nfd.conf.sample.in

; The general section contains settings of nfd process.
; general
; {
; }

; The face_system section defines what faces and channels are created.
face_system
{
  ; The unix section contains settings of UNIX stream faces and channels.
  unix
  {
    listen yes ; set to 'no' to disable UNIX stream listener, default 'yes'
    path /var/run/nfd.sock ; UNIX stream listener path
  }

  ; The tcp section contains settings of TCP faces and channels.
  tcp
  {
    listen yes ; set to 'no' to disable TCP listener, default 'yes'
    port 6363 ; TCP listener port number
  }

  ; The udp section contains settings of UDP faces and channels.
  udp
  {
    port 6363 ; UDP unicast port number
    idle_timeout 600 ; idle time (seconds) before closing a UDP unicast face
    keep_alive_interval 25; interval (seconds) between keep-alive refreshes

    mcast yes

    ; Example multicast settings
    ; NFD creates one UDP multicast face per NIC

    ; mcast yes ; set to 'no' to disable UDP multicast, default 'yes'
    ; mcast_port 56363 ; UDP multicast port number
    ; mcast_group 224.0.23.170 ; UDP multicast group (IPv4 only)
  }

  ; The ether section contains settings of Ethernet faces and channels.
  ; These settings will NOT work without root or setting the appropriate
  ; permissions:
  ;
  ;    sudo setcap cap_net_raw,cap_net_admin=eip /full/path/nfd
  ;
  ; You may need to install a package to use setcap:
  ;
  ; **Ubuntu:**
  ;
  ;    sudo apt-get install libcap2-bin
  ;
  ; **Mac OS X:**
  ;
  ;    curl https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3373 -o ChmodBPF.tar.gz
  ;    tar zxvf ChmodBPF.tar.gz
  ;    open ChmodBPF/Install\ ChmodBPF.app
  ;
  ; or manually:
  ;
  ;    sudo chgrp admin /dev/bpf*
  ;    sudo chmod g+rw /dev/bpf*

  ether
  {
    mcast yes

  ;    Example multicast settings
  ;    NFD creates one Ethernet multicast face per NIC
  ;
  ;    mcast yes ; set to 'no' to disable Ethernet multicast, default 'yes'
  ;    mcast_group 01:00:5E:00:17:AA ; Ethernet multicast group
  }
}

; The authorizations section grants privileges to authorized keys.
authorizations
{
  ; An authorize section grants privileges to a NDN certificate.
  authorize
  {
    ; If you do not already have NDN certificate, you can generate
    ; one with the following commands.
    ;
    ; 1. Generate and install a self-signed identity certificate:
    ;
    ;      ndnsec-keygen /`whoami` | ndnsec-install-cert -
    ;
    ; Note that the argument to ndnsec-key will be the identity name of the
    ; new key (in this case, /your-username). Identities are hierarchical NDN
    ; names and may have multiple components (e.g. `/ndn/ucla/edu/alice`).
    ; You may create additional keys and identities as you see fit.
    ;
    ; 2. Dump the NDN certificate to a file:
    ;
    ;      sudo mkdir -p @SYSCONFDIR@/ndn/keys/
    ;      ndnsec-cert-dump -i /`whoami` >  default.ndncert
    ;      sudo mv default.ndncert @SYSCONFDIR@/ndn/keys/default.ndncert
    ;
    ; The "certfile" field below specifies the default key directory for
    ; your machine. You may move your newly created key to the location it
    ; specifies or path.

    certfile keys/default.ndncert ; NDN identity certificate file
    privileges ; set of privileges granted to this identity
    {
      control-header
      faces
      fib
      strategy-choice
    }
  }

  ; You may have multiple authorize sections that specify additional
  ; certificates and their privileges.

;  authorize
;  {
;    certfile keys/this_cert_does_not_exist.ndncert
;    authorize
;    privileges
;    {
;      faces
;    }
;  }
}