aboutsummaryrefslogtreecommitdiff
path: root/contrib/config.scm
blob: d7fd931fa7ffd353053113994cedf0cf098522a2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
;; This is not a stand-alone guile application.
;; It can only be executed from within gnunet-setup.
;;
;; GNUnet setup defines a function "build-tree-node"
;; (with arguments section, option, description, help,
;;  children, visible, value and range) which is
;;  used by the script to create the configuration tree.
;;
;; GNUnet setup defines a function "change-visible"
;; (with arguments context, section, option, yesno) which
;;  can be used by the script to dynamically change the
;;  visibility of options.
;;
;; GNUnet setup defines a function "get-option"
;; (with arguments context, section, option) which
;;  can be used to query the current value of an option.
;;
;; GNUnet setup defines a function "set-option"
;; (with arguments context, section, option, value) which
;;  can be used to set the value of an option.
;;
;;
;; GNUnet setup requires two functions from this script.
;; First, a function "gnunet-config-setup" which constructs the
;; configuration tree.
;;
;; Second, a function "gnunet-config-change" which is notified whenever
;; configuration options are changed; the script can then
;; change the visibility of other options.


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; for GNU gettext
(define (_ msg) msg)

;; common string
(define (nohelp) 
  (_ "No help available.") )

(define (nathelp)
  (_ "You can use 'make check' in src/transports/upnp/ to find out if your NAT supports UPnP.  You should disable this option if you are sure that you are not behind a NAT.  If your NAT box does not support UPnP, having this on will not do much harm (only cost a small amount of resources).") )

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; menu definitions

;; meta-menu

(define (meta-exp builder) 
 (builder
   "Meta"
   "EXPERIMENTAL"
   (_ "Prompt for development and/or incomplete code")
   (_
"If EXPERIMENTAL is set to NO, options for experimental code are not shown.  If in doubt, use NO.

Some options apply to experimental code that maybe in a state of development where the functionality, stability, or the level of testing is not yet high enough for general use.  These features are said to be of \"alpha\" quality.  If a feature is currently in alpha, uninformed use is discouraged (since the developers then do not fancy \"Why doesn't this work?\" type messages).

However, active testing and qualified feedback of these features is always welcome.  Users should just be aware that alpha features may not meet the normal level of reliability or it may fail to work in some special cases.  Bug reports are usually welcomed by the developers, but please read the documents <file://README> and <http://gnunet.org/faq.php3> and use <https://gnunet.org/mantis/> for how to report problems." )
   '()
   #t
   #f
   #f
   'advanced) )

(define (meta-adv builder) 
 (builder
   "Meta"
   "ADVANCED"
   (_ "Show options for advanced users")
   (_
"These are options that maybe difficult to understand for the beginner. These options typically refer to features that allow tweaking of the installation.  If in a hurry, say NO." )
   '()
   #t
   #t
   #f
   'always) )

(define (meta-rare builder) 
 (builder
  "Meta"
   "RARE"
   (_ "Show rarely used options")
   (_
"These are options that hardly anyone actually needs.  If you plan on doing development on GNUnet, you may want to look into these.  If in doubt or in a hurry, say NO." )
   '()
   #t
   #t
   #f
   'advanced) )

(define (meta builder)
 (builder
   "Meta"
   "" 
   (_ "Meta-configuration") 
   (_ "Which level of configuration should be available")
   (list 
     (meta-adv builder) 
     (meta-rare builder)
     (meta-exp builder)
   )
   #t
   #f
   #f
   'always) )

;; fundamentals

(define (paths-home builder)
 (builder
  "PATHS"
  "GNUNETD_HOME"
  (_ "Full pathname of GNUnet HOME directory")
  (_ 
"This gives the root-directory of the GNUnet installation. Make sure there is some space left in that directory. :-)  Users inserting or indexing files will be able to store data in this directory up to the (global) quota specified below.  Having a few gigabytes of free space is recommended." ) 
  '()
  #t
  "/var/lib/gnunet"
  '()
  'always) )

;; General menu

(define (fs-path builder)
 (builder
  "FS"
  "DIR"
  (_ "Full pathname of GNUnet directory for file-sharing data")
  (nohelp) 
  '()
  #t
  "$GNUNETD_HOME/data/fs"
  '()
  'always) )

(define (kv-path builder)
 (builder
  "KEYVALUE_DATABASE"
  "DIR"
  (_ "Full pathname to the directory with the key-value database")
  (_ "Note that the kvstore is currently not used.") 
  '()
  #f
  "$GNUNETD_HOME/kvstore/"
  '()
  'never) )

(define (index-path builder)
 (builder
  "FS"
  "INDEX-DIRECTORY"
  (_ "Full pathname of GNUnet directory for indexed files symbolic links")
  (nohelp) 
  '()
  #t
  "$GNUNETD_HOME/data/shared"
  '()
  'always) )

(define (general-helloexpires builder)
 (builder
  "GNUNETD"
  "HELLOEXPIRES"
  (_ "How many minutes should peer advertisements last?")
  (_ 
"How many minutes is the current IP valid?  (GNUnet will sign HELLO messages with this expiration timeline. If you are on dialup, 60 (for 1 hour) is suggested. If you have a static IP address, you may want to set this to a large value (say 14400).  The default is 1440 (1 day). If your IP changes periodically, you will want to choose an expiry period smaller than the frequency with which your IP changes." )
  '()
  #t
  1440
  (cons 1 14400)
  'advanced) )

(define (general-hostlisturl builder)
 (builder
  "GNUNETD"
  "HOSTLISTURL"
  (_ "Where can GNUnet find an initial list of peers?")
  (_ 
"GNUnet can automatically update the hostlist from the web. While GNUnet internally communicates which hosts are online, it is typically a good idea to get a fresh hostlist whenever gnunetd starts from the WEB. By setting this option, you can specify from which server gnunetd should try to download the hostlist. The default should be fine for now.
		
The general format is a list of space-separated URLs.  Each URL must have the format http://HOSTNAME/FILENAME
		
If you want to setup an alternate hostlist server, you must run a permanent node and \"cat data/hosts/* > hostlist\" every few minutes to keep the list up-to-date.
		
If you do not specify a HOSTLISTURL, you must copy valid hostkeys to data/hosts manually.")
  '()
  #t
  "http://gnunet.org/hostlist.php http://gnunet.mine.nu:8081/hostlist http://vserver1236.vserver-on.de/hostlist-074"
  '()
  'always) )

(define (general-http-proxy builder)
 (builder
  "GNUNETD"
  "HTTP-PROXY"
  (_ "HTTP Proxy Server")
  (_ 
"If you have to use a proxy for outbound HTTP connections, specify the proxy configuration here.  Default is no proxy." )
  '()
  #t
  ""
  '()
  'advanced) )


(define (general-hosts builder)
 (builder
  "GNUNETD"
  "HOSTS"
  (_ "Name of the directory where gnunetd should store contact information about peers")
  (_ 
"Unless you want to share the directory directly using a webserver, the default is most likely just fine." )
  '()
  #t
  "$GNUNETD_HOME/data/hosts/"
  '()
  'rare) )


;; logging options

(define (log-level description option builder)
 (builder
   "LOGGING"
   option
   description
   (nohelp)
   '()
   #t
   "WARNING"
   (list "SC" "NOTHING" "FATAL" "ERROR" "WARNING" "INFO" "STATUS" "DEBUG")
   'always))

(define (log-keeplog builder)
 (builder
  "GNUNETD"
  "KEEPLOG"
  (_ "How long should logs be kept?")
  (_ 
"How long should logs be kept? If you specify a value greater than zero, a log is created each day with the date appended to its filename. These logs are deleted after $KEEPLOG days.	To keep logs forever, set this value to 0." )
  '()
  #t
  3
  (cons 0 36500)
  'advanced) )

(define (daemon-fdlimit builder)
 (builder
  "GNUNETD"
  "FDLIMIT"
  (_ "What maximum number of open file descriptors should be requested from the OS?")
  (_ 
"The default of 1024 should be fine for most systems.  If your system can support more, increasing the number might help support additional clients on machines with plenty of bandwidth.  For embedded systems, a smaller number might be acceptable.  A value of 0 will leave the descriptor limit untouched.  This option is mostly for OS X systems where the default is too low.  Note that if gnunetd cannot obtain the desired number of file descriptors from the operating system, it will print a warning and try to run with what it is given." )
  '()
  #t
  1024
  (cons 64 65536)
  'rare) )

(define (log-logfile builder)
 (builder
  "GNUNETD"
  "LOGFILE"
  (_ "Where should gnunetd write the logs?")
  (nohelp)
  '()
  #f
  "$GNUNETD_HOME/daemon-logs"
  '()
  'rare) )

(define (log-devel builder)
 (builder
  "LOGGING"
  "DEVELOPER"
  (_ "Enable for extra-verbose logging.")
  (nohelp)
  '()
  #f
  #f
  #f
  'rare) )

(define (logging builder)
 (builder
   "LOGGING"
   "" 
   (_ "Logging") 
   (_ "Specify which system messages should be logged how")
   (list 
     (log-keeplog builder)
     (log-logfile builder)
     (log-devel builder)
     (log-level (_ "Logging of events for users") "USER-LEVEL" builder) 
     (log-level (_ "Logging of events for the system administrator") "ADMIN-LEVEL" builder) 
   )
   #t
   #f
   #f
   'advanced) )

 
(define (general-pidfile builder)
 (builder
  "GNUNETD"
  "PIDFILE"
  (_ "Where should gnunetd write the PID?")
  (_ "The default is no longer /var/run/gnunetd.pid since we could not delete the file on shutdown at that location." )
  '()
  #f
  "/var/run/gnunetd/pid"
  '()
  'rare) )


(define (general-username builder)
 (builder
  "GNUNETD"
  "USER"
  (_ "As which user should gnunetd run?")
  (_ 
"Empty means \"current user\". On computer startup, it is root/SYSTEM.  Under Windows, this setting affects the creation of a new system service only.")
  '()
  #f
  ""
  '()
  'advanced) )
 


(define (general-autostart builder)
 (builder
 "GNUNETD"
 "AUTOSTART"
 (_ "Should gnunetd be automatically started when the system boots?")
 (_ "Set to YES if gnunetd should be automatically started on boot.  If this option is set, gnunet-setup will install a script to start the daemon upon completion.  This option may not work on all systems.")
 '()
 #t
 #f
 #f
 'rare) )


(define (general-transports builder)
 (builder
  "GNUNETD"
  "TRANSPORTS"
  (_ "Which transport mechanisms should GNUnet use?")
  (_ 
"Use a space-separated list of modules, e.g.  \"udp smtp tcp\".  The available transports are udp, tcp, http, smtp and nat.
		
Loading the 'nat' and 'tcp' modules is required for peers behind NAT boxes that cannot directly be reached from the outside.  Peers that are NOT behind a NAT box and that want to *allow* peers that ARE behind a NAT box to connect must ALSO load the 'nat' module.  Note that the actual transfer will always be via tcp initiated by the peer behind the NAT box.  The nat transport requires the use of tcp, http and/or smtp in addition to nat itself.")
  '()
  #t
  "udp tcp http nat"
  (list "MC" "udp" "tcp" "nat" "http" "smtp")
  'always) )
 

(define (general-applications builder)
 (builder
  "GNUNETD"
  "APPLICATIONS"
  (_ "Which applications should gnunetd support?")
  (_ 
"Whenever this option is changed, you MUST run gnunet-update. Currently, the available applications are:

advertising: advertises your peer to other peers. Without it, your peer will not participate in informing peers about other peers.  You should always load this module.

getoption:  allows clients to query gnunetd about the values of various configuration options.  Many tools need this.  You should always load this module.

stats: allows tools like gnunet-stats and gnunet-gtk to query gnunetd about various statistics.  This information is usually quite useful to diagnose errors, hence it is recommended that you load this module.

traffic: keeps track of how many messages were recently received and transmitted.  This information can then be used to establish how much cover traffic is currently available.  The amount of cover traffic becomes important if you want to make anonymous requests with an anonymity level that is greater than one.  It is recommended that you load this module.

