Add ndn_utils and modify install script
refs: #2528
Change-Id: I7c26df7c91572f8e48b23ca3cddcec1b8f0216a5
diff --git a/ndn_utils/client.conf.sample b/ndn_utils/client.conf.sample
new file mode 100644
index 0000000..d911623
--- /dev/null
+++ b/ndn_utils/client.conf.sample
@@ -0,0 +1,33 @@
+; "transport" specifies Face's default transport connection.
+; The value is a unix or tcp4 scheme Face URI.
+;
+; For example:
+;
+; unix:///var/run/nfd.sock
+; tcp://192.0.2.1
+; tcp4://example.com:6363
+
+transport=unix:///var/run/nfd.sock
+
+; "protocol" determines the protocol for prefix registration
+; it has a value of:
+; nfd-0.1
+; nrd-0.1
+; ndnd-tlv-0.7
+; ndnx-0.7
+protocol=nrd-0.1
+
+; "pib" determines which Public Info Base (PIB) should used by default in applications.
+; If "pib" is not specified, the default PIB will be used.
+; Note that default PIB could be different on different system.
+; If "pib" is specified, it may have a value of:
+; sqlite3
+; pib=sqlite3
+
+; "tpm" determines which Trusted Platform Module (TPM) should used by default in applications.
+; If "tpm" is not specified, the default TPM will be used.
+; Note that default TPM could be different on different system.
+; If "tpm" is specified, it may have a value of:
+; file
+; osx-keychain
+; tpm=file
\ No newline at end of file
diff --git a/ndn_utils/hyperbolic_conf_file/minindn.caida.conf b/ndn_utils/hyperbolic_conf_file/minindn.caida.conf
new file mode 100644
index 0000000..ab243e1
--- /dev/null
+++ b/ndn_utils/hyperbolic_conf_file/minindn.caida.conf
@@ -0,0 +1,36 @@
+[nodes]
+ucla: _ radius=16.586643 angle=2.999108
+pku: _ radius=11.149566 angle=2.870147
+csu: _ radius=14.105693 angle=2.992666
+caida: _ radius=17.603044 angle=2.943027
+arizona: _ radius=16.230539 angle=2.970333
+uiuc: _ radius=29.255355 angle=2.982312
+wustl: _ radius=19.426849 angle=4.310672
+umich: _ radius=17.773804 angle=2.980183
+neu: _ radius=19.900128 angle=2.138942
+memphis: _ radius=15.264774 angle=2.983607
+[links]
+ucla:csu delay=16ms
+ucla:pku delay=79ms
+ucla:memphis delay=39ms
+pku:csu delay=104ms
+pku:umich delay=110ms
+pku:neu delay=115ms
+pku:memphis delay=99ms
+pku:wustl delay=109ms
+pku:arizona delay=82ms
+pku:caida delay=78ms
+csu:uiuc delay=14ms
+csu:umich delay=15ms
+csu:wustl delay=19ms
+csu:memphis delay=21ms
+csu:neu delay=25ms
+csu:caida delay=18ms
+csu:arizona delay=18ms
+wustl:memphis delay=16ms
+uiuc:umich delay=6ms
+uiuc:memphis delay=10ms
+arizona:memphis delay=33ms
+memphis:neu delay=20ms
+memphis:umich delay=12ms
+memphis:caida delay=40ms
diff --git a/ndn_utils/hyperbolic_conf_file/minindn.tesbed.conf b/ndn_utils/hyperbolic_conf_file/minindn.tesbed.conf
new file mode 100644
index 0000000..9fc0bbc
--- /dev/null
+++ b/ndn_utils/hyperbolic_conf_file/minindn.tesbed.conf
@@ -0,0 +1,74 @@
+[nodes]
+unibas: _ radius=13.2717666496574 angle=2.41932700603969 cpu=10
+bupt: _ radius=11.5095245566676 angle=2.87230371009491 cpu=10
+pku: _ radius=11.1495655496376 angle=2.87014667817084 cpu=10
+tongji: _ radius=11.1495655496376 angle=2.8701500000 cpu=10
+orange: _ radius=10.9327229663161 angle=2.7739430543572 cpu=10
+arizona: _ radius=16.2305391313912 angle=2.97033285094067 cpu=10
+byu: _ radius=19.353845431776 angle=3.77334112452928 cpu=10
+csu: _ radius=14.1056931988398 angle=2.99266609145815 cpu=10
+uiuc: _ radius=29.2553552716 angle=2.98231233822261 cpu=10
+memphis: _ radius=15.2647735129845 angle=2.98360655737705 cpu=10
+neu: _ radius=19.9001283692128 angle=2.13894230769231 cpu=10
