Version 11 - History - ConfigFileFormat - NFD - NDN project issue tracking system

ConfigFileFormat » History » Version 11

Alex Afanasyev, 06/26/2014 06:24 PM

-Junxiao Shi
+# Config file format
 Alex Afanasyev
-Junxiao Shi
+Initial state of NFD daemon is configured using an [INFO file](http://www.boost.org/doc/libs/1_42_0/doc/html/boost_propertytree/parsers.html#boost_propertytree.parsers.info_parser).
 Alex Afanasyev
-Alex Afanasyev
+    ; The general section contains settings of nfd process.
-Alex Afanasyev
+    general
+    {
-Alex Afanasyev
+      ; Specify a user and/or group for NFD to drop privileges to
       ; when not performing privileged tasks. NFD does not drop
       ; privileges by default.
       ; user ndn-user
       ; group ndn-user
 Alex Afanasyev
     log
+    {
-Alex Afanasyev
+      ; default_level specifies the logging level for modules
       ; that are not explicitly named. All debugging levels
       ; listed above the selected value are enabled.
+      ;
       ; Valid values:
+      ;
       ;  NONE ; no messages
       ;  ERROR ; error messages
       ;  WARN ; warning messages
       ;  INFO ; informational messages (default)
       ;  DEBUG ; debugging messages
       ;  TRACE ; trace messages (most verbose)
       ;  ALL ; all messages
       default_level INFO
       ; You may override default_level by assigning a logging level
       ; to the desired module name. Module names can be found in two ways:
+      ;
       ; Run:
       ;   nfd --modules
       ;   nrd --modules
+      ;
       ; Or look for NFD_LOG_INIT(<module name>) statements in .cpp files
+      ;
       ; Example module-level settings:
+      ;
       ; FibManager DEBUG
       ; Forwarder INFO
 Alex Afanasyev
 Alex Afanasyev
     ; The tables section configures the CS, PIT, FIB, Strategy Choice, and Measurements
     tables
+    {
       ; ContentStore size limit in number of packets
       ; default is 65536, about 500MB with 8KB packet size
       cs_max_packets 65536
+    }
     ; The face_system section defines what faces and channels are created.
-Alex Afanasyev
+    face_system
+    {
-Alex Afanasyev
+      ; The unix section contains settings of UNIX stream faces and channels.
-Alex Afanasyev
+      unix
+      {
         listen yes ; set to 'no' to disable UNIX stream listener, default 'yes'
         path /var/run/nfd.sock ; UNIX stream listener path
+      }
 Alex Afanasyev
       ; The tcp section contains settings of TCP faces and channels.
-Alex Afanasyev
+      tcp
+      {
         listen yes ; set to 'no' to disable TCP listener, default 'yes'
         port 6363 ; TCP listener port number
-Alex Afanasyev
+        enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
         enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
 Alex Afanasyev
 Alex Afanasyev
       ; The udp section contains settings of UDP faces and channels.
       ; UDP channel is always listening; delete udp section to disable UDP
-Alex Afanasyev
+      udp
+      {
         port 6363 ; UDP unicast port number
-Alex Afanasyev
+        enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
         enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
         idle_timeout 600 ; idle time (seconds) before closing a UDP unicast face
-Alex Afanasyev
+        keep_alive_interval 25; interval (seconds) between keep-alive refreshes
 Alex Afanasyev
         ; UDP multicast settings
-Alex Afanasyev
+        ; NFD creates one UDP multicast face per NIC
 Alex Afanasyev
         ; In multi-homed Linux machines these settings will NOT work without
         ; root or settings the appropriate permissions:
+        ;
         ;    sudo setcap cap_net_raw=eip /full/path/nfd
+        ;
-Alex Afanasyev
+        mcast yes ; set to 'no' to disable UDP multicast, default 'yes'
         mcast_port 56363 ; UDP multicast port number
         mcast_group 224.0.23.170 ; UDP multicast group (IPv4 only)
+      }
 Alex Afanasyev
       ; The ether section contains settings of Ethernet faces and channels.
