Provided by: gnunet_0.17.4-1_amd64 
NAME
gnunet.conf — GNUnet configuration file
DESCRIPTION
A GNUnet setup typically consists of a set of service processes run by a user "gnunet" and a
set of user-interface processes run by a standard account. The default location for the
configuration file for the services is ~gnunet/.config/gnunet.conf. However, as normal
users also may need read-access to this configuration, you might want to instead put the
service process configuration in /etc/gnunet.conf. gnunet-setup(1), part of gnunet-gtk, can
be used to edit this configuration. The parts of GNUnet that are run as a normal user may
have config options too and they read from $HOME/.config/gnunet.conf. The latter config
file can skip any options for the services.
The basic structure of the configuration file is the following.
• The file is split into sections.
• Every section begins with a token in square brakets. The current section ends
when a new section starts or end of file is encountered.
• A section contains a number of options of the form "OPTION=VALUE".
• Whitespace surrounding the "=" token is striped out, in other words "OPTION =
VALUE" and "OPTION=VALUE" are treated equal.
• Empty lines and lines beginning with a "#" are treated as comments.
• Boolean values are given as "YES" and "NO".
Almost all options are optional. The tools resort to reasonable defaults if an option is
not present. Default values for all of the options can be found in the files in the
$GNUNET_PREFIX/share/gnunet/config.d/ directory. A typical setup will work out of the box
with those. See the examples section below for some common setups on top of that.
Variable naming conventions and data types
Boolean values for options are set via "YES" or "NO" values, without the double-quotes.
Options which include "PATH" or "path" define a path on the file-system and can take
additional variables in the path, such as $GNUNET_TMP.
Section names as listed more in detail below, are small letters only enclosed by square
brakets.
GENERAL OPTIONS
Many options will be common between sections. They can be repeated under each section with
different values. The "[PATHS]" section is special. Here, it is possible to specify values
for variables like "GNUNET_HOME". Then, in all filenames that begin with "$GNUNET_HOME" the
"$GNUNET_HOME" will be replaced with the respective value at runtime. The main use of this
is to redefine "$GNUNET_HOME", which by default points to $HOME/.config/. By setting this
variable, you can change the location where GNUnet stores its internal data. gnunet.conf
accepts the variable GNUNET_TMP which we suggest to use in place of the absolute definition
of /tmp. So instead of /tmp/foo you would write $GNUNET_TMP/foo. The usage of
$GNUNET_TMP/foo, will result in $TMPDIR/gnunet/foo, or $TMP/gnunet/foo and finally, if
TMPDIR is undefined, /tmp/gnunet/foo. The following options are generic and shared by all
services:
HOSTNAME
The hostname specifies the machine on which the service is running. This is usually
"localhost".
BINARY The filename that implements the service. For example "gnunet-service-ats".
IMMEDIATE_START
Start the service always when the peer starts. Set to YES for services that should
always be launched, even if no other service explicitly needs them.
START_ON_DEMAND
Set to YES to automatically start the service when it is requested by another
service. YES for most GNUnet services.
NOARMBIND
Set to YES to never have ARM bind to the respective socket. This option is mostly
for debugging in situations where ARM cannot pass the pre-bound socket to the child
due to interference from PREFIX-commands. This option is only effective in
combination with IMMEDIATE_START being YES. NO by default.
PREFIX PREFIX the given command (with its arguments) to the actual BINARY to be executed.
Useful to run certain services under special supervisors like strace, dtrace, or
valgrind. Typically used in combination with IMMEDIATE_START and NOARMBIND. Empty
by default.
ACCEPT_FROM
A semi-column separated list of IPv4 addresses that are allowed to use the service;
usually 127.0.0.1.
ACCEPT_FROM6
A semi-column separated list of IPv6 addresses that are allowed to use the service;
usually ::1.
UNIXPATH
Path to use for the UNIX domain socket for inter process communication with the
service on POSIX systems.
UNIX_MATCH_UID
If UNIX domain sockets are used, set this to YES if only users with the same UID are
allowed to access the service.
