Hello Miika, thank you for your help.
I looked up the manual and didn't find how to generate de HIT. Browsing the mailing list i found one mail from January 2005 where Irene Garcia Vargas spoke about generating a valid HIT. Are that instructions up to date? Doing hipconf add hi default i obtained 4 different HITs:
debug(crypto.c:1053@dsa_to_hit): HIT is 4075:f2ca:93ec:86b6:1317:f25f:3b21:d5d debug(debug.c:430@hip_print_hit): DSA HIT: 4075:f2ca:93ec:86b6:1317:f25f:3b21:0d5d debug(crypto.c:1053@dsa_to_hit): HIT is 4059:815f:5d24:d5bf:e831:9236:b493:ca3d debug(debug.c:430@hip_print_hit): DSA HIT: 4059:815f:5d24:d5bf:e831:9236:b493:ca3d debug(crypto.c:1184@rsa_to_hit): HIT is 40ac:e6b2:8a0e:28d4:cd9a:b844:b1d6:6df9 debug(debug.c:430@hip_print_hit): RSA HIT: 40ac:e6b2:8a0e:28d4:cd9a:b844:b1d6:6df9 debug(crypto.c:1184@rsa_to_hit): HIT is 40ba:f913:a523:9770:dbd5:e4ca:ee4:f46b debug(debug.c:430@hip_print_hit): RSA HIT: 40ba:f913:a523:9770:dbd5:e4ca:0ee4:f46b
Because i didn't know which one to use i tried the 4 of them using both methods you explained in your previous mail:
1) hipconf add map HIT IP ping6 HIT 2) <configure /etc/hip/hosts and /etc/hosts to have HOSTNAME> ping6 HOSTNAME
Everytime i did ping6 any of the HITS i got Host Unreachable.
What is the proper way to generate a HIT? If i understood correctly the /etc/hosts should have:
<IP> PeerHostName
and in /etc/hip/hosts
<HIT> PeerHostName
The daemon will then obtain <IP> <HIT> mapping. Is this correct?
Thank you,
Fernando
Miika Komu wrote:
On Thu, 30 Mar 2006, Fernando Moreira wrote:
Hi all, i've just installed hipl but i have some doubts. I haven't understood how hipl works...
Simply running hipd, it eventually died because there weren't any of the following files: hip_host_dsa_key_anon hip_host_dsa_key_pub hip_host_rsa_key_anon hip_host_rsa_key_pub
Then, i used tools/hipconf to generate those files and ended up with 8
files:
hip_host_dsa_key_anon
hip_host_dsa_key_pub
hip_host_rsa_key_anon
hip_host_rsa_key_pub
hip_host_dsa_key_anon.pub
hip_host_dsa_key_pub.pub
hip_host_rsa_key_anon.pub
hip_host_rsa_key_pub.pub
Yes, this is instructed also in the HOWTO. The specifications recommend that a host should have two public and two anonymous host identifiers.
By comparison with some other implementations, like HIP4BSD, i can see
that some of the files correspond to the host's private and public key,
but i don't understand the use of all the files.
The prefix of all keys is "hip_host". After that is the algo "dsa" or "rsa". Then we have the privacy type of the hit, either "public" (can be e.g. published in dns) or "anon" (can be changed frequently). Now, after this there can be .pub suffic. If it is not present, it means the private key. If it is present, it means the public key part of the private key.
Some other questions:
Will it be possible to ping the peer using it's HIT?
Yes, if you do it either way:
1) hipconf add map HIT IP ping6 HIT 2) <configure /etc/hip/hosts and /etc/hosts to have HOSTNAME> ping6 HOSTNAME
Will the base exchange be triggered by the first data packet exchanged?
Yes.
In which interface can the HIP packets be captured - dummy0 or any
physical interface?
In general, a physical interface.
Should there be a HIT - IP mapping in the /etc/hip/hosts file? - Can
you please send me an example of that file....
Yes, there should be, unless you use method 1 described above.
ritsa:# cat /etc/hip/hosts 11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2 panu
DNS AAAA support should also be working.