fs: needed for anonymous file sharing. You should always load this module.

hostlist: integrated hostlist HTTP server.  Useful if you want to offer a hostlist and running Apache would be overkill.

chat: broadcast chat (demo-application, ALPHA quality).	Required for gnunet-chat.  Note that the current implementation of chat is not considered to be secure.

tbench: benchmark transport performance.  Required for gnunet-tbench.  Note that tbench allows other users to abuse your resources.

tracekit: topology visualization toolkit.  Required for gnunet-tracekit. Note that loading tracekit will make it slightly easier for an adversary to compromise your anonymity." )
  '()
  #t
  "advertising getoption fs stats traffic"
  (list "MC" "advertising" "getoption" "fs" "hostlist" "stats" "traffic" "dht" "tracekit" "tbench" "vpn" "chat")
  'always) )
 


(define (tcpserver-disable builder)
 (builder
 "TCPSERVER"
 "DISABLE"
 (_ "Disable client-server connections")
 (_ "This option can be used to tell gnunetd not to open the client port.  When run like this, gnunetd will participate as a peer in the network but not support any user interfaces.  This may be useful for headless systems that are never expected to have end-user interactions.  Note that this will also prevent you from running diagnostic tools like gnunet-stats!")
 '()
 #t
 #f
 #f
 'rare) )


(define (gnunetd-disable-ipv6 builder)
 (builder
 "GNUNETD"
 "DISABLE-IPV6"
 (_ "YES disables IPv6 support, NO enables IPv6 support")
 (_ "This option may be useful on peers where the kernel does not support IPv6.  You might also want to set this option if you do not have an IPv6 network connection.")
 '()
 #t
 #t
 #t
 'advanced) )


(define (gnunetd-private-network builder)
 (builder
 "GNUNETD"
 "PRIVATE-NETWORK"
 (_ "Disable peer discovery")
 (_ "The option 'PRIVATE-NETWORK' can be used to limit the connections of this peer to peers of which the hostkey has been copied by hand to data/hosts;  if this option is given, GNUnet will not accept advertisements of peers that the local node does not already know about.  Note that in order for this option to work, HOSTLISTURL should either not be set at all or be set to a trusted peer that only advertises the private network. Also, the option does NOT work at the moment if the NAT transport is loaded; for that, a couple of lines above would need some minor editing :-).")
 '()
 #t
 #f
 #f
 'rare) )

(define (network-disable-advertising builder)
 (builder
 "NETWORK"
 "DISABLE-ADVERTISEMENTS"
 (_ "Disable advertising this peer to other peers")
 (nohelp)
 '()
 #t
 #f
 #f
 'rare) )

(define (network-disable-autoconnect builder)
 (builder
 "NETWORK"
 "DISABLE-AUTOCONNECT"
 (_ "Disable automatic establishment of connections")
 (_ "If this option is enabled, GNUnet will not automatically establish connections to other peers, but instead wait for applications to specifically request connections to other peers (or for other peers to connect to us).")
 '()
 #t
 #f
 #f
 'experimental) )

(define (network-disable-helloexchange builder)
 (builder
 "NETWORK"
 "HELLOEXCHANGE"
 (_ "Enable advertising of other peers by this peer")
 (_ "This option may be useful during testing, but turning it off is dangerous! If in any doubt, set it to YES (which is the default).")
 '()
 #t
 #t
 #t
 'experimental) )

(define (network-port builder)
 (builder
 "NETWORK"
 "PORT"
 (_ "Port for communication with GNUnet user interfaces")
 (_ "Which is the client-server port that is used between gnunetd and the clients (TCP only).  You may firewall this port for non-local machines (but you do not have to since GNUnet will perform access control and only allow connections from machines that are listed under TRUSTED).")
 '()
 #t
 2087
 (cons 1 65535)
 'advanced) )

(define (hostlist-port builder)
 (builder
 "HOSTLIST"
 "PORT"
 (_ "Port for the integrated hostlist HTTP server")
 (nohelp)
 '()
 #t
 8080
 (cons 1 65535)
 'hostlist-loaded) )

(define (network-trusted builder)
 (builder
 "NETWORK"
 "TRUSTED"
 (_ "IPv4 networks allowed to use gnunetd server")
 (_ "This option specifies which hosts are trusted enough to connect as clients (to the TCP port).  This is useful if you run gnunetd on one host of your network and want to allow all other hosts to use this node as their server.  By default, this is set to 'loopback only'.  The format is IP/NETMASK where the IP is specified in dotted-decimal and the netmask either in CIDR notation (/16) or in dotted decimal (255.255.0.0). Several entries must be separated by a semicolon, spaces are not allowed.")
 '()
 #t
 "127.0.0.0/8;"
 '()
 'advanced) )

(define (network-trusted6 builder)
 (builder
 "NETWORK"
 "TRUSTED6"
 (_ "IPv6 networks allowed to use gnunetd server")
 (_ "This option specifies which hosts are trusted enough to connect as clients (to the TCP port).  This is useful if you run gnunetd on one host of your network and want to allow all other hosts to use this node as their server.  By default, this is set to 'loopback only'.  The format is IP/NETMASK where the IP is specified in dotted-decimal and the netmask either in CIDR notation (/16) or in dotted decimal (255.255.0.0). Several entries must be separated by a semicolon, spaces are not allowed.")
 '()
 #t
 "::1;"
 '()
 'ipv6) )


(define (limit-allow builder)
 (builder
 "GNUNETD"
 "LIMIT-ALLOW"
 (_ "Limit connections to the specfied set of peers.")
 (_ "If this option is not set, any peer is allowed to connect.  If it is set, only the specified peers are allowed. Specify the list of peer IDs (not IPs!)")
 '()
 #t
 ""
 '()
 'rare))

(define (general-groupname builder)
 (builder
 "GNUNETD"
 "GROUP"
 (_ "Run gnunetd as this group.")
 (_ "When started as root, gnunetd will change permissions to the given group.")
 '()
 #t
 "gnunetd"
 '()
 'advanced))

