------------------------------------------------------------ revno: 5294 committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx> branch nick: opp-removal timestamp: Mon 2011-01-10 19:26:29 +0100 message: remove reference to opportunistic mode in manual modified: doc/HOWTO.xml.in -- lp:~hipl-core/hipl/opp-removal https://code.launchpad.net/~hipl-core/hipl/opp-removal Your team HIPL core team is subscribed to branch lp:~hipl-core/hipl/opp-removal. To unsubscribe from this branch go to https://code.launchpad.net/~hipl-core/hipl/opp-removal/+edit-subscription
=== modified file 'doc/HOWTO.xml.in' --- doc/HOWTO.xml.in 2011-01-06 19:50:27 +0000 +++ doc/HOWTO.xml.in 2011-01-10 18:26:29 +0000 @@ -1056,29 +1056,7 @@ hipconf command also to @sysconfdir@/hipd_config and restart hipd. </para> </section> - <section id="sec_advanced_methods"> - <title>Experimental Methods</title> - <para> - These methods are experimental. Use with care and only if you know what you are doing! - </para> - <para> - 1. Use the opportunistic mode as described in - <xref linkend="opportunistic" />. This method works with both IPv4 and - IPv6 applications. It does not require any HIP name configuration at all. - </para> - <para> - 1a. Running a single IPv6-enabled application using HIP: <emphasis>hipconf run opp <EXECUTABLE></emphasis> - </para> - <para> - 1b. Enabling HIP for all applications in bash shell (add to bashrc if you want to set this permanently): <emphasis>export LD_PRELOAD=libopphip.so:libhiptool.so</emphasis> - </para> - <para> - 2. Use the system-based opportunistic mode as instructed in - <xref linkend="sys_based_opp_mode" />. Does not require either - any kind of HIP name configuration at all. - </para> - </section> - + <section id="ch_tips_for_hip"> <title>Tips for Using HIP with Some Applications</title> <section id="sec_using_hip_proxy"> @@ -2796,249 +2774,6 @@ <chapter id="ch_exp_extensions"> <title>Other Experimental HIP Extensions</title> - <section id="opportunistic"> - <title>Using Opportunistic mode</title> - <itemizedlist> - <listitem><para> - Opportunistic mode has two benefits. First, you don't have to know - the HIT of the peer. This is makes HIP more suitable to "ad-hoc" - environments where preconfiguration of HITs is difficult. Second, the - opp. mode implementation allows the use of IPv4 addresses at the - application. This way, even IPv4-only legacy applications can benefit - from the security and mobility features of HIP. - </para></listitem> - <listitem><para> - Opportunistic mode is compiled on by default. In order to use Opportunistic mode enabled HIP, the following steps are needed: - </para></listitem> - <listitem><para> - Move to top level of HIPL - </para></listitem> - <listitem><para> - e.g. cd hipl - </para></listitem> - <listitem><para> - Run autoreconf - </para></listitem> - <listitem><para> - autoreconf --install - </para></listitem> - <listitem><para> - Run configure - </para></listitem> - <listitem><para> - ./configure - </para></listitem> - <listitem><para> - Run make - </para></listitem> - <listitem><para> - make - </para></listitem> - <listitem><para> - Run make install - </para></listitem> - <listitem><para> - make install - </para></listitem> - <listitem><para> - Run hip daemon on both "crash" and "oops" - </para></listitem> - <listitem><para> - hipd - </para></listitem> - <listitem><para> - Use the hipconf tool to set up HIP Opportunistic mode on both - hosts manually. "hipconf set opp on|off" is used to - enable/disable opportunistic mode. By default it is on. - </para></listitem> - <listitem><para> - Now the opportunistic mode is enabled. To test Opportunistic mode, you need to remove crash's HITs and name from @sysconfdir@/hosts, and then following the steps in <xref linkend="ch_basictest" />. - </para></listitem> - </itemizedlist> - - <para> - HIPL supports also opportunistic mode that is uses TCP options to - detect whether peer supports HIP or not. This is particularly - useful in networking environments without HIP look up - infrastructure (DNS/etc) and where the number of HIP hosts - is small. This "advanced" version of the opportunistic mode - enables fast and backwards compatible fallback to non-HIP - communications for TCP connections when the peer does not support - HIP. To use the opportunistic mode, start both the hipd and hipfw (e.g. with option -A). - Then instruct "hipconf set opp advanced" and use the opportunistic mode as instructed - earlier in this section. -</para> - - <section id="efficient_HIP_detection"> - <title>Opportunistic mode with efficient detection of peer HIP capability</title> - <para> - The normal HIP opportunistic mode experiences a delay when - a HIP peer tries to communicate with a non-HIP peer. This