Configuration file

Skydive is based on an unique binary and configuration file for the Agent and Analyzer. Each Agent and Analyzer have his own section.

A configuration example can be found (here)[]


To secure communication between Agent(s) and Analyzer, Skydive relies on TLS communication with strict cross validation. TLS communication can be enabled by defining X509 certificates in their respective section in the configuration file, like :

  X509_cert: /etc/ssl/certs/
  X509_key:  /etc/ssl/certs/

  X509_cert: /etc/ssl/certs/
  X509_key:  /etc/ssl/certs/

Generate the certificates

Certificate Signing Request (CSR)

openssl genrsa -out analyzer/ 2048
chmod 400 analyzer/
openssl req -new -key analyzer/ -out analyzer/ -subj "/CN=skydive-analyzer" -config skydive-openssl.cnf

Analyzer (Server certificate CRT)

yes '' | openssl x509 -req -days 365  -signkey analyzer/ -in analyzer/ -out analyzer/ -extfile skydive-openssl.cnf -extensions v3_req
chmod 444 analyzer/

Agent (Client certificate CRT)

openssl genrsa -out agent/ 2048
chmod 400 agent/
yes '' | openssl req -new -key agent/ -out agent/ -subj "/CN=skydive-agent" -config skydive-openssl.cnf
openssl x509 -req -days 365 -signkey agent/ -in agent/ -out agent/ -extfile skydive-openssl.cnf -extensions v3_req


distinguished_name = req_distinguished_name
req_extensions = v3_req

countryName = Country Name (2 letter code)
countryName_default = FR
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Paris
localityName = Locality Name (eg, city)
localityName_default = Paris
organizationalUnitName	= Organizational Unit Name (eg, section)
organizationalUnitName_default	= Skydive Team
commonName =
commonName_max	= 64

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:TRUE
keyUsage = digitalSignature, keyEncipherment, keyCertSign
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @alt_names

DNS.1 =
DNS.2 =
DNS.3 = localhost
IP.1 =
IP.2 =
IP.3 =