UNIX_MATCH_GID
If UNIX domain sockets are used, set this to YES if only users with the same GID are
allowed to access the service.
RUN_PER_USER
End-users should never have to change the defaults GNUnet provides for this option.
YES Set to YES if this service should be run per-user.
NO Set to NO if this is a system service.
In the following sections the absence of a default value is either expressed as "Default
value:" followed by nothing, or the lack of this line.
ARM
PORT Default value: 2087
HOSTNAME
Default value: localhost
BINARY Default value: gnunet-service-arm
ACCEPT_FROM
Default value: 127.0.0.1;
ACCEPT_FROM6
Default value: ::1;
UNIXPATH
Special case, uses user runtime dir even for per-system service.
Default value: $GNUNET_USER_RUNTIME_DIR/gnunet-service-arm.sock
UNIX_MATCH_UID
Default value: YES
UNIX_MATCH_GID
Default value: YES
GLOBAL_POSTFIX
In the -l option, format characters from strftime(3) are allowed; In the
GLOBAL_POSTFIX, "{}" stands for the name of the respective service. Thus the
following example for this option would introduce per-service logging with a new log
file each day. Note that only the last 3 log files are preserved. Example:
-l $GNUNET_CACHE_HOME/{}-%Y-%m-%d.log
Default value:
GLOBAL_PREFIX
Default value:
START_SYSTEM_SERVICES
If set to YES, ARM will only start services that are marked as system-level services
(and we'll expect a second ARM to be run per-user to run user-level services). Note
that in this case you must have manually created a different configuration file with
the user where at least this and the START_USER_SERVICES options differ.
START_USER_SERVICES
If set to YES, ARM will only start services that are marked as per-user services
(and we'll expect a system user to run ARM to provide system-level services). Per-
user services enable better personalization and privilege separation and in
particular ensures that personal data is stored under $HOME, which might be
important in a multi-user system (or if $HOME is encrypted and /var/ is not).
Note that if you have different ARM services for SYSTEM and USER, and you are not on
UNIX, you need to change the PORT option for the USER ARM instances to some free
port (counting down from 2085 should provide free ports).
RESOURCE_DIAGNOSTICS
File where we should log per-service resource consumption on exit.
Default value: resource.log
USERNAME
Name of the user that will be used to provide the service.
Default value:
MAXBUF Default value:
TIMEOUT
Default value:
DISABLEV6
Default value:
BINDTO Default value:
REJECT_FROM
Default value:
REJECT_FROM6
Default value:
PREFIX Default value:
ATS
PORT Default value: 2098
HOSTNAME
Default value: localhost
BINARY Default value: gnunet-service-ats
ACCEPT_FROM
Default value: 127.0.0.1;
ACCEPT_FROM6
Default value: ::1;
UNIXPATH
Default value: $GNUNET_RUNTIME_DIR/gnunet-service-ats.sock
UNIX_MATCH_UID
Default value: NO
UNIX_MATCH_GID
Default value: YES
MODE Designated assignment mode. Possible values: PROPORTIONAL, MLP, RIL.
Default value: proportional
UNSPECIFIED_QUOTA_IN
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value: 64
KiB
UNSPECIFIED_QUOTA_OUT
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value: 64
KiB
LOOPBACK_QUOTA_IN
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value:
unlimited
LOOPBACK_QUOTA_OUT
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value:
unlimited
LAN_QUOTA_IN
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value:
unlimited
LAN_QUOTA_OUT
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value:
unlimited
WAN_QUOTA_IN
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value: 64
KiB
WAN_QUOTA_OUT
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value: 64
KiB
WLAN_QUOTA_IN
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value: 1
MiB
WLAN_QUOTA_OUT
quotes in KiB or MiB per seconds. Or use the word "unlimited". Default value: 1
MiB
BLUETOOTH_QUOTA_IN
Default value: 128 KiB
BLUETOOTH_QUOTA_OUT
Default value: 128 KiB
PROP_PROPORTIONALITY_FACTOR
How proportional to preferences is bandwidth distribution in a network? Default
value: 2.00
1.0 Fair with respect to addresses without preferences.
> 1.0 The bigger, the more respect is paid to preferences.