+uci: _ radius=19.2697694366069 angle=2.94186046511628 cpu=10
+ucla: _ radius=16.5866430024476 angle=2.99910767400357 cpu=10
+remap: _ radius=16.5866430024476 angle=2.9991100000 cpu=10
+umich: _ radius=17.7738038607456 angle=2.98018269081901 cpu=10
+wustl: _ radius=19.426848571939 angle=4.31067173953721 cpu=10
+urjc: _ radius=13.6888312671789 angle=1.17169974115617 cpu=10
+systemx: _ radius=19.1697680538273 angle=2.62274588691716 cpu=10
+lip6: _ radius=29.2553552716 angle=2.62295081967213 cpu=10
+waseda: _ radius=19.3583257471934 angle=2.99935233160622 cpu=10
+anyang: _ radius=14.3378634978013 angle=2.99956859361519 cpu=10
+caida: _ radius=17.6030443241278 angle=2.94302721088435 cpu=10
+[links]
+bupt:pku delay=14ms
+pku:unibas delay=127ms
+pku:tongji delay=14ms
+bupt:anyang delay=33ms
+bupt:tongji delay=18ms
+anyang:tongji delay=54ms
+bupt:waseda delay=48ms
+tongji:waseda delay=98ms
+tongji:caida delay=93ms
+caida:ucla delay=3ms
+anyang:pku delay=38ms
+anyang:waseda delay=22ms
+ucla:pku delay=85ms
+ucla:remap delay=1ms
+caida:uci delay=3ms
+uci:ucla delay=1ms
+uci:remap delay=1ms
+ucla:csu delay=16ms
+remap:csu delay=16ms
+caida:arizona delay=25ms
+waseda:arizona delay=75ms
+remap:arizona delay=25ms
+arizona:wustl delay=33ms
+wustl:uiuc delay=9ms
+csu:uiuc delay=14ms
+uiuc:umich delay=5ms
+csu:byu delay=8ms
+byu:remap delay=9ms
+byu:arizona delay=30ms
+wustl:urjc delay=86ms
+wustl:memphis delay=17ms
+arizona:memphis delay=17ms
+waseda:orange delay=144ms
+orange:systemx delay=2ms
+unibas:systemx delay=10ms
+memphis:neu delay=21ms
+pku:neu delay=112ms
+csu:umich delay=15ms
+urjc:lip6 delay=15ms
+urjc:unibas delay=9ms
+lip6:systemx delay=2ms
+unibas:lip6 delay=18ms
+memphis:umich delay=12ms
+memphis:orange delay=56ms
+urjc:orange delay=15ms
+lip6:orange delay=3ms
+lip6:umich delay=69ms
+unibas:orange delay=18ms
+umich:neu delay=14ms
+csu:arizona delay=18ms
diff --git a/ndn_utils/hyperbolic_conf_file/minindn.ucla.conf b/ndn_utils/hyperbolic_conf_file/minindn.ucla.conf
new file mode 100644
index 0000000..5cdbaf5
--- /dev/null
+++ b/ndn_utils/hyperbolic_conf_file/minindn.ucla.conf
@@ -0,0 +1,35 @@
+[nodes]
+ucla: _ radius=20.700007 angle=2.051234 cpu=5
+pku: _ radius=19.320956 angle=2.011893 cpu=5
+csu: _ radius=18.725071 angle=2.054556 cpu=5
+caida: _ radius=17.334066 angle=1.920136 cpu=5
+arizona: _ radius=21.038109 angle=5.203340 cpu=5
+uiuc: _ radius=21.247178 angle=2.038117 cpu=5
+wustl: _ radius=19.994570 angle=2.035105 cpu=5
+umich: _ radius=19.548038 angle=2.037021 cpu=5
+neu: _ radius=18.335813 angle=2.106513 cpu=5
+memphis: _ radius=17.389593 angle=1.925628 cpu=5
+[links]
+ucla:csu delay=16ms bw=1000
+ucla:umich delay=33ms bw=1000
+ucla:wustl delay=38ms bw=1000
+pku:csu delay=104ms bw=1000
+pku:caida delay=78ms bw=1000
+pku:wustl delay=109ms bw=1000
+pku:memphis delay=99ms bw=1000
+pku:umich delay=110ms bw=1000
+csu:caida delay=18ms bw=1000
+csu:wustl delay=19ms bw=1000
+csu:memphis delay=21ms bw=1000
+csu:uiuc delay=14ms bw=1000
+csu:umich delay=15ms bw=1000
+csu:neu delay=25ms bw=1000
+caida:neu delay=42ms bw=1000
+caida:arizona delay=25ms bw=1000
+caida:memphis delay=40ms bw=1000
+wustl:uiuc delay=9ms bw=1000
+wustl:umich delay=11ms bw=1000
+uiuc:umich delay=6ms bw=1000
+arizona:neu delay=35ms bw=1000
+arizona:memphis delay=33ms bw=1000
+memphis:neu delay=20ms bw=1000
diff --git a/ndn_utils/nfd.conf b/ndn_utils/nfd.conf
new file mode 100644
index 0000000..ffb1f5c
--- /dev/null
+++ b/ndn_utils/nfd.conf
@@ -0,0 +1,269 @@
+; The general section contains settings of nfd process.