       ; These settings will NOT work without root or setting the appropriate
       ; permissions:
+      ;
       ;    sudo setcap cap_net_raw,cap_net_admin=eip /full/path/nfd
+      ;
       ; You may need to install a package to use setcap:
+      ;
       ; **Ubuntu:**
+      ;
       ;    sudo apt-get install libcap2-bin
+      ;
       ; **Mac OS X:**
+      ;
       ;    curl https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3373 -o ChmodBPF.tar.gz
       ;    tar zxvf ChmodBPF.tar.gz
       ;    open ChmodBPF/Install\ ChmodBPF.app
+      ;
       ; or manually:
+      ;
       ;    sudo chgrp admin /dev/bpf*
       ;    sudo chmod g+rw /dev/bpf*
-Alex Afanasyev
+      ether
+      {
-Alex Afanasyev
+        ; Ethernet multicast settings
-Alex Afanasyev
+        ; NFD creates one Ethernet multicast face per NIC
 Alex Afanasyev
-Alex Afanasyev
+        mcast yes ; set to 'no' to disable Ethernet multicast, default 'yes'
         mcast_group 01:00:5E:00:17:AA ; Ethernet multicast group
+      }
 Alex Afanasyev
       ; The websocket section contains settings of WebSocket faces and channels.
       websocket
+      {
         listen yes ; set to 'no' to disable WebSocket listener, default 'yes'
         port 9696 ; WebSocket listener port number
         enable_v4 yes ; set to 'no' to disable listening on IPv4 socket, default 'yes'
         enable_v6 yes ; set to 'no' to disable listening on IPv6 socket, default 'yes'
+      }
 Alex Afanasyev
 Alex Afanasyev
     ; The authorizations section grants privileges to authorized keys.
-Alex Afanasyev
+    authorizations
+    {
-Alex Afanasyev
+      ; An authorize section grants privileges to a NDN certificate.
-Alex Afanasyev
+      authorize
+      {
-Alex Afanasyev
+        ; If you do not already have NDN certificate, you can generate
         ; one with the following commands.
+        ;
         ; 1. Generate and install a self-signed identity certificate:
+        ;
         ;      ndnsec-keygen /`whoami` | ndnsec-install-cert -
+        ;
         ; Note that the argument to ndnsec-key will be the identity name of the
         ; new key (in this case, /your-username). Identities are hierarchical NDN
         ; names and may have multiple components (e.g. `/ndn/ucla/edu/alice`).
         ; You may create additional keys and identities as you see fit.
+        ;
         ; 2. Dump the NDN certificate to a file:
+        ;
         ;      sudo mkdir -p /usr/local/etc/ndn/keys/
         ;      ndnsec-cert-dump -i /`whoami` >  default.ndncert
         ;      sudo mv default.ndncert /usr/local/etc/ndn/keys/default.ndncert
+        ;
         ; The "certfile" field below specifies the default key directory for
         ; your machine. You may move your newly created key to the location it
         ; specifies or path.
         ; certfile keys/default.ndncert ; NDN identity certificate file
         certfile any ; "any" authorizes command interests signed under any certificate,
                      ; i.e., no actual validation.
-Alex Afanasyev
+        privileges ; set of privileges granted to this identity
+        {
-Alex Afanasyev
+          faces
-Alex Afanasyev
+          fib
-Alex Afanasyev
+          strategy-choice
 Alex Afanasyev
+      }
 Alex Afanasyev
       ; You may have multiple authorize sections that specify additional
       ; certificates and their privileges.
       ; authorize
       ; {
       ;   certfile keys/this_cert_does_not_exist.ndncert
       ;   authorize
       ;   privileges
       ;   {
       ;     faces
       ;   }
       ; }
 Alex Afanasyev
-Alex Afanasyev
+    rib
+    {
       ; The following localhost_security allows anyone to register routing entries in local RIB
       localhost_security
 Alex Afanasyev
-Alex Afanasyev
+        trust-anchor
 Alex Afanasyev
-Alex Afanasyev
+          type any
 Alex Afanasyev
+      }
 Alex Afanasyev
       ; localhop_security should be enabled when NFD runs on a hub.
       ; "/localhop/nfd/fib" command prefix will be disabled when localhop_security section is missing.
