On Thu, 16 Nov 2006, Tomi Hautakoski wrote:
On Wed, 15 Nov 2006, Miika Komu wrote:On Fri, 10 Nov 2006, Tomi Hautakoski wrote:I'm wondering if anyone has had problems like this before. I'm using a test program running on two hosts, 3ffe::1 and 3ffe::3. First the 3ffe::1 makes the hipconf add map HIT_OF_3ffe:3 3ffe::3 and then pings 3ffe::3. Now the BE should be done and it sends a small UDP packet to the other hosts HIT. Sometimes this works just fine but most of the time I get weird symtoms from hip, like I1,I1,R1,R1 (here's the log: http://www.ee.oulu.fi/~thautako/hip-log-10-11-06.txt) and then it just keeps on printing the "debug(nlink.c:209@netlink_talk): 0 0 0 1163164643" message until I press ctrl-c.Does setting hipd/hipd.h:HIP_NETLINK_TALK_ACK to zero help you? Hmm, I remembered that this should have been zero by default. See also the long comment in libhiptool/nlink.c:netlink_talk().I changed this but it had no effect. However, looks like I was able to debug what's the reason for the problems mentioned above. I've been thinking that using RSA keys with all machines is ok and so my test program also adds it's RSA public hit to the sender field of the ip packet it sends. This was done because sometimes I need to send that same packet labeled with my ipv6 address as sender.
I am not sure if I quite understand your description. Do you mean that you communicate HITs in application layer payload (IP(TCP(HIT)))?
Now Ethereal showed that depending on the computer I was trying to establish a hip connection, hipd used my RSA hit or DSA hit and it failed because I always sent my ip packet with RSA hit. And all this while I'm connecting to peers RSA HIT. Maybe this could be fixed sometime in the future so that hipd doesnt start looping even when the user program is using a wrong sender address.
It is possible for the initiator to use RSA and the responder to use DSA and vice versa. Are you sure that your problem is related to this or is the netlink interface just playing weird tricks on your platform?
Anyway, I'm wondering is there a way to force hip to use only RSA hits or some other way to go around this problem? I tried leaving the ip packets sender field empty and that way the hip traffic flows fine from my programs point of view but the complication is that now I dont know which sender hit I'm using with different peers. All the peers tested so far have the same hip and kernel version. Right now I'm compiling the peers kernel with the same .config as my host, maybe that will have same effect...
Hmm.. currently the only way to do this is to delete the DSA hits from the dummy interface.
And thanks for your patience Miika, your answers have been very valuable!
No problem, my pleasure. -- Miika Komu http://www.iki.fi/miika/