ConfigFileFormat » History » Version 10
Alex Afanasyev, 04/19/2014 09:16 PM
| 1 | 2 | Junxiao Shi | # Config file format |
|---|---|---|---|
| 2 | 1 | Alex Afanasyev | |
| 3 | 3 | Junxiao Shi | Initial state of NFD daemon is configured using an [INFO file](http://www.boost.org/doc/libs/1_42_0/doc/html/boost_propertytree/parsers.html#boost_propertytree.parsers.info_parser). |
| 4 | 1 | Alex Afanasyev | |
| 5 | ## Example configuration |
||
| 6 | |||
| 7 | 9 | Anonymous | ; the general section contains settings of nfd process |
| 8 | general |
||
| 9 | 3 | Junxiao Shi | { |
| 10 | 9 | Anonymous | |
| 11 | 1 | Alex Afanasyev | } |
| 12 | |||
| 13 | 9 | Anonymous | log |
| 14 | { |
||
| 15 | ; default_level specifies the logging level for modules |
||
| 16 | ; that are not explicitly named. All debugging levels |
||
| 17 | ; listed above the selected value are enabled. |
||
| 18 | ; |
||
| 19 | ; Valid levels: |
||
| 20 | ; |
||
| 21 | ; NONE ; no messages |
||
| 22 | ; ERROR ; error messages |
||
| 23 | ; WARN ; warning messages |
||
| 24 | ; INFO ; informational messages (default) |
||
| 25 | ; DEBUG ; debugging messages |
||
| 26 | ; TRACE ; trace messages (most verbose) |
||
| 27 | ; ALL ; all messages |
||
| 28 | |||
| 29 | default_level WARN |
||
| 30 | |||
| 31 | ; You may override default_level by assigning a logging level |
||
| 32 | ; to the desired module name. Module names can be found in two ways: |
||
| 33 | ; |
||
| 34 | ; Run: |
||
| 35 | ; nfd --modules |
||
| 36 | ; |
||
| 37 | ; Or look for NFD_LOG_INIT(<module name>) statements in .cpp files |
||
| 38 | |||
| 39 | FibManager DEBUG |
||
| 40 | Forwarder INFO |
||
| 41 | } |
||
| 42 | |||
| 43 | 3 | Junxiao Shi | ; the face_system section defines what faces and channels are created |
| 44 | face_system |
||
| 45 | { |
||
| 46 | ; the unix section contains settings of UNIX stream faces and channels |
||
| 47 | unix |
||
| 48 | { |
||
| 49 | listen yes ; set to 'no' to disable UNIX stream listener, default 'yes' |
||
| 50 | path /var/run/nfd.sock ; UNIX stream listener path |
||
| 51 | } |
||
| 52 | |||
| 53 | ; the tcp section contains settings of TCP faces and channels |
||
| 54 | tcp |
||
| 55 | { |
||
| 56 | listen yes ; set to 'no' to disable TCP listener, default 'yes' |
||
| 57 | port 6363 ; TCP listener port number |
||
| 58 | } |
||
| 59 | |||
| 60 | ; the udp section contains settings of UDP faces and channels |
||
| 61 | udp |
||
| 62 | { |
||
| 63 | port 6363 ; UDP unicast port number |
||
| 64 | idle_timeout 30 ; idle time (seconds) before closing a UDP unicast face |
||
| 65 | keep_alive_interval 25; interval (seconds) between keep-alive refreshes |
||
| 66 | |||
| 67 | ; NFD creates one UDP multicast face per NIC |
||
| 68 | mcast yes ; set to 'no' to disable UDP multicast, default 'yes' |
||
| 69 | mcast_port 56363 ; UDP multicast port number |
||
| 70 | mcast_group 224.0.23.170 ; UDP multicast group (IPv4 only) |
||
| 71 | } |
||
| 72 | |||
| 73 | ; the ether section contains settings of Ethernet faces and channels |
||
| 74 | ether |
||
| 75 | 2 | Junxiao Shi | { |
| 76 | 3 | Junxiao Shi | ; NFD creates one Ethernet multicast face per NIC |
| 77 | mcast yes ; set to 'no' to disable Ethernet multicast, default 'yes' |
||
| 78 | 1 | Alex Afanasyev | mcast_group 01:00:5E:00:17:AA ; Ethernet multicast group |
| 79 | 3 | Junxiao Shi | } |
| 80 | 1 | Alex Afanasyev | } |
| 81 | |||
| 82 | 9 | Anonymous | ; the authorizations section grants privileges to authorized NDN certificates |
| 83 | 3 | Junxiao Shi | authorizations |
| 84 | { |
||
| 85 | 9 | Anonymous | ; an authorize section grants privileges to an NDN certificate |
| 86 | 3 | Junxiao Shi | authorize |
| 87 | { |
||
| 88 | 9 | Anonymous | keyfile "/tmp/cert1.ndncert" ; NDN identity certificate file |
| 89 | privileges ; set of privileges granted to this identity |
||
| 90 | 1 | Alex Afanasyev | { |
| 91 | 4 | Anonymous | fib |
| 92 | 3 | Junxiao Shi | stats |
| 93 | } |
||
| 94 | } |
||
| 95 | |||
| 96 | authorize |
||
| 97 | { |
||
| 98 | 9 | Anonymous | keyfile "/tmp/cert2.ndncert" ; NDN identity certificate file |
| 99 | privileges ; set of privileges granted to this identity |
||
| 100 | 3 | Junxiao Shi | { |
| 101 | 5 | Anonymous | faces |
| 102 | 3 | Junxiao Shi | } |
| 103 | } |
||
| 104 | } |
||
| 105 | 10 | Alex Afanasyev | |
| 106 | rib_security |
||
| 107 | { |
||
| 108 | ; This section defines the trust model for NFD RIB Management. It consists of rules and |
||
| 109 | ; trust-anchors, which are briefly defined in this file. For more information refer to |
||
| 110 | ; manpage of ndn-validator.conf: |
||
| 111 | ; |
||
| 112 | ; man ndn-validator.conf |
||
| 113 | ; |
||
| 114 | ; A trust-anchor is a pre-trusted certificate. This can be any certificate that is the |
||
| 115 | ; root of certification chain (e.g., NDN testbed root certificate) or an existing |
||
| 116 | ; default system certificate `default.ndncert`. |
||
| 117 | ; |
||
| 118 | ; A rule defines conditions a valid packet MUST have. A packet must satisfy one of the |
||
| 119 | ; rules defined here. A rule can be broken into two parts: matching & checking. A packet |
||
| 120 | ; will be matched against rules from the first to the last until a matched rule is |
||
| 121 | ; encountered. The matched rule will be used to check the packet. If a packet does not |
||
| 122 | ; match any rule, it will be treated as invalid. The matching part of a rule consists |
||
| 123 | ; of `for` and `filter` sections. They collectively define which packets can be checked |
||
| 124 | ; with this rule. `for` defines packet type (data or interest) and `filter` defines |
||
| 125 | ; conditions on other properties of a packet. Right now, you can only define conditions |
||
| 126 | ; on packet name, and you can only specify ONLY ONE filter for packet name. The |
||
| 127 | ; checking part of a rule consists of `checker`, which defines the conditions that a |
||
| 128 | ; VALID packet MUST have. See comments in checker section for more details. |
||
| 129 | |||
| 130 | rule |
||
| 131 | { |
||
| 132 | id "NRD Prefix Registration Command Rule" |
||
| 133 | for interest ; rule for Interests (to validate CommandInterests) |
||
| 134 | filter |
||
| 135 | { |
||
| 136 | type name ; condition on interest name (w/o signature) |
||
| 137 | regex ^[<localhop><localhost>]<nfd><rib>[<register><unregister>]<>{3}$ |
||
| 138 | } |
||
| 139 | checker |
||
| 140 | { |
||
| 141 | type customized |
||
| 142 | sig-type rsa-sha256 ; interest must have a rsa-sha256 signature |
||
| 143 | key-locator |
||
| 144 | { |
||
| 145 | type name ; key locator must be the certificate name of |
||
| 146 | ; the signing key |
||
| 147 | regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$ |
||
| 148 | } |
||
| 149 | } |
||
| 150 | } |
||
| 151 | rule |
||
| 152 | { |
||
| 153 | id "NDN Testbed Hierarchy Rule" |
||
| 154 | for data ; rule for Data (to validate NDN certificates) |
||
| 155 | filter |
||
| 156 | { |
||
| 157 | type name ; condition on data name |
||
| 158 | regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$ |
||
| 159 | } |
||
| 160 | checker |
||
| 161 | { |
||
| 162 | type hierarchical ; the certificate name of the signing key and |
||
| 163 | ; the data name must follow the hierarchical model |
||
| 164 | sig-type rsa-sha256 ; data must have a rsa-sha256 signature |
||
| 165 | } |
||
| 166 | } |
||
| 167 | trust-anchor |
||
| 168 | { |
||
| 169 | type file |
||
| 170 | file-name keys/default.ndncert ; the file name, by default this file should be placed in the |
||
| 171 | ; same folder as this config file. |
||
| 172 | } |
||
| 173 | ; trust-anchor ; Can be repeated multiple times to specify multiple trust anchors |
||
| 174 | ; { |
||
| 175 | ; type file |
||
| 176 | ; file-name keys/ndn-testbed.ndncert |
||
| 177 | ; } |
||
| 178 | } |