(define (limit-deny builder)
 (builder
 "GNUNETD"
 "LIMIT-DENY"
 (_ "Prevent the specfied set of peers from connecting.")
 (_ "If this option is not set, any peer is allowed to connect.  If the ID of a peer is listed here, connections from that peer will be refused.  Specify the list of peer IDs (not IPs!)")
 '()
 #t
 ""
 '()
 'rare))

(define (advertising builder)
 (builder
  "ADVERTISING"
  ""
 (_ "Topology Maintenance")
 (_ "Rarely used settings for peer advertisements and connections")
 (list
    (general-helloexpires builder) 
    (tcpserver-disable builder) 
    (gnunetd-private-network builder) 
    (network-disable-advertising builder) 
    (network-disable-helloexchange builder) 
    (network-disable-autoconnect builder) 
    (limit-allow builder) 
    (limit-deny builder) 
 )
  #t
  #f
  #f
  'rare) )

(define (general builder)
 (builder
  "GNUNETD"
  ""
  (_ "General settings")
  (_ "Settings that change the behavior of GNUnet in general")
  (list 
    (network-port builder) 
    (hostlist-port builder)
    (network-trusted builder) 
    (general-hostlisturl builder)
    (general-hosts builder)
    (general-http-proxy builder)
    (f2f builder) 
    (fs-path builder) 
    (index-path builder) 
    (daemon-fdlimit builder) 
    (gnunetd-disable-ipv6 builder) 
    (general-username builder) 
    (general-groupname builder) 
    (general-pidfile builder) 
    (general-autostart builder) 
  )
  #t
  #f
  #f
  'always) )

(define (modules builder)
 (builder
  "MODULES"
  ""
  (_ "Modules")
  (_ "Settings that select specific implementations for GNUnet modules")
  (list 
    (modules-sqstore builder) 
    (modules-dstore builder) 
    (modules-topology builder) 
  )
  #t
  #f
  #f
  'advanced) )




(define (fundamentals builder)
 (builder
  "PATHS"
  ""
  (_ "Fundamentals")
  ""
  (list 
    (paths-home builder) 
    (general-applications builder) 
    (general-transports builder) 
    (modules builder) 
  )
  #t
  #f
  #f
  'always) )


;; modules menu

(define (modules-sqstore builder)
 (builder
  "MODULES"
  "sqstore"
  (_ "Which database should be used?")
  (_ 
"Which database should be used?  The options are \"sqstore_sqlite\", \"sqstore_postgres\" and \"sqstore_mysql\".  You must run gnunet-update after changing this value!
			
In order to use MySQL or Postgres, you must configure the respective database, which is relatively simple.  Read the file doc/README.mysql or doc/README.postgres for how to setup the respective database." )
  '()
  #t
  "sqstore_sqlite"
  (list "SC" "sqstore_sqlite" "sqstore_postgres" "sqstore_mysql")
  'fs-loaded) )

(define (modules-dstore builder)
 (builder
  "MODULES"
  "dstore"
  (_ "Which topology should be used?")
  (_ "Which database should be used for the temporary datastore of the DHT?" )
  '()
  #t
  "dstore_sqlite"
  (list "SC" "dstore_sqlite" "dstore_mysql")
  'advanced) )


(define (modules-topology builder)
 (builder
  "MODULES"
  "topology"
  (_ "Which topology should be used?")
  (_ 
"Which topology should be used?  The only option at the moment is \"topology_default\"" )
  '()
  #t
  "topology_default"
  (list "SC" "topology_default")
  'rare) )


;; f2f menu

(define (f2f-minimum builder)
 (builder
 "F2F"
 "MINIMUM"
 (_ "The minimum number of connected friends before this peer is allowed to connect to peers that are not listed as friends")
 (_ "Note that this option does not guarantee that the peer will be able to connect to the specified number of friends.  Also, if the peer had connected to a sufficient number of friends and then established non-friend connections, some of the friends may drop out of the network, temporarily resulting in having fewer than the specified number of friends connected while being connected to non-friends.  However, it is guaranteed that the peer itself will never choose to drop a friend's connection if this would result in dropping below the specified number of friends (unless that number is higher than the overall connection target).")
 '()
 #t
 0
 (cons 0 1024)
 'f2fr) )

(define (f2f-restrict builder)
 (builder
 "F2F"
 "FRIENDS-ONLY"
 (_ "If set to YES, the peer is only allowed to connect to other peers that are explicitly specified as friends")
 (_ "Use YES only if you have (trustworthy) friends that use GNUnet and are afraid of establishing (direct) connections to unknown peers")
 '()
 #t
 #f
 #f
 'advanced) )

(define (f2f-friends builder)
 (builder
  "F2F"
  "FRIENDS"
  (_ "List of friends for friend-to-friend topology")
  (_ "Specifies the name of a file which contains a list of GNUnet peer IDs that are friends.  If used with the friend-to-friend topology, this will ensure that GNUnet only connects to these peers (via any available transport).")
  '()
  #f
  "$GNUNETD_HOME/friends"
  '()
  'f2f) )

(define (f2f builder)
 (builder
  "F2F"
  ""
 (_ "Friend-to-Friend Topology Specification")
 (_ "Settings for restricting connections to friends")
 (list
    (f2f-restrict builder) 
    (f2f-minimum builder) 
    (f2f-friends builder) 
 )
  #t
  #f
  #f
  'advanced) )

;; mysql menu

(define (mysql-database builder)
 (builder
  "MYSQL"
  "DATABASE"
  (_ "Name of the MySQL database GNUnet should use")
  (nohelp) 
  '()
  #t
  "gnunet"
  '()
  'mysql) )

(define (mysql-config builder)
 (builder
  "MYSQL"
  "CONFIG"
  (_ "Configuration file that specifies the MySQL username and password")
  (nohelp) 
  '()
  #t
  "/etc/my.cnf"
  '()
  'mysql) )

(define (mysql builder)
 (builder
  "MYSQL"
  ""
  (_ "Configuration of the MySQL database")
  (nohelp)
  (list
    (mysql-config builder)
    (mysql-database builder)
  )
  #t
  #f
  #f
  'mysql) )
 


;; applications menu

(define (fs-quota builder)
 (builder
  "FS"
  "QUOTA"
  (_ "MB of diskspace GNUnet can use for anonymous file sharing")
  (_
"How much disk space (MB) is GNUnet allowed to use for anonymous file sharing?  This does not take indexed files into account, only the space directly used by GNUnet is accounted for.  GNUnet will gather content from the network if the current space-consumption is below the number given here (and if content migration is allowed below).

