Use nfd.conf.sample from currently installed NFD
refs: #3282
Change-Id: Idc3a70fc62b98c72970eab41d16eb587a16efe9a
diff --git a/bin/minindn b/bin/minindn
index 2a8e4fa..36dcaa3 100755
--- a/bin/minindn
+++ b/bin/minindn
@@ -207,6 +207,11 @@
info('No template file given and default template file cannot be found. Exiting...\n')
quit()
+ # Update nfd.conf file used by Mini-NDN to match the currently installed version of NFD
+ nfdConfFile = "%s/nfd.conf" % install_dir
+ os.system("sudo cp /usr/local/etc/ndn/nfd.conf.sample %s" % nfdConfFile)
+ os.system("sudo sed -i \'s|default_level [A-Z]*$|default_level $LOG_LEVEL|g\' %s" % nfdConfFile)
+
topo = NdnTopo(template_file)
t = datetime.datetime.now()
diff --git a/install.sh b/install.sh
index 6e567ec..3f7bb2a 100755
--- a/install.sh
+++ b/install.sh
@@ -207,7 +207,6 @@
sudo mkdir -p "$install_dir"
sudo cp ndn_utils/client.conf.sample "$install_dir"
- sudo cp ndn_utils/nfd.conf "$install_dir"
sudo cp ndn_utils/nlsr.conf "$install_dir"
sudo cp ndn_utils/topologies/default-topology.conf "$install_dir"
sudo cp ndn_utils/topologies/minindn.testbed.conf "$install_dir"
diff --git a/ndn_utils/nfd.conf b/ndn_utils/nfd.conf
deleted file mode 100644
index 246dc78..0000000
--- a/ndn_utils/nfd.conf
+++ /dev/null
@@ -1,269 +0,0 @@
-; The general section contains settings of nfd process.
-general
-{
- ; Specify a user and/or group for NFD to drop privileges to
- ; when not performing privileged tasks. NFD does not drop
- ; privileges by default.
-
- ; user ndn-user
- ; group ndn-user
-}
-
-log
-{
- ; default_level specifies the logging level for modules
- ; that are not explicitly named. All debugging levels
- ; listed above the selected value are enabled.
- ;
- ; Valid values:
- ;
- ; NONE ; no messages
- ; ERROR ; error messages
- ; WARN ; warning messages
- ; INFO ; informational messages (default)
- ; DEBUG ; debugging messages
- ; TRACE ; trace messages (most verbose)
- ; ALL ; all messages
-
- default_level $LOG_LEVEL
-
- ; You may override default_level by assigning a logging level
- ; to the desired module name. Module names can be found in two ways:
- ;
- ; Run:
- ; nfd --modules
- ; nrd --modules
- ;
- ; Or look for NFD_LOG_INIT(<module name>) statements in .cpp files
- ;
- ; Example module-level settings:
- ;
- ; FibManager DEBUG
- ; Forwarder INFO
-}
-
-; The tables section configures the CS, PIT, FIB, Strategy Choice, and Measurements
-tables
-{
-
- ; ContentStore size limit in number of packets
- ; default is 65536, about 500MB with 8KB packet size
- cs_max_packets 65536
-
- ; Set the forwarding strategy for the specified prefixes:
- ; <prefix> <strategy>
- strategy_choice
- {
- / /localhost/nfd/strategy/best-route
- /localhost /localhost/nfd/strategy/broadcast
- /localhost/nfd /localhost/nfd/strategy/best-route
- /ndn/broadcast /localhost/nfd/strategy/broadcast
- }
-}
-
-; The face_system section defines what faces and channels are created.
-face_system
-{
- ; The unix section contains settings of Unix stream faces and channels.
- ; Unix channel is always listening; delete unix section to disable
- ; Unix stream faces and channels.
- unix
- {
- path /var/run/nfd.sock ; Unix stream listener path
- }
-
- ; The tcp section contains settings of TCP faces and channels.
- tcp
- {
- listen yes ; set to 'no' to disable TCP listener, default 'yes'
- port 6363 ; TCP listener port number
- enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
- enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
- }
-
- ; The udp section contains settings of UDP faces and channels.
- ; UDP channel is always listening; delete udp section to disable UDP
- udp
- {
- port 6363 ; UDP unicast port number
- enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
- enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
- idle_timeout 600 ; idle time (seconds) before closing a UDP unicast face
- keep_alive_interval 25; interval (seconds) between keep-alive refreshes
-
- ; UDP multicast settings
- ; NFD creates one UDP multicast face per NIC
- ;
- ; In multi-homed Linux machines these settings will NOT work without
- ; root or settings the appropriate permissions:
- ;
- ; sudo setcap cap_net_raw=eip /full/path/nfd
- ;
- mcast yes ; set to 'no' to disable UDP multicast, default 'yes'
- mcast_port 56363 ; UDP multicast port number
- mcast_group 224.0.23.170 ; UDP multicast group (IPv4 only)
- }
-}
-
-; The authorizations section grants privileges to authorized keys.
-authorizations
-{
- ; An authorize section grants privileges to a NDN certificate.
- authorize
- {
- ; If you do not already have NDN certificate, you can generate
- ; one with the following commands.