PROP_STABILITY_FACTOR
Should we stick to existing connections are prefer to switch? [1.0...2.0], lower
value prefers to switch, bigger value is more tolerant.
Default value: 1.25
MLP_MAX_DURATION
Maximum duration for a solution process (both LP and MILP). Default value: 3 s
MLP_MAX_ITERATIONS
Maximum numbero of iterations for a solution process (only LP). Tolerated MIP Gap
[0.0 .. 1.0].
Default value: 0.025
MLP_MAX_MIP_GAP
Tolerated LP/MIP Gap [0.0 .. 1.0].
Default value: 0.025
MLP_MAX_LP_MIP_GAP
Default value: 0.025
MLP_MAX_ITERATIONS
Maximum number of iterations for a solution process.
Default value: 1024
MLP_COEFFICIENT_D
Default value: 1.0
MLP_COEFFICIENT_U
Default value: 1.0
MLP_COEFFICIENT_R
Default value: 1.0
MLP_MIN_BANDWIDTH
Default value: 1024
MLP_MIN_CONNECTIONS
Default value: 4
MLP_DUMP_PROBLEM_ALL
Dump all problems to disk.
Default value: YES
MLP_DUMP_SOLUTION_ALL
Dump all solution to disk.
Default value: YES
MLP_GLPK_VERBOSE
Print GLPK output.
Default value: YES
MLP_DUMP_PROBLEM_ON_FAIL
Dump all problems to disk.
Default value: YES
MLP_DUMP_SOLUTION_ON_FAIL
Dump all solution to disk.
Default value: YES
RIL_STEP_TIME_MIN
Default value: 500 ms
RIL_STEP_TIME_MAX
Default value: 1000 ms
RIL_ALGORITHM
Possible values: SARSA or Q-LEARNING.
Default value: Q-LEARNING
RIL_DISCOUNT_BETA
Default value: 0.7
RIL_GRADIENT_STEP_SIZE
Default value: 0.3
RIL_TRACE_DECAY
Default value: 0.2
RIL_EXPLORE_RATIO
Default value: 0.1
RIL_GLOBAL_REWARD_SHARE
Default value: 1
AUCTION
CADET
IMMEDIATE_START
Default value: YES
START_ON_DEMAND
Default value: YES
HOSTNAME
Default value: localhost
PREFIX
ACCEPT_FROM
Default value: 127.0.0.1;
ACCEPT_FROM6
Default value: ::1;
UNIXPATH
Default value: $GNUNET_RUNTIME_DIR/gnunet-service-cadet.sock
UNIX_MATCH_UID
Default value: NO
UNIX_MATCH_GID
Default value: YES
REFRESH_CONNECTION_TIME
How often do we send KEEPALIVE messages on connections to keep them from timing out?
Default value: 5 min
DROP_PERCENT
Percentage of packets CADET is artificially dropping. Used for testing only!
ID_ANNOUNCE_TIME
How frequently do we usually announce our presence in the DHT?
Default value: 1 h
CONNECT_TIMEOUT
Default value: 30 s
DHT_REPLICATION_LEVEL
What is the replication level we give to the DHT when announcing our existence? Usually
there is no need to change this.
Default value: 3
MAX_TUNNELS
Not implemented
Default value: 1000
MAX_CONNECTIONS
Not implemented, replaced by MAX_ROUTES in NEW CADET!
Default value: 1000
MAX_ROUTES
How many routes do we participate in at most? Should be smaller than MAX_MSGS_QUEUE.
Default value: 5000
MAX_MSGS_QUEUE
Not implemented
Default value: 10000
MAX_PEERS
Not implemented
Default value: 1000
RATCHET_TIME
How often do we advance the ratchet even if there is not any traffic?
Default value: 1 h
RATCHET_MESSAGES
How often do we advance the ratched if there is traffic?