Note that if you change the quota, you need to run gnunet-update afterwards.")
  '()
  #t
  1024
  (cons 1 1000000)
  'always))


(define (fs-migration-buffer builder)
 (builder
  "FS"
  "MIGRATIONBUFFERSIZE"
  (_ "Number of entries in the migration buffer")
  (_ "Each entry uses about 32k of memory.  More entries can reduce disk IO and CPU usage at the expense of having gnunetd use more memory. Very large values may again increase CPU usage.  A value of 0 will prevent your peer from sending unsolicited responses.")
  '()
  #t
  64
  (cons 0 1048576)
  'always))


(define (fs-gap-tablesize builder)
 (builder
  "GAP"
  "TABLESIZE"
  (_ "Size of the routing table for anonymous routing.")
  (nohelp)
  '()
  #t
  65536
  (cons 1024 1048576)
  'rare))

(define (fs-dht-tablesize builder)
 (builder
  "DHT"
  "TABLESIZE"
  (_ "Size of the routing table for DHT routing.")
  (nohelp)
  '()
  #t
  1024
  (cons 128 1048576)
  'rare))


(define (fs-activemigration builder)
 (builder
  "FS"
  "ACTIVEMIGRATION"
  (_ "Allow migrating content to this peer.")
  (_ 
"If you say yes here, GNUnet will migrate content to your server, and you will not be able to control what data is stored on your machine. 
			
If you activate it, you can claim for *all* the non-indexed (-n to gnunet-insert) content that you did not know what it was even if an adversary takes control of your machine.  If you do not activate it, it is obvious that you have knowledge of all the content that is hosted on your machine and thus can be considered liable for it.")
  '()
  #t
  #f
  #f
  'advanced))


(define (dstore-quota builder)
 (builder
  "DSTORE"
  "QUOTA"
  (_ "MB of diskspace GNUnet can use for caching DHT index data (the data will be stored in /tmp)")
  (_ "DHT index data is inherently small and expires comparatively quickly.  It is deleted whenever gnunetd is shut down.

The size of the DSTORE QUOTA is specified in MB.")
  '()
  #t
  1
  (cons 1 1024)
  'rare))
 

(define (fs builder)
 (builder
  "FS"
  ""
  (_ "Options for anonymous file sharing")
  (nohelp)
  (list
    (fs-quota builder)
    (fs-activemigration builder)
    (fs-gap-tablesize builder)
    (fs-dht-tablesize builder)
    (dstore-quota builder)
    (mysql builder)
  )
  #t
  #t
  #f
  'fs-loaded))

(define (applications builder)
 (builder
  ""
  ""
  (_ "Applications")
  (nohelp)
  (list 
    (fs builder)
  )
  #t
  #f
  #f
  'always) )

;; transport menus

(define (nat builder)
 (builder
 "NAT"
 "LIMITED"
 (_ "Is this machine unreachable behind a NAT?")
 (_ "Set to YES if this machine is behind a NAT that limits connections from the outside to the GNUnet port and that cannot be traversed using UPnP. Note that if you have configured your NAT box to allow direct connections from other machines to the GNUnet ports or if GNUnet can open ports using UPnP, you should set the option to NO. Set this only to YES if other peers cannot contact you directly. You can use 'make check' in src/transports/upnp/ to find out if your NAT supports UPnP. You can also use gnunet-transport-check with the '-p' option in order to determine which setting results in more connections.  Use YES only if you get no connections otherwise. Set to AUTO to use YES if the local IP is belongs to a private IP network and NO otherwise.")
 '()
 #t
 "AUTO"
 (list "SC" "YES" "AUTO" "NO")
 'nat-loaded) )

(define (tcp-port builder)
 (builder
 "TCP"
 "PORT"
 (_ "Which port should be used by the TCP IPv4 transport?")
 (nohelp)
 '()
 #t
 2086
 (cons 0 65535)
 'advanced))

(define (tcp-upnp builder)
 (builder
 "TCP"
 "UPNP"
 (_ "Should we try to determine our external IP using UPnP?")
 (nathelp)
 '()
 #t
 #t
 #f
 'tcp-loaded))

(define (tcp-blacklist builder)
 (builder
 "TCP"
 "BLACKLISTV4"
 (_ "Which IP(v4)s are not allowed to connect?")
 (nohelp)
 '()
 #t
 "127.0.0.1;"
 '()
 'advanced))

(define (tcp-whitelist builder)
 (builder
 "TCP"
 "WHITELISTV4"
 (_ "Which IP(v4)s are allowed to connect? Leave empty to use the IP of your primary network interface.")
 (nohelp)
 '()
 #t
 ""
 '()
 'advanced))

(define (tcp6-blacklist builder)
 (builder
 "TCP"
 "BLACKLISTV6"
 (_ "Which IPv6s are not allowed to connect?")
 (nohelp)
 '()
 #t
 ""
 '()
 'ipv6))

(define (tcp6-whitelist builder)
 (builder
 "TCP"
 "WHITELISTV6"
 (_ "Which IPv6s are allowed to connect? Leave empty to allow any IP to connect.")
 (nohelp)
 '()
 #t
 ""
 '()
 'ipv6))


(define (tcp builder)
 (builder
 "TCP"
 ""
 (_ "TCP transport")
 (nohelp)
 (list 
   (tcp-port builder)
   (tcp-upnp builder)
   (tcp-blacklist builder)
   (tcp-whitelist builder)
   (tcp6-blacklist builder)
   (tcp6-whitelist builder)
 )
 #t
 #f
 #f
 'tcp-loaded) )


