Gitiles
Code Review Sign In
gerrit.named-data.net / ppa-packaging / 790bb214ea9f9af97662bccf64be5219c3e83cd3 / . / nfd / debian / nfd.conf
blob: bc9319966d8243650824209d37089f807a2966ac [file] [log] [blame]
Alexander Afanasyev469cbcd2014-05-08 01:25:11 -0700[diff] [blame]1; The general section contains settings of nfd process.
Alexander Afanasyev34412062014-08-25 12:35:54 -0700[diff] [blame]2general
3{
Alexander Afanasyevcc5661e2015-01-28 11:52:10 -0800[diff] [blame]4 user ndn
5 group ndn
Alexander Afanasyev34412062014-08-25 12:35:54 -0700[diff] [blame]6}
Alexander Afanasyev469cbcd2014-05-08 01:25:11 -0700[diff] [blame]7
8log
9{
10 ; default_level specifies the logging level for modules
11 ; that are not explicitly named. All debugging levels
12 ; listed above the selected value are enabled.
13 ;
14 ; Valid values:
15 ;
16 ; NONE ; no messages
17 ; ERROR ; error messages
18 ; WARN ; warning messages
19 ; INFO ; informational messages (default)
20 ; DEBUG ; debugging messages
21 ; TRACE ; trace messages (most verbose)
22 ; ALL ; all messages
23
24 default_level INFO
25
26 ; You may override default_level by assigning a logging level
27 ; to the desired module name. Module names can be found in two ways:
28 ;
29 ; Run:
30 ; nfd --modules
31 ; nrd --modules
32 ;
33 ; Or look for NFD_LOG_INIT(<module name>) statements in .cpp files
34 ;
35 ; Example module-level settings:
36 ;
37 ; FibManager DEBUG
38 ; Forwarder INFO
39}
40
Alexander Afanasyev34412062014-08-25 12:35:54 -0700[diff] [blame]41; The tables section configures the CS, PIT, FIB, Strategy Choice, and Measurements
42tables
43{
44
45 ; ContentStore size limit in number of packets
46 ; default is 65536, about 500MB with 8KB packet size
47 cs_max_packets 65536
48}
49
Alexander Afanasyev469cbcd2014-05-08 01:25:11 -0700[diff] [blame]50; The face_system section defines what faces and channels are created.
51face_system
52{
53 ; The unix section contains settings of UNIX stream faces and channels.
54 unix
55 {
Alexander Afanasyev469cbcd2014-05-08 01:25:11 -0700[diff] [blame]56 path /var/run/nfd.sock ; UNIX stream listener path
57 }
58
59 ; The tcp section contains settings of TCP faces and channels.
60 tcp
61 {
62 listen yes ; set to 'no' to disable TCP listener, default 'yes'
63 port 6363 ; TCP listener port number
64 enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
65 enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
66 }
67
68 ; The udp section contains settings of UDP faces and channels.
69 ; UDP channel is always listening; delete udp section to disable UDP
70 udp
71 {
72 port 6363 ; UDP unicast port number
73 enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
74 enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
75 idle_timeout 600 ; idle time (seconds) before closing a UDP unicast face
76 keep_alive_interval 25; interval (seconds) between keep-alive refreshes
77
78 ; UDP multicast settings
79 ; NFD creates one UDP multicast face per NIC
80 mcast yes ; set to 'no' to disable UDP multicast, default 'yes'
81 mcast_port 56363 ; UDP multicast port number
82 mcast_group 224.0.23.170 ; UDP multicast group (IPv4 only)
83 }
84
85 ; The ether section contains settings of Ethernet faces and channels.
86 ether
87 {
88 ; Ethernet multicast settings
89 ; NFD creates one Ethernet multicast face per NIC
90 mcast yes ; set to 'no' to disable Ethernet multicast, default 'yes'
91 mcast_group 01:00:5E:00:17:AA ; Ethernet multicast group
92 }
93}
94
95authorizations
96{
97 authorize
98 {
Alexander Afanasyev790bb212015-03-15 19:19:25 -0700[diff] [blame^]99 certfile certs/localhost_daemons_nfd.ndncert
Alexander Afanasyev469cbcd2014-05-08 01:25:11 -0700[diff] [blame]100 privileges
101 {
102 faces
103 fib
104 strategy-choice
105 }
106 }
107
108 authorize
109 {
110 certfile any
111 privileges
112 {
113 faces
114 strategy-choice
115 }
116 }
117}
118
119rib
120{
121 ; The following localhost_security allows anyone to register routing entries in local RIB
122 localhost_security
123 {
124 trust-anchor
125 {
126 type any
127 }
128 }
129
130 ; localhop_security should be enabled when NFD runs on a hub.