- ;
- ; 1. Generate and install a self-signed identity certificate:
- ;
- ; ndnsec-keygen /`whoami` | ndnsec-install-cert -
- ;
- ; Note that the argument to ndnsec-key will be the identity name of the
- ; new key (in this case, /your-username). Identities are hierarchical NDN
- ; names and may have multiple components (e.g. `/ndn/ucla/edu/alice`).
- ; You may create additional keys and identities as you see fit.
- ;
- ; 2. Dump the NDN certificate to a file:
- ;
- ; sudo mkdir -p @SYSCONFDIR@/ndn/keys/
- ; ndnsec-cert-dump -i /`whoami` > default.ndncert
- ; sudo mv default.ndncert @SYSCONFDIR@/ndn/keys/default.ndncert
- ;
- ; The "certfile" field below specifies the default key directory for
- ; your machine. You may move your newly created key to the location it
- ; specifies or path.
-
- ; certfile keys/default.ndncert ; NDN identity certificate file
- certfile any ; "any" authorizes command interests signed under any certificate,
- ; i.e., no actual validation.
- privileges ; set of privileges granted to this identity
- {
- faces
- fib
- strategy-choice
- }
- }
-
- ; You may have multiple authorize sections that specify additional
- ; certificates and their privileges.
-
- ; authorize
- ; {
- ; certfile keys/this_cert_does_not_exist.ndncert
- ; authorize
- ; privileges
- ; {
- ; faces
- ; }
- ; }
-}
-
-rib
-{
- ; The following localhost_security allows anyone to register routing entries in local RIB
- localhost_security
- {
- trust-anchor
- {
- type any
- }
- }
-
- ; localhop_security should be enabled when NFD runs on a hub.
- ; "/localhop/nfd/fib" command prefix will be disabled when localhop_security section is missing.
- ; localhop_security
- ; {
- ; ; This section defines the trust model for NFD RIB Management. It consists of rules and
- ; ; trust-anchors, which are briefly defined in this file. For more information refer to
- ; ; manpage of ndn-validator.conf:
- ; ;
- ; ; man ndn-validator.conf
- ; ;
- ; ; A trust-anchor is a pre-trusted certificate. This can be any certificate that is the
- ; ; root of certification chain (e.g., NDN testbed root certificate) or an existing
- ; ; default system certificate `default.ndncert`.
- ; ;
- ; ; A rule defines conditions a valid packet MUST have. A packet must satisfy one of the
- ; ; rules defined here. A rule can be broken into two parts: matching & checking. A packet
- ; ; will be matched against rules from the first to the last until a matched rule is
- ; ; encountered. The matched rule will be used to check the packet. If a packet does not
- ; ; match any rule, it will be treated as invalid. The matching part of a rule consists
- ; ; of `for` and `filter` sections. They collectively define which packets can be checked
- ; ; with this rule. `for` defines packet type (data or interest) and `filter` defines
- ; ; conditions on other properties of a packet. Right now, you can only define conditions
- ; ; on packet name, and you can only specify ONLY ONE filter for packet name. The
- ; ; checking part of a rule consists of `checker`, which defines the conditions that a
- ; ; VALID packet MUST have. See comments in checker section for more details.
- ;
- ; rule
- ; {
- ; id "NRD Prefix Registration Command Rule"
- ; for interest ; rule for Interests (to validate CommandInterests)
- ; filter
- ; {
- ; type name ; condition on interest name (w/o signature)
- ; regex ^[<localhop><localhost>]<nfd><rib>[<register><unregister>]<>$ ; prefix before
- ; ; timestamp
- ; }
- ; checker
- ; {
- ; type customized
- ; sig-type rsa-sha256 ; interest must have a rsa-sha256 signature
- ; key-locator
- ; {
- ; type name ; key locator must be the certificate name of the
- ; ; signing key
- ; regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$
- ; }
- ; }
- ; }
- ; rule
- ; {
- ; id "NDN Testbed Hierarchy Rule"
- ; for data ; rule for Data (to validate NDN certificates)
- ; filter
- ; {
- ; type name ; condition on data name
- ; regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$
- ; }
- ; checker
- ; {
- ; type hierarchical ; the certificate name of the signing key and
- ; ; the data name must follow the hierarchical model
- ; sig-type rsa-sha256 ; data must have a rsa-sha256 signature
- ; }
- ; }
- ; trust-anchor
- ; {
- ; type file
- ; file-name keys/default.ndncert ; the file name, by default this file should be placed in the
- ; ; same folder as this config file.
- ; }
- ; ; trust-anchor ; Can be repeated multiple times to specify multiple trust anchors
- ; ; {
- ; ; type file
- ; ; file-name keys/ndn-testbed.ndncert
- ; ; }
- ; }
-
- ; The following localhop_security should be enabled when NFD runs on a hub,
- ; which accepts all remote registrations and is a short-term solution.
- ; localhop_security
- ; {
- ; trust-anchor
- ; {
- ; type any
- ; }
- ; }
-
- remote_register
- {
- cost 15 ; forwarding cost of prefix registered on remote router
- timeout 10000 ; timeout (in milliseconds) of remote prefix registration command
- retry 0 ; maximum number of retries for each remote prefix registration command
-
- refresh_interval 300 ; interval (in seconds) before refreshing the registration
- ; This setting should be less than face_system.udp.idle_time,
- ; so that the face is kept alive on the remote router.
- }
-}