(define (http-port builder)
 (builder
 "HTTP"
 "PORT"
 (_ "Which port should be used by the HTTP transport?")
 (nohelp)
 '()
 #t
 1080
 (cons 0 65535)
 'advanced))

(define (http-upnp builder)
 (builder
 "HTTP"
 "UPNP"
 (_ "Should we try to determine our external IP using UPnP?")
 (nathelp)
 '()
 #t
 #t
 #f
 'http-port-nz))

(define (http-advertised-port builder)
 (builder
 "HTTP"
 "ADVERTISED-PORT"
 (_ "Which is the external port of the HTTP transport?")
 (_ "Use this option if your firewall maps, say, port 80 to your real HTTP port.  This can be useful in making the HTTP messages appear even more legit (without needing to run gnunetd as root due to the use of a privileged port).")
 '()
 #t
 80
 (cons 0 65535)
 'advanced))

(define (http builder)
 (builder
 "HTTP"
 ""
 (_ "HTTP transport")
 (nohelp)
 (list 
   (http-port builder)
   (http-advertised-port builder)
   (http-upnp builder)
 )
 #t
 #f
 #f
 'http-loaded) )




(define (smtp-mtu builder)
 (builder
 "SMTP"
 "MTU"
 (_ "What is the maximum transfer unit for SMTP?")
 (nohelp)
 '()
 #t
 65528
 (cons 1200 65528)
 'smtp-loaded))

(define (smtp-ratelimit builder)
 (builder
 "SMTP"
 "RATELIMIT"
 (_ "What is the maximum number of e-mails that gnunetd would be allowed to send per hour?")
 (_ "Use 0 for unlimited")
 '()
 #t
 0
 (cons 0 1048576)
 'smtp-loaded))

(define (smtp-email builder)
 (builder
 "SMTP"
 "EMAIL"
 (_ "Which e-mail address should be used to send e-mail to this peer?")
 (_ "You must make sure that e-mail received at this address is forwarded to the PIPE which is read by gnunetd.  Use the FILTER option to filter e-mail with procmail and the PIPE option to set the name of the pipe.")
 '()
 #t
 "gnunet@localhost"
 '()
 'smtp-loaded))

(define (smtp-filter builder)
 (builder
 "SMTP"
 "FILTER"
 (_ "Which header line should other peers include in e-mails to enable filtering?")
 (_ "You can specify a header line here which can then be used by procmail to filter GNUnet e-mail from your inbox and forward it to gnunetd.")
 '()
 #t
 "X-mailer: GNUnet"
 '()
 'smtp-loaded))

(define (smtp-pipe builder)
 (builder
 "SMTP"
 "PIPE"
 (_ "What is the filename of the pipe where gnunetd can read its e-mail?")
 (_ "Have a look at contrib/dot-procmailrc for an example .procmailrc file.")
 '()
 #t
 "$GNUNETD_HOME/smtp-pipe"
 '()
 'smtp-loaded))

(define (smtp-server builder)
 (builder
 "SMTP"
 "SERVER"
 (_ "What is the name and port of the server for outgoing e-mail?")
 (_ "The basic format is HOSTNAME:PORT.")
 '()
 #t
 "localhost:25"
 '()
 'smtp-loaded))

(define (smtp builder)
 (builder
 "SMTP"
 ""
 (_ "SMTP transport")
 (nohelp)
 (list 
   (smtp-email builder)
   (smtp-ratelimit builder)
   (smtp-filter builder)
   (smtp-pipe builder)
   (smtp-server builder)
   (smtp-mtu builder)
 )
 #t
 #f
 #f
 'smtp-loaded) )





(define (udp-port builder)
 (builder
 "UDP"
 "PORT"
 (_ "Which port should be used by the UDP IPv4 transport?")
 (nohelp)
 '()
 #t
 2086
 (cons 0 65535)
 'advanced))

(define (udp-upnp builder)
 (builder
 "UDP"
 "UPNP"
 (_ "Should we try to determine our external IP using UPnP?")
 (nathelp)
 '()
 #t
 #t
 #f
 'udp-port-nz))

(define (udp-mtu builder)
 (builder
 "UDP"
 "MTU"
 (_ "What is the maximum transfer unit for UDP?")
 (nohelp)
 '()
 #t
 1472
 (cons 1200 65500)
 'rare))

(define (udp-blacklist builder)
 (builder
 "UDP"
 "BLACKLISTV4"
 (_ "Which IPs are not allowed to connect?")
 (nohelp)
 '()
 #t
 "127.0.0.1;"
 '()
 'advanced))

(define (udp-whitelist builder)
 (builder
 "UDP"
 "WHITELISTV4"
 (_ "Which IPs are allowed to connect? Leave empty to allow connections from any IP.")
 (nohelp)
 '()
 #t
 ""
 '()
 'advanced))

(define (udp6-blacklist builder)
 (builder
 "UDP"
 "BLACKLISTV6"
 (_ "Which IPv6s are not allowed to connect?")
 (nohelp)
 '()
 #t
 ""
 '()
 'ipv6))

(define (udp6-whitelist builder)
 (builder
 "UDP6"
 "WHITELISTV6"
 (_ "Which IPv6s are allowed to connect? Leave empty to allow any IP to connect.")
 (nohelp)
 '()
 #t
 ""
 '()
 'ipv6))

(define (udp builder)
 (builder
 "UDP"
 ""
 (_ "UDP transport")
 (nohelp)
 (list 
   (udp-port builder)
   (udp-upnp builder)
   (udp-mtu builder)
   (udp-blacklist builder)
   (udp-whitelist builder)
   (udp6-blacklist builder)
   (udp6-whitelist builder)
 )
 #t
 #f
 #f
 'udp-loaded) )



(define (network-interface builder)
 (builder
 "NETWORK"
 "INTERFACE"
 (_ "Network interface")
 (nohelp)
 '()
 #t
 "eth0"
 '()
 'advanced) )

(define (network-ip builder)
 (builder
 "NETWORK"
 "IP"
 (_ "External IP address (leave empty to try auto-detection)")
 (nohelp)
 '()
 #t
 ""
 '()
 'advanced) )