131 ; "/localhop/nfd/fib" command prefix will be disabled when localhop_security section is missing.
132 ; localhop_security
133 ; {
134 ; ; This section defines the trust model for NFD RIB Management. It consists of rules and
135 ; ; trust-anchors, which are briefly defined in this file. For more information refer to
136 ; ; manpage of ndn-validator.conf:
137 ; ;
138 ; ; man ndn-validator.conf
139 ; ;
140 ; ; A trust-anchor is a pre-trusted certificate. This can be any certificate that is the
141 ; ; root of certification chain (e.g., NDN testbed root certificate) or an existing
142 ; ; default system certificate `default.ndncert`.
143 ; ;
144 ; ; A rule defines conditions a valid packet MUST have. A packet must satisfy one of the
145 ; ; rules defined here. A rule can be broken into two parts: matching & checking. A packet
146 ; ; will be matched against rules from the first to the last until a matched rule is
147 ; ; encountered. The matched rule will be used to check the packet. If a packet does not
148 ; ; match any rule, it will be treated as invalid. The matching part of a rule consists
149 ; ; of `for` and `filter` sections. They collectively define which packets can be checked
150 ; ; with this rule. `for` defines packet type (data or interest) and `filter` defines
151 ; ; conditions on other properties of a packet. Right now, you can only define conditions
152 ; ; on packet name, and you can only specify ONLY ONE filter for packet name. The
153 ; ; checking part of a rule consists of `checker`, which defines the conditions that a
154 ; ; VALID packet MUST have. See comments in checker section for more details.
155 ;
156 ; rule
157 ; {
158 ; id "NRD Prefix Registration Command Rule"
159 ; for interest ; rule for Interests (to validate CommandInterests)
160 ; filter
161 ; {
162 ; type name ; condition on interest name (w/o signature)
163 ; regex ^[<localhop><localhost>]<nfd><rib>[<register><unregister>]<>{3}$
164 ; }
165 ; checker
166 ; {
167 ; type customized
168 ; sig-type rsa-sha256 ; interest must have a rsa-sha256 signature
169 ; key-locator
170 ; {
171 ; type name ; key locator must be the certificate name of the
172 ; ; signing key
173 ; regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT>$
174 ; }
175 ; }
176 ; }
177 ; rule
178 ; {
179 ; id "NDN Testbed Hierarchy Rule"
180 ; for data ; rule for Data (to validate NDN certificates)
181 ; filter
182 ; {
183 ; type name ; condition on data name
184 ; regex ^[^<KEY>]*<KEY><>*<ksk-.*><ID-CERT><>$
185 ; }
186 ; checker
187 ; {
188 ; type hierarchical ; the certificate name of the signing key and
189 ; ; the data name must follow the hierarchical model
190 ; sig-type rsa-sha256 ; data must have a rsa-sha256 signature
191 ; }
192 ; }
193 ; trust-anchor
194 ; {
195 ; type file
196 ; file-name keys/default.ndncert ; the file name, by default this file should be placed in the
197 ; ; same folder as this config file.
198 ; }
199 ; ; trust-anchor ; Can be repeated multiple times to specify multiple trust anchors
200 ; ; {
201 ; ; type file
202 ; ; file-name keys/ndn-testbed.ndncert
203 ; ; }
204 ; }
Alexander Afanasyevcc5661e2015-01-28 11:52:10 -0800[diff] [blame]205 ;
206 ; The following localhop_security should be enabled when NFD runs on a hub,
207 ; which accepts all remote registrations and is a short-term solution.
208 ; localhop_security
209 ; {
210 ; trust-anchor
211 ; {
212 ; type any
213 ; }
214 ; }
215
216 remote_register
217 {
218 cost 15 ; forwarding cost of prefix registered on remote router
219 timeout 10000 ; timeout (in milliseconds) of remote prefix registration command
220 retry 0 ; maximum number of retries for each remote prefix registration command
221
222 refresh_interval 300 ; interval (in seconds) before refreshing the registration
223 ; This setting should be less than face_system.udp.idle_time,
224 ; so that the face is kept alive on the remote router.
225 }
Alexander Afanasyev469cbcd2014-05-08 01:25:11 -0700[diff] [blame]226}