+general
+{
+ ; Specify a user and/or group for NFD to drop privileges to
+ ; when not performing privileged tasks. NFD does not drop
+ ; privileges by default.
+
+ ; user ndn-user
+ ; group ndn-user
+}
+
+log
+{
+ ; default_level specifies the logging level for modules
+ ; that are not explicitly named. All debugging levels
+ ; listed above the selected value are enabled.
+ ;
+ ; Valid values:
+ ;
+ ; NONE ; no messages
+ ; ERROR ; error messages
+ ; WARN ; warning messages
+ ; INFO ; informational messages (default)
+ ; DEBUG ; debugging messages
+ ; TRACE ; trace messages (most verbose)
+ ; ALL ; all messages
+
+ default_level NONE
+
+ ; You may override default_level by assigning a logging level
+ ; to the desired module name. Module names can be found in two ways:
+ ;
+ ; Run:
+ ; nfd --modules
+ ; nrd --modules
+ ;
+ ; Or look for NFD_LOG_INIT(<module name>) statements in .cpp files
+ ;
+ ; Example module-level settings:
+ ;
+ ; FibManager DEBUG
+ ; Forwarder INFO
+}
+
+; The tables section configures the CS, PIT, FIB, Strategy Choice, and Measurements
+tables
+{
+
+ ; ContentStore size limit in number of packets
+ ; default is 65536, about 500MB with 8KB packet size
+ cs_max_packets 65536
+
+ ; Set the forwarding strategy for the specified prefixes:
+ ; <prefix> <strategy>
+ strategy_choice
+ {
+ / /localhost/nfd/strategy/best-route
+ /localhost /localhost/nfd/strategy/broadcast
+ /localhost/nfd /localhost/nfd/strategy/best-route
+ /ndn/broadcast /localhost/nfd/strategy/broadcast
+ }
+}
+
+; The face_system section defines what faces and channels are created.
+face_system
+{
+ ; The unix section contains settings of Unix stream faces and channels.
+ ; Unix channel is always listening; delete unix section to disable
+ ; Unix stream faces and channels.
+ unix
+ {
+ path /var/run/nfd.sock ; Unix stream listener path
+ }
+
+ ; The tcp section contains settings of TCP faces and channels.
+ tcp
+ {
+ listen yes ; set to 'no' to disable TCP listener, default 'yes'
+ port 6363 ; TCP listener port number
+ enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
+ enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
+ }
+
+ ; The udp section contains settings of UDP faces and channels.
+ ; UDP channel is always listening; delete udp section to disable UDP
+ udp
+ {
+ port 6363 ; UDP unicast port number
+ enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
+ enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
+ idle_timeout 600 ; idle time (seconds) before closing a UDP unicast face
+ keep_alive_interval 25; interval (seconds) between keep-alive refreshes
+
+ ; UDP multicast settings
+ ; NFD creates one UDP multicast face per NIC
+ ;
+ ; In multi-homed Linux machines these settings will NOT work without
+ ; root or settings the appropriate permissions:
+ ;
+ ; sudo setcap cap_net_raw=eip /full/path/nfd
+ ;
+ mcast yes ; set to 'no' to disable UDP multicast, default 'yes'
+ mcast_port 56363 ; UDP multicast port number
+ mcast_group 224.0.23.170 ; UDP multicast group (IPv4 only)
+ }
+}
+
+; The authorizations section grants privileges to authorized keys.
+authorizations
+{
+ ; An authorize section grants privileges to a NDN certificate.
+ authorize
+ {
+ ; If you do not already have NDN certificate, you can generate
+ ; one with the following commands.
+ ;
+ ; 1. Generate and install a self-signed identity certificate:
+ ;
+ ; ndnsec-keygen /`whoami` | ndnsec-install-cert -
+ ;
+ ; Note that the argument to ndnsec-key will be the identity name of the
+ ; new key (in this case, /your-username). Identities are hierarchical NDN
+ ; names and may have multiple components (e.g. `/ndn/ucla/edu/alice`).
