Blame - nfd/debian/nfd.conf - ppa-packaging

blob: f2e09a5bbeaff7564b147472d61b3be2575e86c3 [file] [log] [blame]

Alexander Afanasyev	469cbcd	2014-05-08 01:25:11 -0700	[diff] [blame]	1	; The general section contains settings of nfd process.
Alexander Afanasyev	3441206	2014-08-25 12:35:54 -0700	[diff] [blame]	2	general
				3	{
				4	; Specify a user and/or group for NFD to drop privileges to
				5	; when not performing privileged tasks. NFD does not drop
				6	; privileges by default.
				7
				8	; user ndn
				9	; group ndn
				10	}
Alexander Afanasyev	469cbcd	2014-05-08 01:25:11 -0700	[diff] [blame]	11
				12	log
				13	{
				14	; default_level specifies the logging level for modules
				15	; that are not explicitly named. All debugging levels
				16	; listed above the selected value are enabled.
				17	;
				18	; Valid values:
				19	;
				20	; NONE ; no messages
				21	; ERROR ; error messages
				22	; WARN ; warning messages
				23	; INFO ; informational messages (default)
				24	; DEBUG ; debugging messages
				25	; TRACE ; trace messages (most verbose)
				26	; ALL ; all messages
				27
				28	default_level INFO
				29
				30	; You may override default_level by assigning a logging level
				31	; to the desired module name. Module names can be found in two ways:
				32	;
				33	; Run:
				34	; nfd --modules
				35	; nrd --modules
				36	;
				37	; Or look for NFD_LOG_INIT(<module name>) statements in .cpp files
				38	;
				39	; Example module-level settings:
				40	;
				41	; FibManager DEBUG
				42	; Forwarder INFO
				43	}
				44
Alexander Afanasyev	3441206	2014-08-25 12:35:54 -0700	[diff] [blame]	45	; The tables section configures the CS, PIT, FIB, Strategy Choice, and Measurements
				46	tables
				47	{
				48
				49	; ContentStore size limit in number of packets
				50	; default is 65536, about 500MB with 8KB packet size
				51	cs_max_packets 65536
				52	}
				53
Alexander Afanasyev	469cbcd	2014-05-08 01:25:11 -0700	[diff] [blame]	54	; The face_system section defines what faces and channels are created.
				55	face_system
				56	{
				57	; The unix section contains settings of UNIX stream faces and channels.
				58	unix
				59	{
				60	listen yes ; set to 'no' to disable UNIX stream listener, default 'yes'
				61	path /var/run/nfd.sock ; UNIX stream listener path
				62	}
				63
				64	; The tcp section contains settings of TCP faces and channels.
				65	tcp
				66	{
				67	listen yes ; set to 'no' to disable TCP listener, default 'yes'
				68	port 6363 ; TCP listener port number
				69	enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
				70	enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
				71	}
				72
				73	; The udp section contains settings of UDP faces and channels.
				74	; UDP channel is always listening; delete udp section to disable UDP
				75	udp
				76	{
				77	port 6363 ; UDP unicast port number
				78	enable_v4 yes ; set to 'no' to disable IPv4 channels, default 'yes'
				79	enable_v6 yes ; set to 'no' to disable IPv6 channels, default 'yes'
				80	idle_timeout 600 ; idle time (seconds) before closing a UDP unicast face
				81	keep_alive_interval 25; interval (seconds) between keep-alive refreshes
				82
				83	; UDP multicast settings
				84	; NFD creates one UDP multicast face per NIC
				85	mcast yes ; set to 'no' to disable UDP multicast, default 'yes'
				86	mcast_port 56363 ; UDP multicast port number
				87	mcast_group 224.0.23.170 ; UDP multicast group (IPv4 only)
				88	}
				89
				90	; The ether section contains settings of Ethernet faces and channels.