Default value: 64
COMMUNICATOR-UNIX
UNIXPATH
Default value: $GNUNET_RUNTIME_DIR/gnunet-communicator-unix.sock
CONSENSUS
START_ON_DEMAND
Default value: YES
HOSTNAME
Default value: localhost
ACCEPT_FROM
Default value: 127.0.0.1;
ACCEPT_FROM6
Default value: ::1;
UNIXPATH
Default value: $GNUNET_RUNTIME_DIR/gnunet-service-consensus.sock
UNIX_MATCH_UID
Default value: YES
UNIX_MATCH_GID
Default value: YES
CORE
START_ON_DEMAND
Default value: YES
HOSTNAME
Default value: localhost
ACCEPT_FROM
Default value: 127.0.0.1;
ACCEPT_FROM6
Default value: ::1;
UNIXPATH
Default value: $GNUNET_RUNTIME_DIR/gnunet-service-core.sock
UNIX_MATCH_UID
Default value: NO
UNIX_MATCH_GID
Default value: YES
DISABLE_SOCKET_FORWARDING
Default value: NO
USERNAME
MAXBUF
TIMEOUT
DISABLEV6
BINDTO
REJECT_FROM
REJECT_FROM6
PREFIX
USE_EPHEMERAL_KEYS
Default value: YES
This MUST be set to YES in production, only set to NO for testing for performance
(testbed/cluster-scale use!).
DATACACHE-POSTGRES
DATASTORE
START_ON_DEMAND
Default value: YES
UNIXPATH
Default value: $GNUNET_RUNTIME_DIR/gnunet-service-datastore.sock
UNIX_MATCH_UID
Default value: NO
UNIX_MATCH_GID
Default value: YES
HOSTNAME
Default value: localhost
ACCEPT_FROM
Default value: 127.0.0.1;
ACCEPT_FROM6
Default value: ::1;
BLOOMFILTER
Default value: $GNUNET_DATA_HOME/datastore/bloomfilter
DATABASE
Default value: sqlite
DISABLE_SOCKET_FORWARDING
Default value: NO
DATASTORE-SQLITE
FILENAME
Default value: $GNUNET_DATA_HOME/datastore/sqlite.db
DATASTORE-POSTGRES
DATASTORE-MYSQL
DATABASE
Default value: gnunet
PASSWORD
DATASTORE-HEAP
HASHMAPSIZE
Default value: 1024
DHT
IMMEDIATE_START boolean
Default value: YES
START_ON_DEMAND boolean
Default value: YES
PORT integer
Default value: 2095
HOSTNAME string
Default value: localhost
BINARY string
Default value: gnunet-service-dht
ACCEPT_FROM string
Default value: 127.0.0.1;
ACCEPT_FROM6 string
Default value: ::1;
BUCKET_SIZE integer
Default value: 4
UNIXPATH path
Default value: $GNUNET_RUNTIME_DIR/gnunet-service-dht.sock
UNIX_MATCH_UID boolean
Default value: NO
UNIX_MATCH_GID boolean
Default value: YES
DISABLE_SOCKET_FORWARDING boolean
Default value: NO
# Should the DHT cache results that we are routing in the DATACACHE as well? CACHE_RESULTS = YES
# Special option to disable DHT calling 'try_connect' (for testing) DISABLE_TRY_CONNECT = NO
DHTCACHE
DATABASE
Default value: heap
DISABLE_BF_RC boolean
Disable RC-file for Bloom filter? (for benchmarking with limited IO availability)
Default value: NO
EXIT
FS
GNS
HOSTLIST
IDENTITY
NAMECACHE
NAMESTORE
NAT-AUTO
NAT
NSE
PEERINFO
PEERSTORE
PT
REGEX
RESOLVER
REST
UNIXPATH
Default value: $GNUNET_USER_RUNTIME_DIR/gnunet-service-rest.sock
BIND_TO
Default value: 127.0.0.1
BIND_TO6
Default value: ::1
REST_PORT
Default value: 7776
REST_ALLOW_HEADERS
Default value: Authorization,Accept,Content-Type
REST_ALLOW_ORIGIN
Default value: *
REST_ALLOW_CREDENTIALS
Default value: true
REVOCATION
SCALARPRODUCT
SECRETSHARING
SET
STATISTICS
TEMPLATE
TESTBED-LOGGER
TESTBED
TESTING
TOPOLOGY
IMMEDIATE_START
Default value: YES
NOARMBIND
Default value: YES
MINIMUM-FRIENDS
Default value: 0
