blob: e0b3ce9c12dd1bab7fba5c1a5415bf404813c8fc [file] [log] [blame]
Alexander Afanasyev26181532014-05-07 23:38:51 -07001FAQ
2===
3
4How to change default paths?
5----------------------------
6
7Paths to where NFD is installed can be configured during ``./waf
8configure``:
9
10- Installation prefix (default ``/usr/local``):
11
12 ::
13
14 ./waf configure --prefix=/usr
15
16- Location of NFD configuration file (default: ``${prefix}/etc``):
17
18 ::
19
20 ./waf configure --prefix=/usr --sysconfdir=/etc
21
22- Location of manpages (default: ``${prefix}/share/man``)
23
24 ::
25
26 ./waf configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man
27
28How to run NFD on Raspberry Pi?
29-------------------------------
30
31To run NFD on the Raspberry Pi, you need to either enable IPv6 support
32in Raspberry Pi or disable IPv6 support in NFD.
33
34To enable IPv6 in Raspberry Pi:
35
36::
37
38 sudo modprobe ipv6
39
40To disable IPv6 in NFD, replace ``enable_v6 yes`` with ``enable_v6 no``
41in ``tcp`` and ``udp`` sections of ``/usr/local/etc/ndn/nfd.conf``:
42
43::
44
45 ...
46 tcp
47 {
48 listen yes
49 port 6363
50 enable_v4 yes
51 enable_v6 no
52 }
53
54 udp
55 {
56 port 6363
57 enable_v4 yes
58 enable_v6 no
59 idle_timeout 600
60 keep_alive_interval 25
61
62 mcast yes
63 mcast_port 56363
64 mcast_group 224.0.23.170
65 }
66 ...
67
68
69How to run NFD as non-root user?
70--------------------------------
71
Steve DiBenedetto24b9a642014-04-07 15:45:39 -060072How to configure automatic dropping of privileges?
73++++++++++++++++++++++++++++++++++++++++++++++++++
74
75NFD can be configured to drop privileges whenever possible. You can specify a user and/or
76group for NFD to change its *effective* user/group ID to in the ``general`` section of the
77configuration file. For example:
78
79::
80
81 general
82 {
83 user nobody
84 group nogroup
85 }
86
87will configure NFD to drop its effective user and group IDs to ``nobody`` and ``nogroup``,
88respectively.
89
90.. note::
91
92 **IMPORTANT:** NFD may regain elevated permissions as needed during normal
93 execution. Dropping privileges in this manner should not be considered a security
94 mechanism (a compromised NFD that was started as root can trivially return to
95 root). However, reducing privileges may limit any damaged caused by well intentioned,
96 but buggy, code.
97
Alexander Afanasyev26181532014-05-07 23:38:51 -070098
99How to enable Ethernet Face Support?
100++++++++++++++++++++++++++++++++++++
101
102The ``ether`` configuration file section contains settings for Ethernet faces and
103channels. These settings will **NOT** work without root or setting the appropriate
104permissions:
105
106::
107
108 sudo setcap cap_net_raw,cap_net_admin=eip /full/path/nfd
109
110You may need to install a package to use setcap:
111
112**Ubuntu:**
113
114::
115
116 sudo apt-get install libcap2-bin
117
118**Mac OS X:**
119
120::
121
122 curl https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3373 -o ChmodBPF.tar.gz
123 tar zxvf ChmodBPF.tar.gz
124 open ChmodBPF/Install\ ChmodBPF.app
125
126or manually:
127
128::
129
130 sudo chgrp admin /dev/bpf*
131 sudo chmod g+rw /dev/bpf*
132
133How to enable UDP multicast support in multi-homed Linux machines
134+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
135
136The UDP configuration file section contains settings for unicast and multicast UDP
137faces. If the Linux box is equipped with multiple network interfaces with multicast
138capabilities, the settings for multicast faces will **NOT** work without root
139or setting the appropriate permissions:
140
141::
142
143 sudo setcap cap_net_raw=eip /full/path/nfd
144
145.. _How to configure NFD security:
146
147How to configure NFD security?
