ZORP

NAME

SYNOPSIS

DESCRIPTION

The zorp command is the main entry point for a Zorp instance, as such it is generally called by zorpctl(8) with command line parameters specified in instances.conf(5).

OPTIONS

--version or -V

Display version a compilation information.

--as <name> or -a

Set instance name to <name>. Each log message is prefixed with this name.

--also-as <name> or -A

Add a secondary instance named <name>. Secondary instances share the same Zorp process but they have a separate section in the configuration file.

--policy <name> or -p

Use the file named <name> as policy. This file must be a valid policy file.

--verbose [num] or -v

Set verbosity level to [num], or if [num] is omitted increment it by one. Default the verbosity level is 3, and possible values include 0-10.

--pidfile [num] or -P

Set path to PID file where the pid of the main process is stored.

--foreground or -F

Do not daemonize, stay in foreground. This option is also implied by -l.

--no-syslog or -l

Instead of sending messages to the syslog, send it to the standard output.

--log-tags or -T

Prepend log category and level to each message.

--log-escape

Escape non-printable characters to avoid binary log files. Each character less than 0x20 and greater than 0x7F are escaped in the form <XX>.

--log-spec <spec> or -s

Set verbosity mask on a per category basis. Each log message has an assigned multi-level category, where levels are separated by a dot. For example HTTP requests are logged under http.request. spec is a comma separated list of log specifications. A single log specification consists of a wildcard matching log category, a colon, and a number specifying the verbosity level of that given category. Categories match from left to right.

Example: --logspec 'http.*:5,core:3'

The last matching entry will be used as the verbosity of the given category. If no match is found the default verbosity specified with --verbose is used.

--threads <num> or -t

Set the maximum number of threads that this Zorp instance may use concurrently.

--idle-threads <num> or -I

Set the maximum number of idle threads, this option has effect only if threadpools are enabled, see the option --threadpools.

--threadpools or -O

Enable the use of threadpools which means that threads associated with sessions are not automatically freed, only if the maximum number of idle threads is exceeded.

--uid <uid> or -u

Switch to the supplied uid after starting up.

--gid <gid> or -g

Switch to the supplied gid after starting up.

--chroot <dir> or -R

Change root to specified directory before reading configuration file. The directory must be set up accordingly.

--caps <caps> or -C

Switch to the supplied set of capabilities after starting up. This should contain the required capabilities in the permitted set. For the syntax of capability description see the man page cap_from_text(3).

--no-caps or -N

Do not change capabilities at all.

--tproxy <id> or -Y

Override autodetected proxy implementation. <id> can be one of the following: netfilter (TPROXY patch for netfilter), linux22 (standard Linux 2.2 transparent proxying), ipf (patched for transparent proxying).

--autobind-ip <IP address> or -B

The autobind parameter as required by the TPROXY support for the kernel. It must be an ip address of a local interface and should not clash with any real-world IP addresses. It is best assigned to a dummy interface.

--crypto-engine or -E

Set the OpenSSL crypto engine name to use for hardware accelerated crypto support.

--stack-size or -S

Set the maximum stack size used by threads. Note that the maximum number of parallel threads depends on the size specified here. The default size (256k) is enough for about 4000 parallel threads.

FILES

/etc/zorp/

/etc/zorp/policy.py

/etc/zorp/instances.conf

AUTHOR

Index

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

FILES

AUTHOR