(define (network-ip6 builder)
 (builder
 "NETWORK"
 "IP6"
 (_ "External IPv6 address (leave empty to try auto-detection)")
 (nohelp)
 '()
 #t
 ""
 '()
 'ipv6) )

(define (transports builder)
 (builder
  ""
  ""
  (_ "Transports")
  (nohelp)
  (list 
    (nat builder)
    (network-interface builder)
    (network-ip builder)
    (tcp builder)
    (udp builder)
    (http builder)
    (smtp builder)
  )
  #t
  #f
  #f
  'always) )



(define (load-maxdown builder)
 (builder
 "LOAD"
 "MAXNETDOWNBPSTOTAL"
 (_ "What is the maximum number of bytes per second that we may receive?")
 (nohelp)
 '()
 #t
 50000
 (cons 1 999999999)
 'always))

(define (load-maxup builder)
 (builder
 "LOAD"
 "MAXNETUPBPSTOTAL"
 (_ "What is the maximum number of bytes per second that we may send?")
 (nohelp)
 '()
 #t
 50000
 (cons 1 999999999)
 'always))

(define (load-cpu builder)
 (builder
 "LOAD"
 "MAXCPULOAD"
 (_ "What is the maximum CPU load (percentage)?")
 (_ "The highest tolerable CPU load. Load here always refers to the total system load, that is it includes CPU utilization by other processes.  A value of 50 means that once your 1 minute-load average goes over 50% non-idle, GNUnet will try to reduce CPU consumption until the load goes under the threshold.  Reasonable values are typically between 50 and 100.  Multiprocessors may use values above 100." )
 '()
 #t
 100
 (cons 0 10000)
 'always))

(define (load-io builder)
 (builder
 "LOAD"
 "MAXIOLOAD"
 (_ "What is the maximum IO load (permille)?")
 (_ 
"The highest tolerable IO load.  Load here refers to the percentage of CPU cycles wasted waiting for IO for the entire system, that is it includes disk utilization by other processes.  A value of 10 means that once the average number of cycles wasted waiting for IO is more than 10% non-idle, GNUnet will try to reduce IO until the load goes under the threshold.  Reasonable values are typically between 10 and 75." )
 '()
 #t
 50
 (cons 0 10000)
 'advanced))

(define (load-cpu-hard builder)
 (builder
 "LOAD"
 "HARDCPULIMIT"
 (_ "What is the maximum CPU load (hard limit)?")
 (_ "The highest tolerable CPU load.  This is the hard limit, so once it is reached, gnunetd will start to massively drop data to reduce the load.  Use with caution.")
 '()
 #t
 0
 (cons 0 99999)
 'rare))

(define (load-hard-up-limit builder)
 (builder
 "LOAD"
 "HARDUPLIMIT"
 (_ "What is the maximum upstream bandwidth (hard limit)?")
 (_ "The limit is given as a percentage of the MAXNETUPBPS limit.  Use 100 to have MAXNETUPBPS be the hard limit.  Use zero for no limit.")
 '()
 #t
 0
 (cons 0 999999999)
 'rare))


(define (load-priority builder)
 (builder
 "LOAD"
 "PRIORITY"
 (_ "What priority should gnunetd use to run?")
 (_ "You can specify priorities like NORMAL, ABOVE NORMAL, BELOW NORMAL, HIGH and IDLE or a numerical integer value (man nice).  The default is IDLE, which should result in gnunetd only using resources that would otherwise be idle.")
 '()
 #t
 "IDLE"
 '()
 'always))


(define (load-padding builder)
 (builder
 "GNUNETD-EXPERIMENTAL"
 "PADDING"
 (_ "Should we disable random padding (experimental option)?")
 (nohelp)
 '()
 #t
 #f
 #f
 'experimental))

(define (load-basiclimiting builder)
 (builder
 "LOAD"
 "BASICLIMITING"
 (_ "Use basic bandwidth limitation? (YES/NO).  If in doubt, say YES.")
 (_ 
"Basic bandwidth limitation (YES) means simply that the bandwidth limits specified apply to GNUnet and only to GNUnet.  If set to YES, you simply specify the maximum bandwidth (upstream and downstream) that GNUnet is allowed to use and GNUnet will stick to those limitations.  This is useful if your overall bandwidth is so large that the limit is mostly used to ensure that enough capacity is left for other applications.  Even if you want to dedicate your entire connection to GNUnet you should not set the limits to values higher than what you have since GNUnet uses those limits to determine for example the number of connections to establish (and it would be inefficient if that computation yields a number that is far too high).  

While basic bandwidth limitation is simple and always works, there are some situations where it is not perfect.  Suppose you are running another application which performs a larger download. During that particular time, it would be nice if GNUnet would throttle its bandwidth consumption (automatically) and resume using more bandwidth after the download is complete.  This is obviously advanced magic since GNUnet will have to monitor the behavior of other applications. Another scenario is a monthly cap on bandwidth imposed by your ISP, which you would want to ensure is obeyed.  Here, you may want GNUnet to monitor the traffic from other applications to ensure that the combined long-term traffic is within the pre-set bounds.  Note that you should probably not set the bounds tightly since GNUnet may observe that the bounds are about to be broken but would be unable to stop other applications from continuing to use bandwidth.

If either of these two scenarios applies, set BASICLIMITING to NO. Then set the bandwidth limits to the COMBINED amount of traffic that is acceptable for both GNUnet and other applications.  GNUnet will then immediately throttle bandwidth consumption if the short-term average is above the limit, and it will also try to ensure that the long-term average is below the limit.  Note however that using NO can have the effect of GNUnet (almost) ceasing operations after other applications perform high-volume downloads that are beyond the defined limits.  GNUnet would reduce consumption until the long-term limits are again within bounds.

