netio — format of netio component configuration
General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the netio component configuration.
Repeatable sections/items are marked by
the '*' before section/item name.
Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).
Configuration of netio library component consists of following prototypes:
sock-opt { ... }
* ip-tos-from ... ;
ip-tos-received ... ;
ip-tos-to { ... }
ip-tos-to-client { ... }
ip-tos-to-server { ... }
sock-opt {
conn-timeout ... ;
recv-timeout ... ;
recv-bufsize ... ;
send-timeout ... ;
close-timeout ... ;
send-bufsize ... ;
log-limit ... ;
}
Network I/O Module Attributes.
conn-timeout [seconds];Maximum connection time.
seconds (type: uint16, optional, default: 75)Timeout must not be set to zero.
recv-timeout [seconds];Maximum socket read time.
seconds (type: uint16, optional, default: 120)Timeout must not be set to zero.
recv-bufsize [bytes];Input buffer size.
bytes (type: uint32, optional, default: 16384)send-timeout [seconds];Maximum socket write wait time.
seconds (type: uint16, optional, default: 120)Timeout must not be set to zero.
close-timeout [seconds];Maximum time for waiting for the peer to close its half of the TCP connection after the proxy has closed its half. If set to zero, the peer gets TCP reset whenever it does not close the connection earlier than the proxy.
seconds (type: uint16, optional, default: 5)send-bufsize [bytes];Output buffer size.
bytes (type: uint32, optional, default: 16384)log-limit bytes;Per block data limit for full log.
bytes (type: uint32)Default for this value is set by the DATA-LIMIT item in the proxy LOG section.
[End of section sock-opt description.]
ip-tos-from val;Testing an IP TOS value of received packets.
val (type: uint8-set)ip-tos-received [mask mask] [add add];Send a possibly modified received IP TOS value. The value used for for sending will be (RECEIVED & MASK) | ADD.
mask mask (type: uint8, optional, default: 255)A mask of bits used from the received value.
add add (type: uint8, optional, default: 0)A mask of bits added to the value to be sent.
ip-tos-to {
fixed ... ;
received ... ;
other ... ;
}
Set an IP TOS value for sent packets.
fixed [val];Use a fixed TOS value.
val (type: uint8, optional, default: 0)received [mask mask] [add add];Use a value received from this connection.
mask mask (type: uint8, optional, default: 255)A mask of bits used from the received value.
add add (type: uint8, optional, default: 0)A mask of bits added to the value to be sent.
other [mask mask] [add add];Use a value received from the other connection.
mask mask (type: uint8, optional, default: 255)A mask of bits used from the received value.
add add (type: uint8, optional, default: 0)A mask of bits added to the value to be sent.
[End of section ip-tos-to description.]
ip-tos-to-client {
fixed ... ;
received ... ;
other ... ;
}
Set an IP TOS value for packets sent to the client. If OTHER is specified, it will be set only after a connection to the server is established. Until then, the value specified by FIXED or RECEIVED (from the client) will be used.
ip-tos-to-client section is derived from
ip-tos-to section prototype.
For detail description of it, see above.
ip-tos-to-client section:Only one of FIXED and RECEIVED may be specified.
ip-tos-to-server {
fixed ... ;
received ... ;
other ... ;
}
Set an IP TOS value for packets sent to the server.
ip-tos-to-server section is derived from
ip-tos-to section prototype.
For detail description of it, see above.
ip-tos-to-server section:Only one of FIXED, RECEIVED, and OTHER may be specified.