[hipl-dev] Re: [Question #200462]: hipl development package
- From: Miika Komu <question200462@xxxxxxxxxxxxxxxxxxxxx>
- To: hipl-dev@xxxxxxxxxxxxx
- Date: Sun, 28 Oct 2012 10:35:50 -0000
Question #200462 on HIPL changed:
https://answers.launchpad.net/hipl/+question/200462
Status: Open => Answered
Miika Komu proposed the following answer:
> Because my applications using IPv4 addresses, I want to assing them own LSI
> (not standart -- 1.0.0.1/2) and use them in my
> applications. How can I do this?
In HIPL, 1.0.0.1 is the local host. At the moment, you can't change this
value from hipconf but rather modify the code (check the usage of
HIP_LSI_PREFIX and grep -r for "1.0.0" string from the code).
You can assign the remote host LSIs freely, assuming you use the
1.0.0.0/8 namespace. The remote LSIs are configure similarly as HITs.
For instance, I have in /etc/hip/hosts:
2001:15:e156:8a78:3226:dbaa:f2ff:ed06 test
1.0.0.2 test
and the following in /etc/hosts:
192.168.1.2 test
The symbolic host name binds these mappings together. If I don't specify
the LSI, hipd will just allocate the first free LSI for the remote host
during the key exchange.
Few notes:
* You can "overload" all this information to /etc/hosts if you don't want to
use /etc/hip/hosts at all.
* You may have to restart hipd after changing the files
> Also somewhere in the manual I read that LSI are available only on
localhost. Is this true?
Yes, each individual host is supposed to manage it's own LSIs. You can
consider it as an "alias" to a HIT.
(For research purposes, you could consider publishing LSIs in a local
DNS using "split horizon" to keep the LSI information local to the
network. However, hipd does not support this and this works only for
static configurations where hosts do not move outside of the local
network. Also, the LSIs are not inherently secure like HITs)
> If so, how else can I customize the HIT-IP mapping, use the
hipdnsproxy?
For local (testing purposes), you can use:
a) Combination of /etc/hip/hosts and /etc/hosts files (requires DNS proxy)
b) Overload this in /etc/hosts (does not require DNS proxy)
c) It is possible also to use /etc/hip/hipd_config but this is mainly suitable
e.g. with registration to rendezvous servers.
For global (production-like) environment you should set up your own DNS
server and publish the public keys there (instructions in the manual).
This requires support from the DNS proxy to translate public keys into
HITs. You can test our DNS service by running dnsproxy and then typing
e.g. "host crossroads.infrahip.net". You can get the full information
with "dig -t any crossroads.infrahip.net".
> Could you also comment on, what the command <hipconf daemon run
normal|opp _app_> does?
This is has been removed from the latest releases but it appears it is
still mentioned in the manua (I'll remove)l. If you're interested in
what this did, here are the details:
http://www.niksula.cs.hut.fi/~mkomu/docs/ccnc09.pdf
--
You received this question notification because you are a member of HIPL
core team, which is an answer contact for HIPL.
Other related posts:
