Alexander Afanasyev | 284257b | 2014-04-11 14:16:51 -0700 | [diff] [blame^] | 1 | .. _NFD Configuration Tips: |
| 2 | |
| 3 | NFD - Named Data Networking Forwarding Daemon |
| 4 | ============================================= |
| 5 | |
| 6 | Default Paths |
| 7 | ------------- |
| 8 | |
| 9 | This document uses ``SYSCONFDIR`` when referring to the default locations |
| 10 | of various NFD configuration files. By default, ``SYSCONFDIR`` is set to |
| 11 | ``/usr/local/etc``. If you override ``PREFIX``, then ``SYSCONFDIR`` will |
| 12 | default to ``PREFIX/etc``. |
| 13 | |
| 14 | You may override ``SYSCONFDIR`` and ``PREFIX`` by specifying their |
| 15 | corresponding options during installation: |
| 16 | |
| 17 | :: |
| 18 | |
| 19 | ./waf configure --prefix <path/for/prefix> --sysconfdir <some/other/path> |
| 20 | |
| 21 | Refer to :ref:`NFD Installation Instructions` for more detailed instructions on how to compile |
| 22 | and install NFD. |
| 23 | |
| 24 | Running and Configuring NFD |
| 25 | --------------------------- |
| 26 | |
| 27 | NFD's runtime settings may be modified via configuration file. After |
| 28 | installation, a working sample configuration is provided at |
| 29 | ``SYSCONFDIR/ndn/nfd.conf.sample``. At startup, NFD will attempt to read |
| 30 | the default configuration file location: ``SYSCONFDIR/ndn/nfd.conf``. |
| 31 | |
| 32 | You may also specify an alternative configuration file location by |
| 33 | running NFD with: |
| 34 | |
| 35 | :: |
| 36 | |
| 37 | nfd --config </path/to/nfd.conf> |
| 38 | |
| 39 | Once again, note that you may simply copy or rename the provided sample |
| 40 | configuration and have an **almost** fully configured NFD. However, this |
| 41 | NFD will be unable to add FIB entries or perform other typical operation |
| 42 | tasks until you authorize an NDN certificate with the appropriate |
| 43 | privileges. |
| 44 | |
| 45 | Installing an NDN Certificate for Command Authentication |
| 46 | -------------------------------------------------------- |
| 47 | |
| 48 | Many NFD management protocols require signed commands to be processed |
| 49 | (e.g. FIB modification, Face creation/destructions, etc.). You will need |
| 50 | an NDN certificate to use any application that issues signed commands. |
| 51 | |
| 52 | If you do not already have NDN certificate, you can generate one with |
| 53 | the following commands: |
| 54 | |
| 55 | **Generate and install a self-signed identity certificate**: |
| 56 | |
| 57 | :: |
| 58 | |
| 59 | ndnsec-keygen /`whoami` | ndnsec-install-cert - |
| 60 | |
| 61 | Note that the argument to ndnsec-key will be the identity name of the |
| 62 | new key (in this case, ``/your-username``). Identity names are |
| 63 | hierarchical NDN names and may have multiple components (e.g. |
| 64 | ``/ndn/ucla/edu/alice``). You may create additional keys and identities |
| 65 | as you see fit. |
| 66 | |
| 67 | **Dump the NDN certificate to a file**: |
| 68 | |
| 69 | The following commands assume that you have not modified ``PREFIX`` or |
| 70 | ``SYSCONFDIR`` If you have, please substitute ``/usr/local/etc`` for the |
| 71 | appropriate value (the overriden ``SYSCONFDIR`` or ``PREFIX/etc`` if you |
| 72 | changed ``PREFIX``). |
| 73 | |
| 74 | :: |
| 75 | |
| 76 | sudo mkdir -p /usr/local/etc/ndn/keys |
| 77 | ndnsec-cert-dump -i /`whoami` > default.ndncert |
| 78 | sudo mv default.ndncert /usr/local/etc/ndn/keys/default.ndncert |
| 79 | |
| 80 | Running NFD with Ethernet Face Support |
| 81 | -------------------------------------- |
| 82 | |
| 83 | The ether configuration file section contains settings for Ethernet |
| 84 | faces and channels. These settings will **NOT** work without root or |
| 85 | setting the appropriate permissions: |
| 86 | |
| 87 | :: |
| 88 | |
| 89 | sudo setcap cap_net_raw,cap_net_admin=eip /full/path/nfd |
| 90 | |
| 91 | You may need to install a package to use setcap: |
| 92 | |
| 93 | **Ubuntu:** |
| 94 | |
| 95 | :: |
| 96 | |
| 97 | sudo apt-get install libcap2-bin |
| 98 | |
| 99 | **Mac OS X:** |
| 100 | |
| 101 | :: |
| 102 | |
| 103 | curl https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3373 -o ChmodBPF.tar.gz |
| 104 | tar zxvf ChmodBPF.tar.gz |
| 105 | open ChmodBPF/Install\ ChmodBPF.app |
| 106 | |
| 107 | or manually: |
| 108 | |
| 109 | :: |
| 110 | |
| 111 | sudo chgrp admin /dev/bpf* |
| 112 | sudo chmod g+rw /dev/bpf* |
| 113 | |
| 114 | UDP multicast support in multi-homed Linux machines |
| 115 | --------------------------------------------------- |
| 116 | |
| 117 | The UDP configuration file section contains settings for unicast and multicast UDP |
| 118 | faces. If the Linux box is equipped with multiple network interfaces with multicast |
| 119 | capabilities, the settings for multicast faces will **NOT** work without root |
| 120 | or setting the appropriate permissions: |
| 121 | |
| 122 | :: |
| 123 | |
| 124 | sudo setcap cap_net_raw=eip /full/path/nfd |