5", "127.0.0.7", "127.0.0.7" }
# target-ports = { 38412, 2152, 8080 }
bind-ip = "127.0.0.1" #bind sockets on a specific NIC which is given via its IP
}