NO only works on platforms where GNUnet can monitor the amount of traffic that the local host puts out on the network.  This is only implemented for Linux and Win32.  In order for the code to work, GNUnet needs to know the specific network interface that is used for the external connection (after all, the amount of traffic on loopback or on the LAN should never be counted since it is irrelevant).")
 '()
 #t
 #t
 #f
 'advanced))

(define (load-interfaces builder)
 (builder
 "LOAD"
 "INTERFACES"
 (_ "Network interface to monitor")
 (_ "For which interfaces should we do accounting?  GNUnet will evaluate the total traffic (not only the GNUnet related traffic) and adjust its bandwidth usage accordingly. You can currently only specify a single interface. GNUnet will also use this interface to determine the IP to use. Typical values are eth0, ppp0, eth1, wlan0, etc.  'ifconfig' will tell you what you have.  Never use 'lo', that just won't work.  Under Windows, specify the index number reported by  'gnunet-win-tool -n'.")
 '()
 #t
 "eth0"
 (list "*" "eth0" "eth1" "eth2")
 'nobasiclimit))

(define (load builder)
 (builder
  ""
  ""
  (_ "Load management")
  (nohelp)
  (list 
    (load-priority builder)
    (load-maxdown builder)
    (load-maxup builder)
    (load-hard-up-limit builder)
    (load-cpu builder)
    (load-io builder)
    (load-cpu-hard builder)
    (load-basiclimiting builder)
    (load-interfaces builder)
    (load-padding builder)
  )
  #t
  #f
  #f
  'always) )


;; main-menu

(define (main builder)
 (builder 
  "Root"
  ""
  (_ "Root node")
  (nohelp)
  (list 
    (meta builder)
    (fundamentals builder)
    (general builder) 
    (advertising builder) 
    (logging builder)
    (load builder)
    (transports builder) 
    (applications builder) 
  )
  #t 
  #f 
  #f 
  'always) )



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;; first main method: build tree using build-tree-node
;; The lambda expression is used to throw away the last argument,
;; which we use internally and which is not used by build-tree-node!
(define (gnunet-config-setup) 
 (main 
  (lambda (a b c d e f g h i) (build-tree-node a b c d e f g h) ) ) )


;; second main method: update visibility (and values)
;; "change" uses again the tree builder but this time
;; scans the "i" tags to determine how the visibility needs to change

(define (gnunet-config-change ctx)
 (let 
   ( 
     (advanced (get-option ctx "Meta" "ADVANCED"))
     (rare (get-option ctx "Meta" "RARE"))
     (nobasiclimit (not (get-option ctx "LOAD" "BASICLIMITING")))
     (experimental (get-option ctx "Meta" "EXPERIMENTAL"))
     (ipv6 (not (get-option ctx "GNUNETD" "DISABLE-IPV6")))
     (f2fr (not (get-option ctx "F2F" "RESTRICT") ) )
     (f2f (or (get-option ctx "F2F" "FRIENDS-ONLY")
              (not (eq? (get-option ctx "F2F" "MINIMUM") 0) ) ) )
     (tcp-port-nz (eq? (get-option ctx "TCP" "PORT") 0) )
     (udp-port-nz (eq? (get-option ctx "UDP" "PORT") 0) )
     (http-port-nz (eq? (get-option ctx "HTTP" "PORT") 0) )
     (mysql (string= (get-option ctx "MODULES" "sqstore") "sqstore_mysql") )
     (fs-loaded (list? (member "fs" (string-split (get-option ctx "GNUNETD" "APPLICATIONS") #\  ) ) ) )
     (hostlist-loaded (list? (member "hostlist" (string-split (get-option ctx "GNUNETD" "APPLICATIONS") #\  ) ) ) )
     (nat-loaded (list? (member "nat" (string-split (get-option ctx "GNUNETD" "TRANSPORTS") #\  ) ) ) )
     (tcp-loaded (list? (member "tcp" (string-split (get-option ctx "GNUNETD" "TRANSPORTS") #\  ) ) ) )
     (udp-loaded (list? (member "udp" (string-split (get-option ctx "GNUNETD" "TRANSPORTS") #\  ) ) ) )
     (http-loaded (list? (member "http" (string-split (get-option ctx "GNUNETD" "TRANSPORTS") #\  ) ) ) )
     (smtp-loaded (list? (member "smtp" (string-split (get-option ctx "GNUNETD" "TRANSPORTS") #\  ) ) ) )
   )
  (begin 
    (main
     (lambda (a b c d e f g h i) 
        (begin 
          (cond
            ((eq? i 'advanced)     (change-visible ctx a b advanced))
            ((eq? i 'rare)         (change-visible ctx a b (and advanced rare)))
            ((eq? i 'experimental) (change-visible ctx a b (and advanced experimental)))
            ((eq? i 'f2f)          (change-visible ctx a b f2f))
            ((eq? i 'ipv6)         (change-visible ctx a b ipv6))
            ((eq? i 'f2fr)         (change-visible ctx a b f2fr))
            ((eq? i 'mysql)        (change-visible ctx a b mysql))
            ((eq? i 'fs-loaded)    (change-visible ctx a b fs-loaded))
            ((eq? i 'hostlist-loaded)    (change-visible ctx a b hostlist-loaded))
            ((eq? i 'nat-unlimited)(change-visible ctx a b nat-unlimited))
            ((eq? i 'tcp-port-nz)  (change-visible ctx a b tcp-port-nz))
            ((eq? i 'udp-port-nz)  (change-visible ctx a b udp-port-nz))
            ((eq? i 'nat-loaded)   (change-visible ctx a b nat-loaded))
            ((eq? i 'udp-loaded)   (change-visible ctx a b udp-loaded))
            ((eq? i 'tcp-loaded)   (change-visible ctx a b tcp-loaded))
            ((eq? i 'http-loaded)  (change-visible ctx a b http-loaded))
            ((eq? i 'smtp-loaded)  (change-visible ctx a b smtp-loaded))
            ((eq? i 'nobasiclimit) (change-visible ctx a b nobasiclimit))
            (else 'nothing)
          )
   ) ) ) 
   (change-visible ctx "NETWORK" "PORT" (and advanced (not (get-option ctx "TCPSERVER" "DISABLE"))))
   (change-visible ctx "NETWORK" "TRUSTED" (and advanced (not (get-option ctx "TCPSERVER" "DISABLE"))))
  )
) )