+ ; You may create additional keys and identities as you see fit.
+ ;
+ ; 2. Dump the NDN certificate to a file:
+ ;
+ ; sudo mkdir -p @SYSCONFDIR@/ndn/keys/
+ ; ndnsec-cert-dump -i /`whoami` > default.ndncert
+ ; sudo mv default.ndncert @SYSCONFDIR@/ndn/keys/default.ndncert
+ ;
+ ; The "certfile" field below specifies the default key directory for
+ ; your machine. You may move your newly created key to the location it
+ ; specifies or path.
+
+ ; certfile keys/default.ndncert ; NDN identity certificate file
+ certfile any ; "any" authorizes command interests signed under any certificate,
+ ; i.e., no actual validation.
+ privileges ; set of privileges granted to this identity
+ {
+ faces
+ fib
+ strategy-choice
+ }
+ }
+
+ ; You may have multiple authorize sections that specify additional
+ ; certificates and their privileges.
+
+ ; authorize
+ ; {
+ ; certfile keys/this_cert_does_not_exist.ndncert
+ ; authorize
+ ; privileges
+ ; {
+ ; faces
+ ; }
+ ; }
+}
+
+rib
+{
+ ; The following localhost_security allows anyone to register routing entries in local RIB
+ localhost_security
+ {
+ trust-anchor
+ {
+ type any
+ }
+ }
+
+ ; localhop_security should be enabled when NFD runs on a hub.
+ ; "/localhop/nfd/fib" command prefix will be disabled when localhop_security section is missing.
+ ; localhop_security
+ ; {
+ ; ; This section defines the trust model for NFD RIB Management. It consists of rules and
+ ; ; trust-anchors, which are briefly defined in this file. For more information refer to
+ ; ; manpage of ndn-validator.conf:
+ ; ;
+ ; ; man ndn-validator.conf
+ ; ;
+ ; ; A trust-anchor is a pre-trusted certificate. This can be any certificate that is the
+ ; ; root of certification chain (e.g., NDN testbed root certificate) or an existing
+ ; ; default system certificate `default.ndncert`.
+ ; ;
+ ; ; A rule defines conditions a valid packet MUST have. A packet must satisfy one of the
+ ; ; rules defined here. A rule can be broken into two parts: matching & checking. A packet
+ ; ; will be matched against rules from the first to the last until a matched rule is
+ ; ; encountered. The matched rule will be used to check the packet. If a packet does not
+ ; ; match any rule, it will be treated as invalid. The matching part of a rule consists
+ ; ; of `for` and `filter` sections. They collectively define which packets can be checked
+ ; ; with this rule. `for` defines packet type (data or interest) and `filter` defines
+ ; ; conditions on other properties of a packet. Right now, you can only define conditions
+ ; ; on packet name, and you can only specify ONLY ONE filter for packet name. The
+ ; ; checking part of a rule consists of `checker`, which defines the conditions that a
+ ; ; VALID packet MUST have. See comments in checker section for more details.
+ ;
+ ; rule
+ ; {
+ ; id "NRD Prefix Registration Command Rule"
+ ; for interest ; rule for Interests (to validate CommandInterests)
+ ; filter
+ ; {
+ ; type name ; condition on interest name (w/o signature)
+ ; regex ^[<localhop><localhost>]<nfd><rib>[<register><unregister>]<>$ ; prefix before
+ ; ; timestamp
+ ; }
+ ; checker
+ ; {
+ ; type customized
+ ; sig-type rsa-sha256 ; interest must have a rsa-sha256 signature
+ ; key-locator
+ ; {
+ ; type name ; key locator must be the certificate name of the
+ ; ; signing key
+ ; regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$
+ ; }
+ ; }
+ ; }
+ ; rule
+ ; {
+ ; id "NDN Testbed Hierarchy Rule"
+ ; for data ; rule for Data (to validate NDN certificates)
+ ; filter
+ ; {
+ ; type name ; condition on data name
+ ; regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$
+ ; }
+ ; checker
+ ; {
+ ; type hierarchical ; the certificate name of the signing key and
+ ; ; the data name must follow the hierarchical model
+ ; sig-type rsa-sha256 ; data must have a rsa-sha256 signature
+ ; }
+ ; }
+ ; trust-anchor
+ ; {
+ ; type file
+ ; file-name keys/default.ndncert ; the file name, by default this file should be placed in the
+ ; ; same folder as this config file.
+ ; }
+ ; ; trust-anchor ; Can be repeated multiple times to specify multiple trust anchors
+ ; ; {
+ ; ; type file
+ ; ; file-name keys/ndn-testbed.ndncert
+ ; ; }
+ ; }
+
+ ; The following localhop_security should be enabled when NFD runs on a hub,
+ ; which accepts all remote registrations and is a short-term solution.
+ ; localhop_security
+ ; {
+ ; trust-anchor
+ ; {
+ ; type any
+ ; }
+ ; }
+
+ remote_register
+ {
+ cost 15 ; forwarding cost of prefix registered on remote router
+ timeout 10000 ; timeout (in milliseconds) of remote prefix registration command
+ retry 0 ; maximum number of retries for each remote prefix registration command
+
+ refresh_interval 300 ; interval (in seconds) before refreshing the registration
+ ; This setting should be less than face_system.udp.idle_time,
+ ; so that the face is kept alive on the remote router.
+ }
+}
diff --git a/ndn_utils/nlsr.conf b/ndn_utils/nlsr.conf
new file mode 100644
index 0000000..89fad50
--- /dev/null
+++ b/ndn_utils/nlsr.conf
@@ -0,0 +1,147 @@
+; the general section contains all the general settings for router
+
+$GENERAL_SECTION
+
+; the neighbors section contains the configuration for router's neighbors and hello's behavior
+
+$NEIGHBORS_SECTION
+
+; the hyperbolic section contains the configuration settings of enabling a router to calculate
+; routing table using [hyperbolic routing table calculation](http://arxiv.org/abs/0805.1266) method
+
+$HYPERBOLIC_SECTION
+
+
+; the fib section is used to configure fib entry's type to ndn FIB updated by NLSR
+
+$FIB_SECTION
+
+; the advertising section contains the configuration settings of the name prefixes
+; hosted by this router
+
+$ADVERTISING_SECTION
+
+security
+{
+ validator
+ {
+ rule
+ {
+ id "NSLR Hello Rule"
+ for data
+ filter
+ {
+ type name
+ regex ^[^<NLSR><INFO>]*<NLSR><INFO><><>$
+ }
+ checker
+ {
+ type customized
+ sig-type rsa-sha256
+ key-locator
+ {
+ type name
+ hyper-relation
+ {
+ k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
+ k-expand \\1
+ h-relation equal
+ p-regex ^([^<NLSR><INFO>]*)<NLSR><INFO><><>$
+ p-expand \\1
+ }
+ }
+ }
+ }
+
+ rule
+ {
+ id "NSLR LSA Rule"
+ for data
+ filter
+ {
+ type name
+ regex ^[^<NLSR><LSA>]*<NLSR><LSA>
+ }
+ checker
+ {
+ type customized
+ sig-type rsa-sha256
+ key-locator
+ {
+ type name
+ hyper-relation
+ {
+ k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
+ k-expand \\1
+ h-relation equal
+ p-regex ^([^<NLSR><LSA>]*)<NLSR><LSA>(<>*)<><><>$
+ p-expand \\1\\2
+ }
+ }
+ }
+ }
+
+ rule
+ {
+ id "NSLR Hierarchy Exception Rule"
+ for data
+ filter
+ {
+ type name
+ regex ^[^<KEY><%C1.Router>]*<%C1.Router>[^<KEY><NLSR>]*<KEY><ksk-.*><ID-CERT><>$
+ }
+ checker
+ {
+ type customized
+ sig-type rsa-sha256
+ key-locator
+ {
+ type name
+ hyper-relation
+ {
+ k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
+ k-expand \\1
+ h-relation equal
+ p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
+ p-expand \\1
+ }
+ }
+ }
+ }
+
+ rule
+ {
+ id "NSLR Hierarchical Rule"
+ for data
+ filter
+ {
+ type name
+ regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
+ }
+ checker
+ {
+ type hierarchical
+ sig-type rsa-sha256
+ }
+ }
+
+ trust-anchor
+ {
+ type any
+ file-name "root.cert"
+ }
+ }
+ ; cert-to-publish "root.cert" ; optional, a file containing the root certificate
+ ; Only the router that is designated to publish the root cert
+ ; needs to specify this
+
+ ; cert-to-publish "site.cert" ; optional, a file containing the site certificate
+ ; Only the router that is designated to publish the site cert
+ ; needs to specify this
+
+ ; cert-to-publish "operator.cert" ; optional, a file containing the operator certificate
+ ; Only the router that is designated to publish the operator
+ ; cert needs to specify this
+
+ ; cert-to-publish "router.cert" ; required, a file containing the router certificate.
+}