# Wi-SUN border router configuration example # Parsing rules: # - Everything after # is ignored # - Spaces are ignored # - Escape sequences \xXX (for example, \x20 for space, \x0A for new line) are # accepted # - These characters are not accepted (you have to use escaped sequences): # SPACE, '#', '\\', '\n' and '\r' # # Unless specified in the comment, commented settings are optional and the value # shown is the default value. # # Unless specified in the comment, if an option appears multiple times in the # file, only the last one is taken into account. ############################################################################### # RCP serial configuration ############################################################################### # Path of the serial port connected to the RCP. uart_device = /dev/ttyUSB0 # Serial baudrate in bps. #uart_baudrate = 115200 # Enable serial hardflow control. #uart_rtscts = false # Connect to a Silicon Labs CPC daemon[1] (cpcd) instead of a common UART # device. This option is exclusive with uart_device. "cpcd_0" is the default # instance name used by cpcd but user can customize it. # [1]: https://github.com/SiliconLabs/cpc-daemon #cpc_instance = cpcd_0 ############################################################################### # Linux administration ############################################################################### # Prefix used to generate IP addresses for RPL traffic (DODAGID will derive from # it). This prefix does not aim to change during network lifetime. You can # directly use your GUA prefix (for example, 2001:db8::/64) here. However, for # more flexibility, you may prefer to set an ULA here and add an extra GUA # (not yet supported). # If tun_autoconf is set to false, the IP prefix is deducted from the network # interface address. # Prefix lengths different from /64 are not supported yet ipv6_prefix = fd12:3456::/64 # Name of the unprivileged user/group to switch to during runtime. #user = wsbrd #group = wsbrd # Where to store working data. This value is prepended to the file paths. So it # is possible to configure the directory where the data is stored and an # optional prefix for your data (for example, /tmp/wsbrd/br1_). # The stored data mainly contains negotiated keys to speed up connections when # service restarts. # Ensure the directories exist and you have write permissions. storage_prefix = /var/lib/wsbrd/ # By default, wsbrd creates a new tunnel interface with an automatically # generated name. You force a specific name here. The device is created if it # does not exist. You can also create the device before running wsbrd with # 'ip tuntap add tun0'. # If wsbrd has to create the tunnel, root permissions will be necessary. tun_device = tun0 # Automatically configure the IP of the tunneling interface with the prefix # below. Set it to false if you prefer to manage the IP yourself. # If enabled, you need to execute wsbrd with root permissions and ipv6_prefix # must be set. tun_autoconf = true # Create and maintain a transparent bridge between Wi-SUN and the network # interface specified (for example, eth0). The `ipv6_prefix` parameter must use # the same prefix as the bridged network interface (if your IPv6 is properly # configured, it should be a GUA). Obviously, /proc/sys/net/ipv6/all/forwarding # must also be set. Refer to the "Using IPv6 transparent proxy" section of the # README for more information. #neighbor_proxy=eth0 # Enables the internal DHCPv6 server of wsbrd. If set to false the dhcp # requests will be sent directly to the linux host. You must start a DHCPv6 # server or relay on the Linux host to handle these requests. internal_dhcp = true ############################################################################### # Wi-SUN network configuration ############################################################################### # Wi-SUN network name. Remember that you can use escape sequences to place # special characters. Typically, you can use \x20 for space. network_name = WISUN_VERDE # Optimize network timings considering the number of expected nodes on the # network. Valid values: SMALL (< 100, default), MEDIUM (100-1000), LARGE # (> 1000). Abbreviations S, M and L are also accepted. size = SMALL # Enable Low Function Nodes (LFN) in the whole network. This adds some data # to management frames and enables distribution of LGTKs. Note that devices # must be configured with a ChanPlanId to allow LFN inclusion (as opposed to # operating class or custom channel plan). enable_lfn = false # Comma-separated list of join metrics to advertize in the JM-IE. Currently, only # plf (PAN Load Factor) is supported. Use 'none' to disable the JM-IE. #join_metrics = plf ############################################################################### # Wi-SUN PHY and frequency hopping ############################################################################### # Wi-SUN regulatory domain. Valid values are EU, NA, JP, CN, IN... For this # parameter and other parameters below, wsbrd can be launched with # --list-rf-config to get all the supported combinations from the hardware. domain = IN # The Wi-SUN Channel Plan ID, as defined in the FAN1.1 specification. Accepted # values depend on the "domain" parameter (--list-rf-config gives supported # combinations). # # To define custom channel plans, see properties chan0_freq and chan_spacing # below. #chan_plan_id = 1 # PhyModeId, as defined in the Wi-SUN PHY specification. Accepted values depend # on the "domain" and "chan_plan_id" parameters (--list-rf-config gives # supported combinations). Some non-standard PhyModeIds have been defined by # Silicon Labs, see ws_regdb.c[1] for more details. # [1]: https://github.com/SiliconLabs/wisun-br-linux/blob/main/common/ws_regdb.c #phy_mode_id = 0x02 # A comma separated list of Wi-SUN PHY Mode IDs, which is advertised to other # nodes for mode switch. All PHY mode IDs MUST be part of the same PHY group # (check column "phy grp" in output of --list-rf-config). The base PHY mode ID # is automatically added, so 14 other modes can be specified. # If value is "auto", the first 14 PHYs available will be included. # If not set, mode switch is disabled. #phy_operating_modes = 1.0 # Extra regional regulation rules to follow. Valid values are none (default) or # ARIB (https://www.arib.or.jp/). #regional_regulation = none # Maximum TX power (dBm). Probably no hardware can exceed 18dBm. # The device may utilize a lower value based on internal decision making or # hardware limitations but will never exceed the given value. tx_power = 16 # List of allowed channels for the Frequency Hopping Spread Spectrum (FHSS) # process. Default is 0-255 (all). If only one channel is selected, the FHSS # will be disabled (so you will use "fixed channel" mode). A channel mask other # than fixed channel affects unicast/broadcast traffic, but not async frames # (PAN advert, PAN config, etc.). # This parameter accepts a comma-separated list of "ranges". Each "range" can be # two numbers separated by a dash or one unique. # Example: 0,3-5,10-100 #allowed_channels = 0-255 # Unicast Dwell Interval (UDI) is the duration (ms) the border router will # listen to each channel in the FHSS sequence. # Valid values: 15-255 ms #unicast_dwell_interval = 255 # Broadcast Dwell Interval (BDI) is the duration (ms) the border router will # listen/advertise to broadcast channel. # Valid values: 100-255 ms #broadcast_dwell_interval = 255 # Broadcast Interval (BI) is the interval (ms) between each listen of the # broadcast channel. Recommended value for BI is 4.0 times the maximum of # (UDI, BDI). # Valid values: BDI < BI < 2^24 ms (~4h30) #broadcast_interval = 1020 # Duration (ms) between LFN broadcast listening windows. The choice of this # value will have an impact on the battery life of LFN children. # Valid values: 10000-600000ms (10s-10min) #lfn_broadcast_interval = 60000 # 1min # Number of LFN broadcast intervals between broadcast sync messages transmitted # by an FFN parent. The choice of this value will have an impact on the battery # life of LFN children. # Valid values: 1-60 #lfn_broadcast_sync_period = 5 # Sending asynchronous frames (PAN adverts, PAN configs) creates time periods # during which the border router is unable to receive or send other types of # frames. This generates latency on the network or even timeouts. # async_frag_duration is the maximum duration (in ms) wsbrd will spend on # sending a single async frame (which must be sent on all channels), the rest of # the transmission is delayed. The default value (500 ms) only impacts slow PHYs # with a large number of channels. Values less than 500 ms are not supported. # Higher values will make it less likely to trigger the async frame transmission # fragmentation, at the risk of introducing latency or timeouts. #async_frag_duration = 500 ############################################################################### # Wi-SUN security ############################################################################### # Path to Private key (keep it secret). PEM and DER formats are accepted. #key = /home/root/examples/device_key.pem # Path to Certificate for the key. PEM and DER formats are accepted. #certificate = /home/root/examples/device.pem # Path to Certificate of the Certification Authority (CA) (shared with all # devices). PEM and DER formats are accepted. #authority = /home/root/examples/ca.pem # Use an external radius server instead of the built-in authenticator. # If set, the "cert", "key" and "authority" parameters are ignored. radius_server = ********* # Shared secret for the radius server. Mandatory if you set radius_server. radius_secret = ********* # Pairwise Master Key Lifetime (minutes) #pmk_lifetime = 172800 # 4 months # Pairwise Transit Key Lifetime (minutes) #ptk_lifetime = 86400 # 2 months # (L)GTK expire offset as described in the Wi-SUN specification (in minutes). # This value is also used to set the lifetime of the first GTK. #gtk_expire_offset = 43200 # 30 days #lgtk_expire_offset = 129600 # 90 days # (LFN) Group Temporal Key New Activation Time is the time at which the border # router activates the next GTK prior to expiration of the currently activated # GTK. # gtk_new_activation_time is expressed as a fraction of gtk_expire_offset (as # described in Wi-SUN specification): # Actual GTK New Activation Time in minutes = gtk_expire_offset / gtk_new_activation_time #gtk_new_activation_time = 720 #lgtk_new_activation_time = 180 # The point (in percentage of (L)GTK's lifetime) at which a new (L)GTK must be # installed on the border router (supporting overlapping lifespans). If set to # 0, no new keys will be generated by the border router, they must be inserted # manually using the D-Bus methods InstallGtk and InstallLgtk. #gtk_new_install_required = 80 #lgtk_new_install_required = 90 # Factor by which the active (L)GTK lifetime is reduced during node revocation # procedures. #ffn_revocation_lifetime_reduction = 30 #lfn_revocation_lifetime_reduction = 30 ############################################################################### # Backwards compatibility ############################################################################### # A Wi-SUN Operating Class as specified in FAN1.0 specification. This parameter # has been replaced by "chan_plan_id" on FAN1.1 (they are obviously exclusive). # It may be used for compatibility with existing networks. # Accepted values are 1, 2, 3 or 4. class = 2 # A Wi-SUN Operating Mode as specified in FAN1.0 specification. This parameter # has been replaced by "phy_mode_id" on FAN1.1 (they are obviously exclusive). # It may be used for compatibility with existing networks. # Accepted values are 1a, 1b, 2a, 2b, 3, 4a, 4b and 5. mode = 2a # Options below allow you to define custom channel plans. If set, they replace # "domain" and "class"/"chan_plan"". This cannot be used to communicate with # LFN devices # You must define: # - Base frequency in Hz ("chan0_freq"). # - Space between each channel in Hz ("chan_spacing"). Any value supported # by the hardware can be used. However, only values 200000, 400000, # 600000 and 100000 are specified by Wi-SUN. # - Number of channels to allocate ("chan_count"). Note this value is not the # effective number of channel used since "allowed_channels" may remove some # channels. #chan0_freq = #chan_spacing = #chan_count = # Enable authentication of FAN 1.0 routers. Consider disabling LFN support when # enabling this or beware that mixing FAN 1.0 routers with LFNs is unreliable # and even creates security issues. enable_ffn10 = true # FAN TPS Version field in the PAN-IE (purely indicative). Refer to parameters # enable_lfn, join_metrics, and phy_operating_modes in order to disable FAN 1.1 # IEs. fan_version = 1.0 ############################################################################### # Miscellaneous and debug ############################################################################### # When color_output is auto (default), logs are colored only if wsbrd is # connected to a terminal. You can set color_output to yes or no to force this # behavior. #color_output = auto # Enable some debug traces. Same semantic than the -T option of wsbrd. This # parameter and -T are cumulative. # - bus: trace native UART raw bytes # - hdlc: trace native UART bytes before HDLC framing # - cpc: trace CPC bus # - hif: trace HIF packets with command/property IDs dissected # - hif-extra: trace HIF packets fully dissected with type annotations # - tun: trace packets going through the TUN device # - timers: trace every timer tick (currently very verbose) # - trickle: trace trickle algorithm details # - 15.4-mngt: trace Wi-SUN management frames (PAN advert/config) # - 15.4: trace all IEEE 802.15.4 frames # - eap: trace EAPOL packets with current step (TLS, 4WH, GKH...) # - icmp: trace ICMPv6 packets with type (NS/NA, RPL...) # - dhcp: trace DHCPv6 packets when using the internal server # - drop: trace any packet refused or partially ignored with reason # - neigh-15.4: trace 15.4 neighbor cache management # - neigh-ipv6: trace ipv6 neighbor discovery management trace = icmp,rpl,dhcp,drop # By default, wsbrd tries to retrieve the previously used PAN ID from the # storage directory. If it is not available, a new random value is chosen. # It is also possible to force the PAN ID here. #pan_id = 0 # Fix a custom 6LoWPAN maximum transmission unit (MTU) to limit the size of # packets sent on the air. An application packet fitting in an IPv6 payload # (1280 bytes) may be fragmented using 6LoWPAN fragmentation based on this # parameter. In particularly lossy environments, it may be useful to restrict # physical packet size in order to limit the cost of retries. #lowpan_mtu = 200 # Initial values of GTKs (Group Temporal Keys) and LGTKs (LFN Group Temporal # Keys) are read from cache (see storage_prefix). If they are not found, random # values are used. # The parameters below allow you to enforce initial GTKs/LGTKs values. This is # mainly used to decode traffic with tools like Wireshark. In most cases, # setting (l)gtk[0] is sufficient to be able to decode the traffic. The other # keys are only used when (L)GTLK expire. #gtk[0] = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 #gtk[1] = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 #gtk[2] = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 #gtk[3] = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 #lgtk[0] = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 #lgtk[1] = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 #lgtk[2] = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 # Fix the PAN size (number of connected nodes) advertised by the border router # in PAN-IE to simulate a busy network in testing environments. #pan_size = 1000 # List of filtered MAC addresses (EUI-64). # Border router will prevent communication with any device whose MAC address # does not match any item in the 'allowed' list, OR will prevent communication # with any device whose MAC address matches any item in the 'denied' list. # 'allowed' and 'denied' lists are mutually exclusive and cannot be used at the # same time. # By default, all MAC addresses are allowed. # One line per allowed or denied MAC address (maximum 10) #allowed_mac64 = 00:00:00:00:00:00:00:00 #denied_mac64 = 00:00:00:00:00:00:00:00 # Capture incoming Wi-SUN traffic in pcapng format. Use a FIFO to analyze # packets in real time using Wireshark. Acknowledgments are not captured # since they are processed at the RCP level. #pcap_file = /tmp/dump.pcapng