[hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application

From: Miika Komu <miika.komu@xxxxxxx>
To: hipl-users@xxxxxxxxxxxxx
Date: Mon, 08 Jun 2009 13:33:53 +0300

Adrian Alvarez wrote:

Hi,

run "/etc/init.d/hipfw restart" on both sides and please try again. Itappears that you have the queue rules in place but no hipfw running(crashed?). This causes ESP packets to be "stuck". Hope this helps...

hello again,
I tried adding tcp port 1111 to ip6tqbles and we are still unable totransfer data. Here is the information of the system at the time of theissue:
Responder information:

SAs
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
216 bytes received from HIP daemon
HA is ESTABLISHED
 Local HIT: 2001:0018:ea59:a472:459f:ec45:
0cdc:7113
 Peer  HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc
 Local LSI: 1.0.0.1
 Peer  LSI: 1.0.0.2
 Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0002
 Local NAT traversal UDP port: 0
 Peer  IP: 3ffe:0000:0000:0000:0000:0000:0000:0004
 Peer  NAT traversal UDP port: 0
 Peer  hostname:

ip xfrm
src 3ffe::2 dst 3ffe::4
    proto esp spi 0x70e176a1 reqid 0 mode beet
    replay-window 0
    auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec
    enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4
sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128
src 3ffe::4 dst 3ffe::2
    proto esp spi 0xdfcd7423 reqid 0 mode beet
    replay-window 0
    auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52
    enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5
sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst2001:18:ea59:a472:459f:ec45:cdc:7113/128
uname
Linux vault101 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC2009 i686 GNU/Linux
hipd_config

# Format of this file is as with hipconf, but without hipconf prefix
# add hi default    # add all four HITs (see bug id 522)
# add map HIT IP    # preload some HIT-to-IP mappings to hipd
# add service rvs # the host acts as HIP rendezvous (see also/etc/hip/relay_config)# add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> #register to rendezvous server
hit-to-ip on # resolve HITs to locators in dynamic DNS zone
# hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net/>.# resolve HITs to locators in dynamic DNS zone
nsupdate off # send dynamic DNS updates
# heartbeat 10 # send ICMPv6 messages inside HIP tunnels
# add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net/> 50000# Register to free RVS at infrahipopendht off # turn DHT support on (use /etc/hip/dhtservers to define theused server)
# locator on        # host sends all of its locators in base exchange
# opp normal|advanced|none
# transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL)

#nat plain-udp       # use UDP capsulation (for NATted environments)
debug medium        # debug verbosity: all, medium or none


iptables

Chain INPUT (policy ACCEPT)
target prot opt source destinationHIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain FORWARD (policy ACCEPT)
target prot opt source destinationHIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0>0.0.0.0/0 <http://0.0.0.0/0>
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationHIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destination
Chain HIPFW-OUTPUT (1 references)
target prot opt source destinationQUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> 1.0.0.0/8<http://1.0.0.0/8>
ip6tables

Chain INPUT (policy ACCEPT)
target prot opt source destinationHIPFW-INPUT all ::/0 ::/0
Chain FORWARD (policy ACCEPT)
target prot opt source destinationHIPFW-FORWARD all ::/0 ::/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationHIPFW-OUTPUT all ::/0 ::/0
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destinationQUEUE all ::/0 2001:10::/28
ps aux|grep hip
nobody    3615  0.0  0.0  14668  2504 pts/0    S+   11:30   0:00 hipd
root      4916  0.0  0.0   3336   788 pts/3    R+   11:43   0:00 grep hip

ps aux|grep dns
root      4918  0.0  0.0   3336   788 pts/3    R+   11:43   0:00 grep dns


Initiator's info


Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
216 bytes received from HIP daemon
HA is ESTABLISHED
 Local HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc
 Peer  HIT: 2001:0018:ea59:a472:459f:ec45:0cdc:7113
 Local LSI: 1.0.0.1
 Peer  LSI: 1.0.0.2
 Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0004
 Local NAT traversal UDP port: 0
 Peer  IP: 3ffe:0000:0000:0000:0000:0000:0000:0002
 Peer  NAT traversal UDP port: 0
 Peer  hostname: vault101


