# option only when using DPDK to capture packets or to forwarding packets
dpdk-option = "--syslog=syslog --log-level=5 -c 0x55555555555"
#root stack of network protocol
# for Ethernet: 1
# for ieee802154: 800
# for Linux cooked capture: 624
stack-type = 1
input {
# in case for PCAP the input mode can be ONLINE or OFFLINE, however for DPDK it's only ONLINE
mode = OFFLINE
# input source for PCAP online mode (interface name) and for offline mode (pcap name),
# however for DPDK its interface port number
# in DPDK mode, MMT supports also multi-port inputs,
# - e.g., source="0,1" will tell MMT to capture packets on port 0 and 1
# - MMT will aggregate traffic on these 2 ports, thus 2 packets of one flow can be received on 2 different ports
source = "lo"
# maximal size of a packet
snap-len = 65535 #
}
output {
enable = false
output-dir = "./" # Location where files are written:
sample-interval = 5 #a new sample file is created each x seconds given by output.cache-period
report-description = true # true to include rule's description into the alert reports,
# otherwise it will be excluded (thus rules's descriptions will be an empty string in the reports)
# Excluding rules's descriptions will reduce the size of reports.
}
engine {
thread-nb = 0 # the number of security threads per one probe thread , e .g . , if we have 16 probe threads and thread-nb = x ,
# then x*16 security threads will be used .
# If set to zero this means that the security analysis will be done by the threads of the probe .
exclude-rules = "2-200" # Range of rules to be excluded from the verification
rules-mask = "" # Mapping of rules to the security threads:
# Format: rules-mask = (thread-index:rule-range);
# thread-index = a number greater than 0
# rule-range = number greater than 0, or a range of numbers greater than 0.
# Example: If we have thread-nb = 3 and "(1:1,2,4-6)(2:3)" ,
# this means that:
# thread 1 verifies rules 1 ,2 ,4 ,5 ,6;
# thread 2 verifies only rule 3; and
# thread 3 verifies the rest
# Note: if we have thread-nb = 2 and "(1:1)(2:3)", then only rules 1 and 3 are verified (the others are not)
ip-encapsulation-index = LAST # If traffic is ip-in-ip, this option selects which IP will be analysed.
# - FIRST: first ip in the protocol hierarchy
# - LAST: last ip in the protocol hierarchy
# - i: i-th ip in ther protocol hierarchy.
# For example, given ETH.IP.UDP.GTP.IP.TCP.VPN.IP.SSL,
# - FIRST, or 1, indicates IP after ETH
# - LAST, or any number >= 3, indicates IP after VPN
# - 2 indicates IP after GTP
# NOTE: this option will be ignored in non ip-in-ip traffic
# number of fsm instances of one rule
max-instances = 100000
}
# A mem_pool contains several pools. Each pool stores several blocks of memory
# having the same size.
# This parameter set the maximum elements of a pool.
mempool {
# This parameter set the Maximum bytes of a pool: 2 GBytes
max-bytes = 2000000000
# Max number of elements in a pool
max-elements = 1000
# maximum size, in bytes, of a report received from mmt-probe
max-message-size = 3000
# Number of reports can be stored in a ring buffer
smp-ring-size = 1000
}
forward
{
enable = true
output-nic = "lo"
nb-copies = 2 #number of copies of a packet to be sent
snap-len = 0 #specifies the snapshot length to be set on the handle.
promisc = 1 #specifies whether the interface is to be put into promiscuous mode. If promisc is non-zero, promiscuous mode will be set, otherwise it will not be set.
default = FORWARD #default action when packets are not selected/satisfied by any rule
# either FORWARD to forward the packets or DROP to drop the packets
#forward packets to a target using SCTP protocol: MMT will be a SCTP client,
# - it connects to the given "sctp-host" at "sctp-port"
# - the SCTP packets' payload will be sent to the target using this SCTP connection
target-protocols = { SCTP, UDP}
target-hosts = { "127.0.0.5", "127.0.0.7" }
target-ports = { 38412, 2152 }
}
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent