On 07 Apr 2005, Philipp Weis <[EMAIL PROTECTED]> wrote: > On 04 Apr 2005, Arnaud Kyheng <[EMAIL PROTECTED]> wrote: > > Are you using the init script to start the gnunet daemon ? > > (/etc/init.d/gnunet start) > > > > Could you check the /var/log/gnunet and /var/lib/GNUnet access right ? > > It should have read & write access for the gnunet user. > > Thanks, this was the problem that prevented GNUnet from starting up > correctly. All files in /srv/GNUnet/data/afs/content were owned by > root instead of gnunet.
Hm, it seems as if this was not the problem at all. There was some GNUnet traffic on the network after startup, but within a few minutes the daemon disappeared again. Nothing got written to the logfile, although the permissions are set correctly. Strange. I attached my config file, maybe this could help to nail down the problem. -- Philipp Weis [EMAIL PROTECTED] http://pweis.com/
# This is the configuration for the GNUnet daemon, gnunetd. # Copy this file to "/etc/gnunet.conf" if you are root. # For any other location, you must explicitly tell gnunetd # where this file is (option -c FILENAME). # # After any change in this file, you may want to manually restart # gnunetd since some changes are only recognized after a re-start. # Sending a SIGHUP to gnunetd will trigger re-reading the following # options: # NETWORK: HELOEXCHANGE # GNUNETD: LOGLEVEL # LOAD: INTERFACES # LOAD: BASICLIMITING # LOAD: MAXNETDOWNBPSTOTAL # LOAD: MAXNETUPBPSTOTAL # LOAD: MAXCPULOAD # # # This file is structured as follows. # 1) GNUNETD_HOME - base directory for all GNUnet files # 2) gnunetd options (which transport and application services, logging) # 3) network configuration # 4) load management (resource limitations) # 5) UDP, TCP and SMTP transport configuration # 6) configuration for anonymous file sharing (AFS) # ################################################# # # This line gives the root-directory of the GNUnet installation. Make # sure there is some space left in that directory. :-) Users inserting # or indexing files will be able to store data in this directory # up to the (global) quota specified below. Having a few gigabytes # of free space is recommended. # GNUNETD_HOME = /srv/GNUnet ######################################### # Options for the GNUnet server, gnunetd ######################################### [GNUNETD] # How many minutes is the current IP valid? (GNUnet will sign HELO # messages with this expiration timeline. If you are on dialup, 60 # (for 1 hour) is suggested. If you are having a static IP address, # you may want to set this to a large value (say 14400). The default # is 1440 (1 day). If your IP changes periodically, you will want to # choose the expiration to be smaller than the frequency with which # your IP changes. # The largest legal value is 14400 (10 days). # Default: HELOEXPIRES = 1440 HELOEXPIRES = 1440 # Loglevel, how much should be logged? You can use NOTHING, FATAL, # ERROR, FAILURE, WARNING, MESSAGE, INFO, DEBUG, CRON or EVERYTHING # (which log more and more messages in this order). Default is # WARNING. LOGLEVEL = WARNING # In which file should gnunetd write the logs? If you specify # nothing, logs are written to stderr (and note that if gnunetd runs # in the background, stderr is closed and all logs are discarded). # Default: LOGFILE = /var/log/gnunetd/gnunetd.log # Do not change this unless you know exactly what you're doing. # Changing this value alone, will break the package. LOGFILE = /var/log/gnunetd/gnunetd.log # In which file should gnunetd write the process-id of the server? If # you run gnunetd as root, you may want to choose # /var/run/gnunetd.pid. It's not the default since gnunetd may not # have write rights at that location. # Default: PIDFILE = /var/run/gnunetd/gnunetd.pid # Do not change this unless you know exactly what you're doing. # Changing this value alone, will break the package. PIDFILE = /var/run/gnunetd/gnunetd.pid # This directory should be made available periodically --- it contains # information how to join GNUnet that is in no way private to the # local node. This directory can be shared between nodes AND should # be put on a public web-server (if possible). You should find a list # of known hosts under http://www.ovmj.org/GNUnet/hosts/, you can copy # those files into this directory. # # If you specify a HOSTLISTURL, the directory will be automatically # populated by gnunetd with an initial set of nodes. # Default: HOSTS = $GNUNETD_HOME/data/hosts/ HOSTS = $GNUNETD_HOME/data/hosts/ # GNUnet can automatically update the hostlist from the web. While # GNUnet internally communicates which hosts are online, it is # typically a good idea to get a fresh hostlist whenever gnunetd # starts from the WEB. By setting this option, you can specify from # which server gnunetd should try to download the hostlist. The # default should be fine for now. # # The general format is a list of space-separated URLs. Each URL must # have the format http://HOSTNAME/FILENAME # # If you want to setup an alternate hostlist server, you must run a # permanent node and "cat data/hosts/* > hostlist" every few minutes # to keep the list up-to-date. # # If you do not specify a HOSTLISTURL, you must copy valid hostkeys to # data/hosts manually. # Default: HOSTLISTURL = "http://www.ovmj.org/GNUnet/download/hostlist http://www.woodtick.co.uk/hostlist" HOSTLISTURL = "http://www.ovmj.org/GNUnet/download/hostlist http://gnunet.wensley.org.uk/hostlist" # If you have to use a proxy for outbound HTTP connections, # specify the proxy configuration here. Default is no proxy. # HTTP-PROXY = localhost # HTTP-PROXY-PORT = 1080 # Which applications should gnunetd support? Specify the name of the # dynamic shared object (DSO) that implements the service in the # gnunetd core here. Separate multiple modules with spaces. # # Currently, the available applications are: # afs: anonymous file sharing # chat: broadcast chat (demo-application) # tbench: benchmark tool for transport performance # tracekit: GNUnet topology visualization toolkit # # All protocols but "afs" are potential security risks # and have been engineered for testing GNUnet or demonstrating how # GNUnet works. They should be used with caution. # # Typical choices are: "afs chat tbench tracekit" # Default: APPLICATIONS = "afs tbench tracekit" APPLICATIONS = "afs" # Which transport mechanisms are available? Use space-separated list # of the modules, e.g. "udp smtp tcp". The order is irrelevant, each # protocol has a build-in cost-factor and this factor determines which # protocols are preferred. # # The available transports at this point are udp, tcp, http, smtp, # tcp6, udp6 and the special 'nat' service. # # Loading the 'nat' and 'tcp' modules is required for peers behind NAT # boxes that cannot directly be reached from the outside. Peers that # are NOT behind a NAT box and that want to *allow* peers that ARE # behind a NAT box to connect must ALSO load the 'nat' module. Note # that the actual transfer will always be via tcp initiated by the peer # behind the NAT box. # # Usually, the default is just fine for most people. # Choices are: "udp tcp udp6 tcp6 nat http smtp" # Default: TRANSPORTS = "udp tcp nat" TRANSPORTS = "udp tcp nat" ############################################ # Network configuration ############################################ [NETWORK] # Which is the client-server port that is used between gnunetd and the # clients (TCP only). You may firewall this port for non-local # machines. # Default: PORT = 2087 PORT = 2087 # Set if GNUnet fails to determine your IP. GNUnet first tries to # determine your IP by looking at the IP that matches the interface # that is given with the option INTERFACE. # Under Windows, specify the ID reported by # "gnunet-win-tool -n" # Default: INTERFACE = eth0 INTERFACE = eth0 # If this fails, GNUnet will try to do a DNS lookup on your HOSTNAME, # which may also fail, in particular if you are on dialup. # # If both options are not viable for you, you can specify an IP in # this configuration file. This may be required if you have multiple # interfaces (currently GNUnet can only work on one of them) or if you # are behind a router/gateway that performs network address # translation (NAT). In the latter case, set this IP to the *external* # IP of the router (!) and make sure that the router forwards incoming # UDP packets on the GNUnet port (default: 2086) to the dedicated # GNUnet server in the local network. # # The given example value (127.0.0.1) will NOT work! If you do not know # what all this means, try without! # Default is no IP specified. # IP = 127.0.0.1 # If this host is connected to two networks, a private which is not # reachable from the Internet and that contains GNUnet clients and to # a public network, typically the Internet (and is this host is thus # in the position of a router, typically doing NAT), then this option # should be set to 'NO'. It prevents the node from forwarding HELOs # other than its own. If you do not know what the above is about, just # keep it set to YES (which is also the default when the option is not # given). # Default is yes: HELOEXCHANGE = YES HELOEXCHANGE = YES # With this option, you can specify which networks are trusted enough # to connect as clients to the TCP port. This is useful if you run # gnunetd on one host of your network and want to allow all other # hosts to use this node as their server. By default, this is set to # 'loopback only'. The format is the same as for the BLACKLIST. # Default is: TRUSTED = 127.0.0.0/8; TRUSTED = 127.0.0.0/8; ###################################### # Options for load management ###################################### [LOAD] # In this section you specify how many resources GNUnet is allowed to # use. GNUnet may exceed the limits by a small margin (network & CPU # are hard to control directly), but should do a reasonable job to # keep the average around these values # For which interfaces should we do accounting? GNUnet will evaluate # the total traffic (not only the GNUnet related traffic) and adjust # its bandwidth usage accordingly. You can currently only specify a # single interface. GNUnet will also use this interface to determine # the IP to use. Typical values are eth0, ppp0, eth1, wlan0, etc. # 'ifconfig' will tell you what you have. Never use 'lo', that just # won't work. # Under Windows, specify the ID reported by # "gnunet-win-tool -n". # Default is: INTERFACES = eth0 INTERFACES = eth0 # Use basic bandwidth limitation? YES or NO. The basic method (YES) # notes only GNUnet traffic and can be used to specify simple maximum # bandwidth usage of GNUnet. Choose the basic method if you don't # want other network traffic to interfere with GNUnet's operation, but # still wish to constrain GNUnet's bandwidth usage, or if you can't # reliably measure the maximum capabilities of your connection. YES # can be very useful if other applications are causing a lot of # traffic on your LAN. In this case, you do not want to limit the # traffic that GNUnet can inflict on your WAN connection whenever your # high-speed LAN gets used (e.g. by NFS). # # The advanced bandwidth limitation (NO) measures total traffic over # the chosen interface (including traffic by other applications), and # allows gnunetd to participate if the total traffic is low enough. # Default is: BASICLIMITING = YES BASICLIMITING = YES # Bandwidth limits in bytes per second. These denote the maximum # amounts GNUnet is allowed to use. # Defaults are: # MAXNETUPBPSTOTAL = 50000 # MAXNETDOWNBPSTOTAL = 50000 MAXNETUPBPSTOTAL = 10000 MAXNETDOWNBPSTOTAL = 10000 # Which CPU load can be tolerated (total, GNUnet will adapt if the # load goes up due to other processes). A value of 50 means that once # your 1 minute-load average goes over 50% non-idle, GNUnet will start # dropping packets until it goes under that threshold again. # Default is MAXCPULOAD = 50 MAXCPULOAD = 50 ########################################### # Options for the UDP transport layer. ########################################### [UDP] # To which port does GNUnet bind? Default is 2086 and there is usually # no reason to change that. PORT = 2086 # With this option, you can specify which networks you do NOT want to # connect to. Usually you will want to filter loopback (127.0.0.1, # misconfigured GNUnet hosts), virtual private networks, [add a class # C network here], 192.168.0.0, 172.16.0.0 and 10.0.0.0 (RFC # 1918). The format is IP/NETMASK where the IP is specified in # dotted-decimal and the netmask either in CIDR notation (/16) or in # dotted decimal (255.255.0.0). Several entries must be separated by a # semicolon, spaces are not allowed. Notice that if your host is on a # private network like the above, you will have to configure your NAT # to allow incoming requests and you will want to modify this option. # The idea behind this option is not to discriminate against NAT users # but to ensure that hosts only attempt to connect to machines that # they have a chance to actually reach. Of course, you could also use # it against known adversaries that have a small IP range at their # disposal :-) # # Example (and default): # 127.0.0.1/8;172.16.0.0/12;192.168.0.0/16;10.0.0.0/255.0.0.0; BLACKLIST = 127.0.0.1/8;172.16.0.0/12;192.168.0.0/16;10.0.0.0/255.0.0.0; # The MTU to use. Do not use more than your OS # (and firewall) can support. Typically, your # network-MTU - 28 is optimal, for ethernet, this # is 1472, the default. Do not use less than 1200. # # The default is 1472, which is also used if you specify # nothing. MTU = 1472 ########################################### # Options for the TCP transport layer. ########################################### [TCP] # To which port does GNUnet bind? Default is 2086 and there is usually # no reason to change that. Make sure that this port does not # conflict with the port for GNUnet clients (section NETWORK), which # defaults to 2087. PORT = 2086 # With this option, you can specify which networks you do NOT want to # connect to. Usually you will want to filter loopback (127.0.0.1, # misconfigured GNUnet hosts), virtual private networks, [add a class # C network here], 192.168.0.0, 172.16.0.0 and 10.0.0.0 (RFC # 1918). The format is IP/NETMASK where the IP is specified in # dotted-decimal and the netmask either in CIDR notation (/16) or in # dotted decimal (255.255.0.0). Several entries must be separated by a # semicolon, spaces are not allowed. Notice that if your host is on a # private network like the above, you will have to configure your NAT # to allow incoming requests and you will want to modify this option. # The idea behind this option is not to discriminate against NAT users # but to ensure that hosts only attempt to connect to machines that # they have a chance to actually reach. Of course, you could also use # it against known adversaries that have a small IP range at their # disposal :-) # Example (and default): # BLACKLIST = 127.0.0.1/8;192.168.0.0/16;10.0.0.0/255.0.0.0; BLACKLIST = 127.0.0.1/8;192.168.0.0/16;10.0.0.0/255.0.0.0; # The MTU to use (TCP is stream oriented, so we are pretty free to # choose what we want, but note that larger MTUs mean more noise if # traffic is low). Do not use less than 1200. Default is 1460. MTU = 1460 ############################################### # Options for NAT transport ############################################### [NAT] # Is this machine behind a NAT that does not allow # connections from the outside to the GNUnet port? # (if you can configure the NAT box to allow # direct connections from other peers, set this # to NO). Set this only to YES if other peers # cannot contact you directly via TCP or UDP. # If you set this to YES, you should also set the # TCP port to '0' and disable UDP to indicate that you # cannot accept inbound connections. # # Default: NO LIMITED = NO ########################################## # IPv6 transports, don't bother unless you # want to use IPv6. ########################################## [UDP6] # Default port is 2088 and MTU is 1452. PORT = 2088 # BLACKLIST = MTU = 1452 [TCP6] # Default port is 2088 and MTU is 1440. PORT = 2088 # BLACKLIST = MTU = 1440 [HTTP] # Default port is 1080 and MTU is 1400. PORT = 1080 # BLACKLIST = MTU = 1400 ############################################### # Options for SMTP transport ############################################### [SMTP] # E-mail address to use to receive messages. Do not specify anything # if you do not want to allow SMTP as a receiver protocol; you can # still *send* email to establish connections in that case. Example: # EMAIL = [EMAIL PROTECTED] # EMAIL = # MTU for the E-mail. How large should the E-mails be that we send # out? Default is 65536 (bytes). MTU = 65536 # Port of the SMTP server for outbound mail. If not specified, the # TCP/SMTP entry from /etc/services is consulted. Default is 25. PORT = 25 # Hostname of the SMTP server. Default is "localhost". SERVER = localhost # Hostname of the sender host to use in the HELO message of the SMTP # protocol (not to be confused with the HELO in the GNUnet p2p # protocol). Pick a hostname that works for your SMTP server. This # hostname has nothing to do with the hostname of the SMTP server or # your E-mail sender address (though those names should work in most # cases). In fact, it often does not even have to exist as a real # machine. Example: "myhost.example.com" SENDERHOSTNAME = myhost.example.com # Filter-line to use in the E-mail header. This filter will be # included in the GNUnet-generated E-mails and should be used to # filter out GNUnet traffic from the rest of your E-mail. Make sure # that the filter you choose is highly unlikely to occur in any other # message. # # Examples: # FILTER = "X-mailer: myGNUnetmail" # FILTER = "Subject: foobar5252" FILTER = "X-mailer: 590N" # Name of the pipe via which procmail sends the filtered E-mails to # the node. Default is /tmp/gnunet.smtp PIPE = /tmp/gnunet.smtp ################################################ # Options for anonymous filesharing (AFS). ################################################ [AFS] # How much disk space (MB) is GNUnet allowed to use for anonymous file # sharing? This does not take indexed files into account, only the # space directly used by GNUnet is accounted for. GNUnet will gather # content from the network if the current space-consumption is below # the number given here (and if content migration is allowed below). # # IMPORTANT: # Note that if you change the quota, you need to run gnunet-convert, # otherwise your databases will be inconsistent and gnunetd will # refuse to work. Default is 1024 (1 GB) DISKQUOTA = 1024 # Which database type should be used for content? Valid types are "bdb", # "gdbm", "mysql", "tdb", "sqlite" and "directory". Specified type must have # been available at compile time. "directory" is available on all # systems but typically uses more space and can also be slower. mysql # will require some additional setup of the database. # # Note that if you change the databaset type, you need to run # gnunet-convert, otherwise your databases will be # inconsistent (and gnunetd will refuse to work). Default is gdbm. # Default database for the Debian package is now sqlite since 0.6.6b-1. DATABASETYPE = "sqlite" # What degree of receiver anonymity is required? If set to 0, GNUnet # will try to download the file as fast as possible without any # additional slowdown by the anonymity code. Note that you will still # have a fair degree of anonymity depending on the current network # load and the power of the adversary. The download is still unlikely # to be terribly fast since the sender may have requested # sender-anonymity and since in addition to that, GNUnet will still do # the anonymous routing. # # This option can be used to limit requests further than that. In # particular, you can require GNUnet to receive certain amounts of # traffic from other peers before sending your queries. This way, you # can gain very high levels of anonymity - at the expense of much more # traffic and much higher latency. So set it only if you really # believe you need it. # # The definition of ANONYMITY-RECEIVE is the following: # If the value v is < 1000, it means that if GNUnet routes n bytes # of messages from foreign peers, it may originate n/v bytes of # queries in the same time-period. The time-period is twice the # average delay that GNUnet deferrs forwarded queries. # # If the value v is >= 1000, it means that if GNUnet routes n bytes # of QUERIES from at least (v % 1000) peers, it may originate # n/v/1000 bytes of queries in the same time-period. # # The default is 0 and this should be fine for most users. Also notice # that if you choose values above 1000, you may end up having no # throughput at all, especially if many of your fellow GNUnet-peers do # the same. ANONYMITY-RECEIVE = 0 # You can also request a certain degree of anonymity for the files and # blocks that you are sharing. In this case, only a certain faction of # the traffic that you are routing will be allowed to be replies that # originate from your machine. Again, 0 means unlimited. # # The semantics of ANONYMITY-SEND are equivalent to the semantics of # ANONYMITY-RECEIVE. # # The default is 0 and this should be fine for most users. ANONYMITY-SEND = 0 # Should we participate in content migration? If you say yes here, # GNUnet will migrate content to your server, and you will not be able # to control what data is stored on your machine. This option has # advantages and disadvantages. # # If you activate it, you can claim for *all* the non-indexed (-n to # gnunet-insert) content that you did not know what it was even if an # adversary takes control of your machine. # # If you do not activate it, it is obvious that you have knowledge of # all the content that is hosted on your machine and thus can be # considered liable for it. # # So if you think that the legal system in your country has gone # postal, you may want to set it to "NO" and make sure that the # content you put on your machine does not get you into too much # trouble if an adversary takes control of your machine. If you think # that you're safe if you host content that you don't know anything # about (like an ISP) or that you don't have to fear prosecution # no-matter-what, turn it to YES, which will also improve GNUnet's # performance and thereby your results. # # Note that as long as the adversary is not really powerful (e.g. can # not take control of your machine), GNUnet's build-in anonymity # mechanisms should protect you from being singled out easily. # # Currently, activating active migration can cause some problems when # the database is getting full (gdbm reorganization can take very, # very long and make GNUnet look like it hangs for that time). Thus if # you turn it on, you may want to disable it after you hit the # quota. A better content management system should solve this problem # in the near future... [at the time of GNUnet 0.6.1c, the MySQL # database module already works well even if the db is full.] # Default is YES. ACTIVEMIGRATION = YES # Where to store the AFS related data (content, etc)? AFSDIR = $GNUNETD_HOME/data/afs/ # Where to store indexed files (NEW!) # Note that you MUST not copy files directly to this # directory. gnunet-insert (or gnunet-gtk) will copy # the files that you index to this directory. With the # -l option you instead create a link (if gnunetd and # gnunet-insert run on the same machine) instead. # # The QUOTA option does NOT apply for this directory. # To limit how much can be placed in this directory # set the option INDEX-QUOTA. Files that are merely # linked do not count towards the quota. # # If you uncomment this option gnunetd will refuse # content indexing requests (insertion will still be # possible). # # Note that files indexed with GNUnet before Version # 0.6.2 were not moved/linked to this directory. But that # should not cause any immediate problems (the files # will continue to be downloadable). What will be # impossible is unindexing these files with # gnunet-delete and GNUnet >= 0.6.2. # Default is $GNUNETD_HOME/data/shared/ INDEX-DIRECTORY = $GNUNETD_HOME/data/shared/ # Indexing quota. Default is 8192. INDEX-QUOTA = 8192 ####################################### # Experimental GDBM options ####################################### [GDBM] # Use experimental settings for managing # free blocks in gdbm. Default is YES! EXPERIMENTAL = YES # This option allows avoiding gdbm database reorganization # on startup. It should definitely only be used together # with the experimental gdbm free blocks option. Nevertheless, # the option has not been tested extensively yet, so to be # safe it should be set to 'YES' (do reorganize). Default # is 'YES'. REORGANIZE = YES ####################################### # TESTBED (experimental!) ####################################### [TESTBED] # Where should we register the testbed service? # Default is "http://www.ovmj.org/GNUnet/testbed/" REGISTERURL = "http://www.ovmj.org/GNUnet/testbed/" # Is the testbed operator allowed to load and # unload modules? (somewhat of a security risk!) # Default is NO. ALLOW_MODULE_LOADING = NO # Where should file-uploads go? # Default is $GNUNETD_HOME/testbed UPLOAD-DIR = $GNUNETD_HOME/testbed # Login-name for SSH-tunnel (for secure testbed # connections). Without login name the testbed-server # will try to make a direct TCP connection to the # application port (default: 2087). # LOGIN = ######################################## # DHT (experimental) ######################################## [DHT] # Number of buckets to use (determines memory requirements) # Default (and maximum) is 160. BUCKETCOUNT = 160 # Amount of memory (in bytes) to use for the master table # (table that caches table-to-peer mappings). # Default is 65536. MASTER-TABLE-SIZE = 65536
signature.asc
Description: Digital signature