ica — format of ica component configuration
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the ica component configuration.
Repeatable sections/items are marked by
the '*' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.
The following enumerations are used in ica configuration directives:
ip-version (see common(5))osi4-proto (see common(5))listen-on-sock (see listen-on(5))Configuration of ica library component consists of following prototypes:
icamd { ... }
icasd { ... }
icamd {
phase ... ;
* tag ... ;
listen-on { ... }
priv-key ... ;
* slave name { ... }
}
Kernun inter-node communication master. ICAM allows this node to control other KERNUN device(s), which run the ICAS daemon.
Listen-on must be specified.
Private key must be specified.
phase [number];Application Startup Phase.
number (type: uint8, optional, default: 20)Phase number; the lower one, the earlier start.
tag value;Configuration factorization tag.
This feature allows admin to create groups of Kernun applications (specially proxies and servers) according to various aspects (belonging to one customer, applications of particular network traffic etc.).
Each application can have several tag attributes and the KAT tool can run some commands (like 'ps', 'start' atc.) for applications with or without given tag.
value (type: str)Tag must contain letters, digits, hyphens and dots, only.
listen-on {
* socket ... ;
}
listen-on section is derived from
listen-on section prototype.
For detail description of it, see listen-on(5).
listen-on section:Item non-transparent used as socket.
Item transparent is not valid.
At least one address to listen on must be specified.
socket (see listen-on(5))Element version is optional, default: ipv4=4.
Element proto is optional, default: tcp.
priv-key id-rsa;Private SSH key used by the icamd daemon
id-rsa (type: name of shared-file, see common(5))slave name {
pub-key ... ;
}
ICAS slave allowed to connect to this master
Public key must be specified.
pub-key id-rsa-pub;Public SSH key of the slave used to check its identity
id-rsa-pub (type: name of shared-file, see common(5))[End of section icamd.slave description.]
[End of section icamd description.]
icasd {
phase ... ;
* tag ... ;
priv-key ... ;
* master name { ... }
}
Kernun inter-node communication slave. ICAS allows this node to be controlled by other KERNUN device(s), which run the ICAM daemon.
Private key must be specified.
phase [number];Application Startup Phase.
number (type: uint8, optional, default: 20)Phase number; the lower one, the earlier start.
tag value;Configuration factorization tag.
This feature allows admin to create groups of Kernun applications (specially proxies and servers) according to various aspects (belonging to one customer, applications of particular network traffic etc.).
Each application can have several tag attributes and the KAT tool can run some commands (like 'ps', 'start' atc.) for applications with or without given tag.
value (type: str)Tag must contain letters, digits, hyphens and dots, only.
priv-key id-rsa;Private SSH key used by the icas daemon
id-rsa (type: name of shared-file, see common(5))master name {
addr ... ;
pub-key ... ;
}
ICAS master to connect to
Address of the icas daemon must be specified.
Public key must be specified.
addr addr;Address and port to connect to
addr (type: sock)pub-key id-rsa-pub;Public SSH key of the master used to check its identity
id-rsa-pub (type: name of shared-file, see common(5))[End of section icasd.master description.]
[End of section icasd description.]