FRIENDS-ONLY
Default value: NO
TARGET-CONNECTION-COUNT
Default value: 16
FRIENDS
Default value: $GNUNET_CONFIG_HOME/topology/friends.txt
TRANSPORT
UTIL
VPN
START_ON_DEMAND
Default value: YES
HOSTNAME
Default value: localhost
ACCEPT_FROM
Default value: 127.0.0.1;
ACCEPT_FROM6
Default value: ::1;
UNIXPATH
Default value: $GNUNET_RUNTIME_DIR/gnunet-service-vpn.sock
UNIX_MATCH_UID
Default value: NO
UNIX_MATCH_GID
Default value: YES
IPV6ADDR
Default value: 1234::1
IPV6PREFIX
Default value: 32
IPV4ADDR
Default value: 10.11.10.1
IPV4MASK
Default value: 255.255.0.0
VIRTDNS
Default value: 10.11.10.2
VIRTDNS6
Default value: 1234::17
ZONEMASTER
START_ON_DEMAND
Default value: YES
IMMEDIATE_START
Default value: YES
HOSTNAME
Default value: localhost
UNIXPATH
Default value: $GNUNET_USER_RUNTIME_DIR/gnunet-service-zonemaster.sock
UNIX_MATCH_UID
Do we require users that want to access GNS to run this process (usually not a good
idea)?
Default value: NO
UNIX_MATCH_GID
Do we require users that want to access GNS to be in the 'gnunet' group?
Default value: NO
MAX_PARALLEL_BACKGROUND_QUERIES
How many queries is GNS allowed to perform in the background at the same time?
Default value: 1000
ZONE_PUBLISH_TIME_WINDOW
How frequently do we try to publish our full zone?
Default value: 4 h
USE_CACHE
Using caching or always ask DHT?
Default value: YES
PREFIX
ZONEMASTER-MONITOR
START_ON_DEMAND
Default value: YES
IMMEDIATE_START
Default value: YES
HOSTNAME
Default value: localhost
UNIXPATH
Default value: $GNUNET_USER_RUNTIME_DIR/gnunet-service-zonemaster-monitor.sock
UNIX_MATCH_UID
Do we require users that want to access GNS to run this process (usually not a good
idea)?
Default value: NO
UNIX_MATCH_GID
Do we require users that want to access GNS to be in the 'gnunet' group?
Default value: NO
EXAMPLES
This example is a simple way to get started, using a server that has a known list of peers
to get you started. Most users will be behind a firewall on IPv4, as such NAT is enabled.
Please remember to change your IP address to the actual external address for your usage.
[hostlist]
OPTIONS = -b -e
[nat]
BEHIND_NAT = YES
ENABLE_UPNP = YES
DISABLEV6 = YES
EXTERNAL_ADDRESS = 157.166.249.10
[arm]
START_SYSTEM_SERVICES = YES
START_USER_SERVICES = NO
FILES
~gnunet/.config/gnunet.conf GNUnet system-user configuration file $HOME/.config/gnunet.conf
User specific GNUnet configuration file /etc/gnunet.conf Systemwide GNUnet configuration
file $GNUNET_PREFIX/share/gnunet/config.d/ GNUnet configuration directory with all default
option values
SEE ALSO
env(1), gnunet-arm(1), gnunet-setup(1), strftime(3).
The full documentation for gnunet is maintained as a Texinfo manual. If the info(1) and
gnunet programs are properly installed at your site, the command
info gnunet
should give you access to the complete handbook,
info gnunet-c-tutorial
will give you access to a tutorial for developers.
Depending on your installation, this information is also available in gnunet(7) and
gnunet-c-tutorial(7).
BUGS
Report bugs by using https://bugs.gnunet.org or by sending electronic mail to
⟨gnunet-developers@gnu.org⟩.