happens - because the initiator waits for a HIP response before falling - back on normal TCP communication. The efficient detection of - peer HIP capability enables us to detect peer HIP capability or - the lack thereof. If we detect that the peer supports HIP, we - continue the HIP opportunistic communication. Otherwise, - communication falls back on plain TCP. Efficient detection of - peer HIP capability is enabled with the second of the following - commands. - </para> - <para> - As an example, we run the HIP daemon first. - </para> - <para> - 1. hipd - </para> - <para> - Afterwards, we run the firewall as shown in the following command. The - firewall is needed in case the peer does not support HIP, because it - captures the incoming TCP SYN_ACK packet and notifies the HIPD of the - lack of HIP support at the peer: - </para> - <para> - 2. hipfw -dA - </para> - <para> - Then, we enable efficient, undelayed detection of peer HIP - capability with the following command: - </para> - <para> - 3. hipconf set opp advanced - </para> - <para> - To try the feature, we initiate a TCP connection using the HIP - opportunistic library: - </para> - <para> - 4. hipconf run opp wget IP-number - </para> - <para> - One thing to stress here is that the receiver should also run the - firewall and enable the efficient HIP opportunistic mode in order - to be ensure being detected correctly. If this feature is not enabled - at the receiver, correct detection depends on the relative latency of a - TCP and a HIP packet. - </para> - <para> - The enabling at the receiver is done by executing step 2 after - the HIP daemon has started. - </para> - </section> - - <section id="sys_based_opp_mode"> - <title>System-based opportunistic mode (experimental)</title> - <para> - The system-based opportunistic mode enables HIP communication - without the use of the opportunistic library. If the peer does - not support HIP, communication falls back on normal TCP - communication. - </para> - <para> - The system-based opportunistic mode is implemented at the HIP - firewall. It is enabled with the -o option as shown below: - </para> - <para> - hipfw -dAo - </para> - <para> - Following is an example of all the steps to be followed at two peers - for using the system-based opportunistic mode between them. - </para> - <para> - At the responder, one can execute these steps: - </para> - <para> - 1. hipd - </para> - <para> - 2. hipfw -Aod - </para> - <para> - 3. nc -l 1111 - </para> - <para> - At the initiator, one can execute these steps: - </para> - <para> - 1. hipd - </para> - <para> - 2. hipfw -dAo - </para> - <para> - 3. nc <responder-ip> 1111 - </para> - </section> - -<!-- - <section> - - <title>Accessing the kernel peer list</title> - <itemizedlist> - <listitem> - <para>You can access the kernel's list of known HIP peers using the native - getendpointinfo name resolution interface.</para> - </listitem> - <listitem> - <para>By default, the interface first checks the @sysconfdir@/hosts file for - a matching host. If one is not found, the kernel is queried for its - list of known HIP peers and the list is examined for matches.</para> - </listitem> - <listitem> - <para>To only check the kernel list, set the hints.ei_flags to - AI_HIP | AI_KERNEL_LIST. This will use only the kernel list and will - not check the hosts file.</para> - </listitem> - <listitem> - <para>To retrieve the list of known peers from the kernel, set the - hints.ei_flags to AI_HIP | AI_KERNEL_LIST and the nodename to NULL. - This will query the kernel for the list and return the entire - list.</para> - </listitem> - </itemizedlist> - </section> ---> - - - <section id="ch_datapacket_mode"> - <title>Data packet mode (experimental)</title> - - <para> - HIPL supports the extensions defined in - <ulink url="http://tools.ietf.org/html/draft-nikander-hip-hiccups"; />. Support for the extensions - is very experimental and may not interoperate with other extensions in HIPL. The data packet mode does not - support sequence numbers, UDP encapsulation nor switching to ESP yet. Next, we'll give an example how to try out the extension: - </para> - - <para> - Start HIP software as follows both at the client and server host: - </para> - -<programlisting> -# hipd -k -# hipfw -Aid -# hipconf datapacket on -</programlisting> - - <para> - Notice that the last command can be also configured to @sysconfdir@/hipd_config - </para> - - <para> - Then execute at the client: - </para> - -<programlisting> -ping6 <HIT_OF_THE_SERVER> -</programlisting> - - <para> - Please do not take <HIT_OF_THE_SERVER> literally. You should replace it with the - actual HIT of the server. - </para> - </section> - </section> - <section id="ch_shotgun"> <title>"Shotgun" Extension</title>