src 3ffe::4 dst 3ffe::2
    proto esp spi 0xdfcd7423 reqid 0 mode beet
    replay-window 0
    auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52
    enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5
sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst2001:18:ea59:a472:459f:ec45:cdc:7113/128
src 3ffe::2 dst 3ffe::4
    proto esp spi 0x70e176a1 reqid 0 mode beet
    replay-window 0
    auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec
    enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4
sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128
Linux vault113 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC2009 i686 GNU/Linux
# Format of this file is as with hipconf, but without hipconf prefix
# add hi default    # add all four HITs (see bug id 522)
# add map HIT IP    # preload some HIT-to-IP mappings to hipd
# add service rvs # the host acts as HIP rendezvous (see also/etc/hip/relay_config)# add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> #register to rendezvous server
hit-to-ip on # resolve HITs to locators in dynamic DNS zone
# hit-to-ip set hit-to-ip.infrahip.net <http://hit-to-ip.infrahip.net>.# resolve HITs to locators in dynamic DNS zone
nsupdate on # send dynamic DNS updates
# heartbeat 10 # send ICMPv6 messages inside HIP tunnels
# add server rvs hiprvs.infrahip.net <http://hiprvs.infrahip.net> 50000# Register to free RVS at infrahipopendht on # turn DHT support on (use /etc/hip/dhtservers to define theused server)
# locator on        # host sends all of its locators in base exchange
# opp normal|advanced|none
# transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL)

nat plain-udp       # use UDP capsulation (for NATted environments)
debug medium        # debug verbosity: all, medium or none



iptable
Chain INPUT (policy ACCEPT)
target prot opt source destinationHIPFW-INPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> tcp dpt:1111
Chain FORWARD (policy ACCEPT)
target prot opt source destinationHIPFW-FORWARD all -- 0.0.0.0/0 <http://0.0.0.0/0>0.0.0.0/0 <http://0.0.0.0/0>
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationHIPFW-OUTPUT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destination
Chain HIPFW-OUTPUT (1 references)
target prot opt source destinationQUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> 1.0.0.0/8<http://1.0.0.0/8>
ip6table
Chain INPUT (policy ACCEPT)
target prot opt source destinationHIPFW-INPUT all ::/0 ::/0ACCEPT tcp ::/0 ::/0 tcp dpt:1111
Chain FORWARD (policy ACCEPT)
target prot opt source destinationHIPFW-FORWARD all ::/0 ::/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationHIPFW-OUTPUT all ::/0 ::/0
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destinationQUEUE all ::/0 2001:10::/28
Chain HIPFW-OUTPUT (1 references)
target prot opt source destination
nobody   13663  0.0  0.0  14792  2792 pts/0    S+   11:36   0:00 hipd
root     14735  0.0  0.0   3336   788 pts/2    R+   11:52   0:00 grep hip



root     14737  0.0  0.0   3336   792 pts/2    R+   11:52   0:00 grep dns


thanks,


Adrian
On Mon, Jun 8, 2009 at 10:09 AM, Miika Komu <miika.komu@xxxxxxx<mailto:miika.komu@xxxxxxx>> wrote:
    Adrian Alvarez wrote:

    Hi,

    I got connection refused, but after allowing tcp port 1111 in
    iptables/ip6tables it started working.

    I added some bug reporting instructions to bugzilla. Please give all
    information for us to try to reproduce the problem:

    http://infrahip.hiit.fi/hipl/manual/ch08.html

    Are you running kernel version >= 2.6.27?

        Hi all,
        We are having some problems trying establish communications
        between two hosts using hip. We have followed the instruction of
        the manual very closely, however, it is impossible to transfer
        some date from one host to another using hip.

        We are using wireshark to monitor the exchange, and we were able
        to observe the following:

        1) HIP base exchange between the two hosts is completed.
        2) TCP data transfer via HIP is not realized.
        3) The initiator node sends a TCP SYN with the HIT info, but the
        responder node fails to send an ACK back.

        This seems similar to Shashank's issue.
        Any light on this matter would be useful.

        Thank you all.
        Adrian.

        On Sun, Jun 7, 2009 at 3:56 PM, shashank m <shashanm@xxxxxxxxx
        <mailto:shashanm@xxxxxxxxx> <mailto:shashanm@xxxxxxxxx
        <mailto:shashanm@xxxxxxxxx>>> wrote:

           Hello,
I was trying to connect two systems locally using hip with an
               IPV6 application given in the manual.*Conntest-client* and
               *conntest-server*.I have disabled opendht support as I have
               given the mapping between the HIT s and Ipv6 addresses
        manually
               using *hipconf*.


               after executing "Conntest-client-hip [HIT_server] tcp 1111"

               it prints the mapping with the hit and IPV6 address of the
               server and the base exchange happens but the messages are not
               transmitted to the server .I think that the mapping is not
               working properly in the code .Please do solve the problem


               in the client console i often see this messsae


               """------State established not triggering bex--------" this
               message comes repeatedly .I think this is only because of the
               mapping problem .Correct me if I am wrong.



           Thanks in advance,

           Regards,
           Shashank.M.

Follow-Ups:
- [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
  - From: shashank m

References:
- [hipl-users] Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
  - From: shashank m
- [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
  - From: Adrian Alvarez
- [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
  - From: Miika Komu
- [hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
  - From: Adrian Alvarez

[hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application

Other related posts: