###############################################################################
#                                                                             #
#   Copyright 2005 University of Cambridge Computer Laboratory.               #
#                                                                             #
#   This file is part of Nprobe.                                              #
#                                                                             #
#   Nprobe is free software; you can redistribute it and/or modify            #
#   it under the terms of the GNU General Public License as published by      #
#   the Free Software Foundation; either version 2 of the License, or         #
#   (at your option) any later version.                                       #
#                                                                             #
#   Nprobe is distributed in the hope that it will be useful,                 #
#   but WITHOUT ANY WARRANTY; without even the implied warranty of            #
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the             #
#   GNU General Public License for more details.                              #
#                                                                             #
#   You should have received a copy of the GNU General Public License         #
#   along with Nprobe; if not, write to the Free Software                     #
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA #
#                                                                             #
###############################################################################


###############################################################################
##
## PROBE_CONFIG
##
## PROBE CONFIGURATION
##  - PROCESSED TO GENERATE PROBE_CONFIG.C/H
##
###############################################################################

##
## HOW TO DEAL WITH PORT-IDENTIFIED SERVICES
##
##  SYNTAX:
##	
##	<Port> <Transport> <Service control block> [ [no] hdrs | pkts | payload ]
##
##	Optional fields 4 -10 configure the probe to dump all packets, collect
##	 TCP header fields, dump TCP payloads, or to turn these options off. 
##      NOTE that these options override the same options provided with the 
##       relevant control block.
##
##	If not configured here all packets are handled by a default handler 
##       specified by the port number 'Default'. If no default handler is 
##       specified the default default handlers tcp_other_serv_control_na and 
##       udp_other_serv_control_na are used (which effectively do nothing)
##

80 tcp tcp_http_serv_control hdrs no pkts
8008 tcp tcp_http_serv_control
8080 tcp tcp_http_serv_control
#179 tcp tcp_bgp_serv_control
#21 tcp tcp_ftp_serv_control
#20 tcp tcp_ftp_data_serv_control
#554 tcp tcp_rtsp_serv_control
#8554 tcp tcp_rtsp_serv_control
#7070 tcp tcp_pnm_serv_control
#23 tcp tcp_telnet_serv_control
#25 tcp tcp_smtp_serv_control
#110 tcp tcp_pop3_serv_control
#119 tcp tcp_nntp_serv_control
#139 tcp tcp_netbios_ssn_serv_control
#9000 tcp tcp_test_serv_control

#53 udp udp_ns_serv_control no pkts no hdrs
#2049 udp udp_nfs_serv_control

#Default tcp tcp_other_serv_control_summary # record summary of connections
#Default tcp tcp_other_serv_control_open_summary # - ditto + open record

#
# Here we specify the default default in order to dump TCP payloads
#
#Default tcp tcp_other_serv_control_na payload

###############################################################################

##
## FORMAT TO SAVE DUMP FILES IN - options are:
##
## SYNTAX: dump_linktype = <ether | nprobe>
##
##	<nprobe> (default) - only readable by tdump, but will understand error
##	  codes for dumped error packets
##	<ether> - readable by any tcpdump but won't understand error codes
##	  Note that LLC/MAC headers will not be accurately reported.
##
## Probably best to use nprobe format except when probe is configured to dump
##  some category of non-error packets eg. all to some particular port.
##

dump_linktype = nprobe

###############################################################################

##
## WHAT NON-ERROR PACKETS TO DUMP BY PROTOCOL (as opposed to port - see above).
## Default is none, options are <all> <ip> <non-ip> <tcp> <udp> <icmp>, and
##  combinations.
##
##
## SYNTAX: dump <[all] [ip] [non-ip] [tcp] [udp] [icmp]>
##

#dump non-ip	tcp
#dump udp
#dump ip

###############################################################################

##
## USE OR NEGATE TCP_QUICKCLOSE - minimises concurrently tracked TCP 
##  connections by dumping and blowing away state as soon as payload completed 
##  - otherwise tracks and records full 4-way handshake.
##
## SYNTAX: [no] tcp  quick_close
##
## Default is ON
##

no tcp  quick_close

###############################################################################

##
## PROCESS TCP FLOWS WHERE INITIAL SYNs NOT seen (ie. in progress at probe 
##  start). Default is ON.
##
## SYNTAX: [no] tcp  accept_nosyn
##

no tcp accept_nosyn

###############################################################################

##
## SPECIFY DIRECTORY FOR SAVING LOG (.rep) AND DUMP (.dump) FILES.
##
## SYNTAX: log dir <dir>
## 
## Default is:
##
##	For wan (online monitor) '/local/scratch/nprobe/current/machine-name.x'
##	 - where x is the epoch time in seconds at run-start.
##
##	For owan (offline) directory containing tcpdump-format input file
##
 
#log dir /local/scratch/jch1003/ntmp

###############################################################################

##
## GENERATE HISTOGRAMS OF VARIOUS PROBE/ARRIVAL FUNCTIONS
##
## SYNTAX: histogram[s] <[gets] [fetches] [pkts] [hostwalk]
##

#histograms gets  fetches  pkts
#histogram hostwalk

###############################################################################

##
## SET OFFSET OF IP HEADER relative to claimed position when getting packet
##  from buffer pool. Caters for non-standard encapsulations and (current) lack
##  of LLC/MAC header awareness for intelligent header stripping.
##
## Ip offset should normally be 0 (default).
##
## SYNTAX: ip hdr offset <n>
##

ip hdr offset 0

###############################################################################

##
## FILTER OUT TRAFFIC EXCEPT TO SPECIFIED PORT.
##
## SYNTAX: port <n>
##
## Default is no filtering
##

#port 25345

###############################################################################

##
## SET REPORT/DUMP FILE SIZES (actually file-cycle trigger size).
##
## SYNTAX: <report | dump> file size <n> [K | M | G]
##
## Defaults are 64/8 MB
##


report file size 100M
#dump file size 2M

###############################################################################

##
## CONTROL DUMPING OF HTTP OBJECTS
##
## SYNTAX: http objects dump < n | 0 | -1>
##
##	n = dump n bytes of each object
##	0 = don't dump (default)
##	-1 = dump whole object
##

#http objects dump 20

###############################################################################