148------------------------------
149
150.. note:: Sample configuration file of NFD allow any user to manage faces, FIB, RIB, and
151 StrategyChoice. The following description can be used to restrict certain operations
152 to certain users.
153
154 More extensive documentation about NFD's security and options to configure trust model
155 for NFD is currently in preparation.
156
157Many NFD management protocols require signed commands to be processed
158(e.g. FIB modification, Face creation/destructions, etc.). You will need
159an NDN certificate to use any application that issues signed commands.
160
161If you do not already have NDN certificate, you can generate one with
162the following commands:
163
164**Generate and install a self-signed identity certificate**:
165
166::
167
168 ndnsec-keygen /`whoami` | ndnsec-install-cert -
169
170Note that the argument to ndnsec-key will be the identity name of the
171new key (in this case, ``/your-username``). Identity names are
172hierarchical NDN names and may have multiple components (e.g.
173``/ndn/ucla/edu/alice``). You may create additional keys and identities
174as you see fit.
175
176**Dump the NDN certificate to a file**:
177
178The following commands assume that you have not modified ``PREFIX`` or
179``SYSCONFDIR`` If you have, please substitute ``/usr/local/etc`` for the
180appropriate value (the overriden ``SYSCONFDIR`` or ``PREFIX/etc`` if you
181changed ``PREFIX``).
182
183::
184
185 sudo mkdir -p /usr/local/etc/ndn/keys
186 ndnsec-cert-dump -i /`whoami` > default.ndncert
187 sudo mv default.ndncert /usr/local/etc/ndn/keys/default.ndncert
188
189.. _How to start using NDN MacPorts repository on OSX:
190
191How to start using NDN MacPorts repository on OSX?
192--------------------------------------------------
193
194OSX users have an opportunity to seamlessly install and run NFD and other related
195applications via `MacPorts <https://www.macports.org/>`_. If you are not using MacPorts
196yet, go to `MacPorts website <https://www.macports.org/install.php>`_ and download and
197install the MacPorts package.
198
199NFD and related ports are not part of the official MacPorts repository and in order to use
200it, you need to add NDN MacPorts repository to the local configuration. In particular,
201you will need to modify the list of source URLs for MacPorts. For example, if your
202MacPorts are installed in ``/opt/local``, add the following line
203`/opt/local/etc/macports/sources.conf` before or after the default port repository:
204
205::
206
207 rsync://macports.named-data.net/macports/
208
209After this step, you can use ``sudo port selfupdate`` to fetch updated port definitions.
210
211The following command will install NFD using MacPorts:
212
213::
214
215 sudo port install nfd
216
217.. note::
218 You have to have XCode installed on your machine. For latest versions of OSX (Lion or
219 Mountain Lion) you can install it from AppStore for free, for older versions you have to
220 go to developer.apple.com and download old version of XCode that is appropriate for your
221 system.
222
223
224One of the advantages of using MacPorts is that you can easily upgrade NFD and other
225packages to the most recent version available. The following commands will do this job:
226
227::
228
229 sudo port selfupdate
230 sudo port upgrade nfd
231
232.. _How to start using NDN PPA repository on Ubuntu Linux:
233
234How to start using NDN PPA repository on Ubuntu Linux?
235------------------------------------------------------
236
237NFD binaries and related tools for Ubuntu 12.04, 13.10, and 14.04 can be installed using
238PPA packages from named-data repository. First, you will need to add ``named-data/ppa``
239repository to binary package sources and update list of available packages:
240
241::
242
243 sudo add-apt-repository ppa:named-data/ppa
244
245 # if you do not have add-apt-repository command installed:
246 sudo apt-get install python-software-properties
247 sudo apt-get update
248
249After that, NFD can be easily installed in a standard way, i.e., either using ``apt-get`` as shown
250below or using any other package manager (e.g., Synaptic Package Manager):
251
252::
253
254 sudo apt-get install nfd
255
256For the list of available packages, refer to `NDN PPA repository
257<https://launchpad.net/~named-data/+archive/ppa>`_.