       ; localhop_security
-Alex Afanasyev
+      ; {
-Alex Afanasyev
+      ;   ; This section defines the trust model for NFD RIB Management. It consists of rules and
       ;   ; trust-anchors, which are briefly defined in this file.  For more information refer to
       ;   ; manpage of ndn-validator.conf:
       ;   ;
       ;   ;     man ndn-validator.conf
       ;   ;
       ;   ; A trust-anchor is a pre-trusted certificate.  This can be any certificate that is the
       ;   ; root of certification chain (e.g., NDN testbed root certificate) or an existing
       ;   ; default system certificate `default.ndncert`.
       ;   ;
       ;   ; A rule defines conditions a valid packet MUST have. A packet must satisfy one of the
       ;   ; rules defined here. A rule can be broken into two parts: matching & checking. A packet
       ;   ; will be matched against rules from the first to the last until a matched rule is
       ;   ; encountered. The matched rule will be used to check the packet. If a packet does not
       ;   ; match any rule, it will be treated as invalid.  The matching part of a rule consists
       ;   ; of `for` and `filter` sections. They collectively define which packets can be checked
       ;   ; with this rule. `for` defines packet type (data or interest) and `filter` defines
       ;   ; conditions on other properties of a packet. Right now, you can only define conditions
       ;   ; on packet name, and you can only specify ONLY ONE filter for packet name.  The
       ;   ; checking part of a rule consists of `checker`, which defines the conditions that a
       ;   ; VALID packet MUST have. See comments in checker section for more details.
+      ;
       ;   rule
       ;   {
       ;     id "NRD Prefix Registration Command Rule"
       ;     for interest                         ; rule for Interests (to validate CommandInterests)
       ;     filter
       ;     {
       ;       type name                          ; condition on interest name (w/o signature)
       ;       regex ^[<localhop><localhost>]<nfd><rib>[<register><unregister>]<>$ ; prefix before
       ;                                                                           ; timestamp
       ;     }
       ;     checker
       ;     {
       ;       type customized
       ;       sig-type rsa-sha256                ; interest must have a rsa-sha256 signature
       ;       key-locator
       ;       {
       ;         type name                        ; key locator must be the certificate name of the
       ;                                          ; signing key
       ;         regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$
       ;       }
       ;     }
       ;   }
       ;   rule
       ;   {
       ;     id "NDN Testbed Hierarchy Rule"
       ;     for data                             ; rule for Data (to validate NDN certificates)
       ;     filter
       ;     {
       ;       type name                          ; condition on data name
       ;       regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$
       ;     }
       ;     checker
       ;     {
       ;       type hierarchical                  ; the certificate name of the signing key and
       ;                                          ; the data name must follow the hierarchical model
       ;       sig-type rsa-sha256                ; data must have a rsa-sha256 signature
       ;     }
       ;   }
       ;   trust-anchor
       ;   {
       ;     type file
       ;     file-name keys/default.ndncert ; the file name, by default this file should be placed in the
       ;                                    ; same folder as this config file.
       ;   }
       ;   ; trust-anchor ; Can be repeated multiple times to specify multiple trust anchors
       ;   ; {
       ;   ;   type file
       ;   ;   file-name keys/ndn-testbed.ndncert
       ;   ; }
-Alex Afanasyev
+      ; }
+    }

Project

General

Profile

NFD

ConfigFileFormat » History » Version 11