[hipl-users] Re: Doubts: Detecting HITs & How not to use HIP

• From: "Jesús Rojo Martínez" <jrojomartinez@xxxxxxxxx>
• To: hipl-users@xxxxxxxxxxxxx
• Date: Tue, 13 Mar 2007 17:05:12 +0100

Hi,

- Mmm, not sure if it will me useful for me, but how do you communicate 2
> HIP daemons for the base exchange? I think throught IF_HIP sockets, or
> something like that, right? What are exactly this sockets? Could I use
this
> sockets to communicate 2 normal daemons for Access Control (decision and
> enforcement) before the establishment of the HIP connection?
> (Mmm, thinking again... I could use even HIP to communicate between this
2
> daemons, but what I need is *not* to "intercept" this communication for
AC,
> since it is the AC itself...).

I am not sure quite sure if I understood but I'll try to answer
anyway. First of all, there can be only a single HIP daemon in a system.
Otherwise you'll get weird effects and race conditions when the daemons
try to intercept the same HIP control packets.

 No, just one hip daemon in each system, but different systems (ie, when
doing the base exchange between 2 different hosts). How the daemons
communicate with each other? (That is, how are the I1, R1, I2, R2 sent?
Through AF_HIP sockets or soemthing similar?).


Second, if you want to enforce Access Control Lists (ACLs) in the hip

daemon, you can do this through the UDP unix localdomain socket. See how
tools/hipconftool.c communications with HIP daemon through hipd.c/user.c.

Third, if you want to do HIT or HI based firewall filtering, this is
already implemented. Please see firewall directory and the manual in the
web.

 Mmm, yes something similar. Acesss control of subjects and resources,
where these ones are identified with HI. But we are trying to do it with the
XACML standard, so the HIP firewall doesn't fit in our solution. Thanks
anyway.

 Regards,

--
Jesús Rojo Martínez.
Human Resources responsible BEST Stockholm - Kungliga Tekniska Högskolan
BEST - Board of European Students of Technology (www.BEST.eu.org)

e-mail: jrojomartinez@xxxxxxxxx
phone: +46704369273
MSN: jrojomartinez@xxxxxxx

• Follow-Ups:
  • [hipl-users] Re: Doubts: Detecting HITs & How not to use HIP
    • From: Miika Komu

• References:
  • [hipl-users] Doubts: Detecting HITs & How not to use HIP
    • From: Jesús Rojo Martínez
  • [hipl-users] Re: Doubts: Detecting HITs & How not to use HIP
    • From: Miika Komu

Other related posts:

• » [hipl-users] Doubts: Detecting HITs & How not to use HIP
• » [hipl-users] Re: Doubts: Detecting HITs & How not to use HIP
• » [hipl-users] Re: Doubts: Detecting HITs & How not to use HIP
• » [hipl-users] Re: Doubts: Detecting HITs & How not to use HIP
• » [hipl-users] Re: Doubts: Detecting HITs & How not to use HIP
• » [hipl-users] Re: Doubts: Detecting HITs & How not to use HIP

1. Home
2. hipl-users
3. Archive
4. 03-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---