Hi,
- Mmm, not sure if it will me useful for me, but how do you communicate 2 > HIP daemons for the base exchange? I think throught IF_HIP sockets, or > something like that, right? What are exactly this sockets? Could I use this > sockets to communicate 2 normal daemons for Access Control (decision and > enforcement) before the establishment of the HIP connection? > (Mmm, thinking again... I could use even HIP to communicate between this 2 > daemons, but what I need is *not* to "intercept" this communication for AC, > since it is the AC itself...). I am not sure quite sure if I understood but I'll try to answer anyway. First of all, there can be only a single HIP daemon in a system. Otherwise you'll get weird effects and race conditions when the daemons try to intercept the same HIP control packets.
No, just one hip daemon in each system, but different systems (ie, when doing the base exchange between 2 different hosts). How the daemons communicate with each other? (That is, how are the I1, R1, I2, R2 sent? Through AF_HIP sockets or soemthing similar?). Second, if you want to enforce Access Control Lists (ACLs) in the hip
daemon, you can do this through the UDP unix localdomain socket. See how tools/hipconftool.c communications with HIP daemon through hipd.c/user.c. Third, if you want to do HIT or HI based firewall filtering, this is already implemented. Please see firewall directory and the manual in the web.
Mmm, yes something similar. Acesss control of subjects and resources, where these ones are identified with HI. But we are trying to do it with the XACML standard, so the HIP firewall doesn't fit in our solution. Thanks anyway. Regards, -- Jesús Rojo Martínez. Human Resources responsible BEST Stockholm - Kungliga Tekniska Högskolan BEST - Board of European Students of Technology (www.BEST.eu.org) e-mail: jrojomartinez@xxxxxxxxx phone: +46704369273 MSN: jrojomartinez@xxxxxxx