				91	ether
				92	{
				93	; Ethernet multicast settings
				94	; NFD creates one Ethernet multicast face per NIC
				95	mcast yes ; set to 'no' to disable Ethernet multicast, default 'yes'
				96	mcast_group 01:00:5E:00:17:AA ; Ethernet multicast group
				97	}
				98	}
				99
				100	authorizations
				101	{
				102	authorize
				103	{
				104	certfile certs/localhost_daemons_nrd.ndncert
				105	privileges
				106	{
				107	faces
				108	fib
				109	strategy-choice
				110	}
				111	}
				112
				113	authorize
				114	{
				115	certfile any
				116	privileges
				117	{
				118	faces
				119	strategy-choice
				120	}
				121	}
				122	}
				123
				124	rib
				125	{
				126	; The following localhost_security allows anyone to register routing entries in local RIB
				127	localhost_security
				128	{
				129	trust-anchor
				130	{
				131	type any
				132	}
				133	}
				134
				135	; localhop_security should be enabled when NFD runs on a hub.
				136	; "/localhop/nfd/fib" command prefix will be disabled when localhop_security section is missing.
				137	; localhop_security
				138	; {
				139	; ; This section defines the trust model for NFD RIB Management. It consists of rules and
				140	; ; trust-anchors, which are briefly defined in this file. For more information refer to
				141	; ; manpage of ndn-validator.conf:
				142	; ;
				143	; ; man ndn-validator.conf
				144	; ;
				145	; ; A trust-anchor is a pre-trusted certificate. This can be any certificate that is the
				146	; ; root of certification chain (e.g., NDN testbed root certificate) or an existing
				147	; ; default system certificate `default.ndncert`.
				148	; ;
				149	; ; A rule defines conditions a valid packet MUST have. A packet must satisfy one of the
				150	; ; rules defined here. A rule can be broken into two parts: matching & checking. A packet
				151	; ; will be matched against rules from the first to the last until a matched rule is
				152	; ; encountered. The matched rule will be used to check the packet. If a packet does not
				153	; ; match any rule, it will be treated as invalid. The matching part of a rule consists
				154	; ; of `for` and `filter` sections. They collectively define which packets can be checked
				155	; ; with this rule. `for` defines packet type (data or interest) and `filter` defines
				156	; ; conditions on other properties of a packet. Right now, you can only define conditions
				157	; ; on packet name, and you can only specify ONLY ONE filter for packet name. The
				158	; ; checking part of a rule consists of `checker`, which defines the conditions that a
				159	; ; VALID packet MUST have. See comments in checker section for more details.
				160	;
				161	; rule
				162	; {
				163	; id "NRD Prefix Registration Command Rule"
				164	; for interest ; rule for Interests (to validate CommandInterests)
				165	; filter
				166	; {
				167	; type name ; condition on interest name (w/o signature)
				168	; regex ^[<localhop><localhost>]<nfd><rib>[<register><unregister>]<>{3}$
				169	; }
				170	; checker
				171	; {
				172	; type customized
				173	; sig-type rsa-sha256 ; interest must have a rsa-sha256 signature
				174	; key-locator
				175	; {
				176	; type name ; key locator must be the certificate name of the
				177	; ; signing key
				178	; regex ^[^<KEY>]<KEY><><ksk-.*><ID-CERT>$
				179	; }
				180	; }
				181	; }
				182	; rule
				183	; {
				184	; id "NDN Testbed Hierarchy Rule"
				185	; for data ; rule for Data (to validate NDN certificates)
				186	; filter
				187	; {
				188	; type name ; condition on data name
				189	; regex ^[^<KEY>]<KEY><><ksk-.*><ID-CERT><>$
				190	; }
				191	; checker
				192	; {
				193	; type hierarchical ; the certificate name of the signing key and
				194	; ; the data name must follow the hierarchical model
				195	; sig-type rsa-sha256 ; data must have a rsa-sha256 signature
				196	; }
				197	; }
				198	; trust-anchor
				199	; {
				200	; type file
				201	; file-name keys/default.ndncert ; the file name, by default this file should be placed in the
				202	; ; same folder as this config file.
				203	; }
				204	; ; trust-anchor ; Can be repeated multiple times to specify multiple trust anchors
				205	; ; {
				206	; ; type file
				207	; ; file-name keys/ndn-testbed.ndncert
				208	; ; }
				209	; }
				210	}