FAQ

How to change default paths?

Paths to where NFD is installed can be configured during ./waf configure:

  • Installation prefix (default /usr/local):

    ./waf configure --prefix=/usr
  • Location of NFD configuration file (default: ${prefix}/etc):

    ./waf configure --prefix=/usr --sysconfdir=/etc
  • Location of manpages (default: ${prefix}/share/man)

    ./waf configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man

How to run NFD on Raspberry Pi?

To run NFD on the Raspberry Pi, you need to either enable IPv6 support in Raspberry Pi or disable IPv6 support in NFD.

To enable IPv6 in Raspberry Pi:

sudo modprobe ipv6

To disable IPv6 in NFD, replace enable_v6 yes with enable_v6 no in tcp and udp sections of /usr/local/etc/ndn/nfd.conf:

...
tcp
{
  listen yes
  port 6363
  enable_v4 yes
  enable_v6 no
}

udp
{
  port 6363
  enable_v4 yes
  enable_v6 no
  idle_timeout 600
  keep_alive_interval 25

  mcast yes
  mcast_port 56363
  mcast_group 224.0.23.170
}
...

How to run NFD as non-root user?

How to configure automatic dropping of privileges?

NFD can be configured to drop privileges whenever possible. You can specify a user and/or group for NFD to change its effective user/group ID to in the general section of the configuration file. For example:

general
{
  user nobody
  group nogroup
}

will configure NFD to drop its effective user and group IDs to nobody and nogroup, respectively.

Note

IMPORTANT: NFD may regain elevated permissions as needed during normal execution. Dropping privileges in this manner should not be considered a security mechanism (a compromised NFD that was started as root can trivially return to root). However, reducing privileges may limit any damaged caused by well intentioned, but buggy, code.

How to enable Ethernet Face Support?

The ether configuration file section contains settings for Ethernet faces and channels. These settings will NOT work without root or setting the appropriate permissions:

sudo setcap cap_net_raw,cap_net_admin=eip /full/path/nfd

You may need to install a package to use setcap:

Ubuntu:

sudo apt-get install libcap2-bin

Mac OS X:

curl https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3373 -o ChmodBPF.tar.gz
tar zxvf ChmodBPF.tar.gz
open ChmodBPF/Install\ ChmodBPF.app

or manually:

sudo chgrp admin /dev/bpf*
sudo chmod g+rw /dev/bpf*

How to enable UDP multicast support in multi-homed Linux machines

The UDP configuration file section contains settings for unicast and multicast UDP faces. If the Linux box is equipped with multiple network interfaces with multicast capabilities, the settings for multicast faces will NOT work without root or setting the appropriate permissions:

sudo setcap cap_net_raw=eip /full/path/nfd

How to configure NFD security?

Note

Sample configuration file of NFD allow any user to manage faces, FIB, RIB, and StrategyChoice. The following description can be used to restrict certain operations to certain users.

More extensive documentation about NFD’s security and options to configure trust model for NFD is currently in preparation.

Many NFD management protocols require signed commands to be processed (e.g. FIB modification, Face creation/destructions, etc.). You will need an NDN certificate to use any application that issues signed commands.

If you do not already have NDN certificate, you can generate one with the following commands:

Generate and install a self-signed identity certificate:

ndnsec-keygen /`whoami` | ndnsec-install-cert -

Note that the argument to ndnsec-key will be the identity name of the new key (in this case, /your-username). Identity names are hierarchical NDN names and may have multiple components (e.g. /ndn/ucla/edu/alice). You may create additional keys and identities as you see fit.

Dump the NDN certificate to a file:

The following commands assume that you have not modified PREFIX or SYSCONFDIR If you have, please substitute /usr/local/etc for the appropriate value (the overriden SYSCONFDIR or PREFIX/etc if you changed PREFIX).

sudo mkdir -p /usr/local/etc/ndn/keys
ndnsec-cert-dump -i /`whoami` > default.ndncert
sudo mv default.ndncert /usr/local/etc/ndn/keys/default.ndncert

How to start using NDN MacPorts repository on OSX?

Please see Install NFD Using the NDN MacPorts Repository on OS X.

How to start using NDN PPA repository on Ubuntu Linux?

Please see Install NFD Using the NDN PPA Repository on Ubuntu Linux.

How to start using NDN Overlay on Gentoo Linux?

If you want to install NFD and other packages using Portage on Gentoo Linux, you can start using NDN Overlay.

Simply checkout NDN Overlay repository to some location add the checkout path to PORTDIR_OVERLAY in /etc/portage/make.conf:

cd /some/path
git clone https://github.com/Pesa/ndn-overlay.git

# and then add /some/path/ndn-overlay to PORTDIR_OVERLAY in /etc/portage/make.conf

Afterwards, you will be able to install nfd using standard mechanisms.