[hipl-users] Re: Problem during Testing HIP connection between two locally connected hosts using an IPv6 application
- From: Adrian Alvarez <aralvarez33@xxxxxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Mon, 8 Jun 2009 12:02:20 +0200
hello again,
I tried adding tcp port 1111 to ip6tqbles and we are still unable to
transfer data. Here is the information of the system at the time of the
issue:
Responder information:
SAs
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
216 bytes received from HIP daemon
HA is ESTABLISHED
Local HIT: 2001:0018:ea59:a472:459f:ec45:0cdc:7113
Peer HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0002
Local NAT traversal UDP port: 0
Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0004
Peer NAT traversal UDP port: 0
Peer hostname:
ip xfrm
src 3ffe::2 dst 3ffe::4
proto esp spi 0x70e176a1 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec
enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4
sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst
2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128
src 3ffe::4 dst 3ffe::2
proto esp spi 0xdfcd7423 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52
enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5
sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst
2001:18:ea59:a472:459f:ec45:cdc:7113/128
uname
Linux vault101 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009
i686 GNU/Linux
hipd_config
# Format of this file is as with hipconf, but without hipconf prefix
# add hi default # add all four HITs (see bug id 522)
# add map HIT IP # preload some HIT-to-IP mappings to hipd
# add service rvs # the host acts as HIP rendezvous (see also
/etc/hip/relay_config)
# add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register
to rendezvous server
hit-to-ip on # resolve HITs to locators in dynamic DNS zone
# hit-to-ip set hit-to-ip.infrahip.net. # resolve HITs to locators in
dynamic DNS zone
nsupdate off # send dynamic DNS updates
# heartbeat 10 # send ICMPv6 messages inside HIP tunnels
# add server rvs hiprvs.infrahip.net 50000 # Register to free RVS at
infrahip
opendht off # turn DHT support on (use /etc/hip/dhtservers to define the
used server)
# locator on # host sends all of its locators in base exchange
# opp normal|advanced|none
# transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL)
#nat plain-udp # use UDP capsulation (for NATted environments)
debug medium # debug verbosity: all, medium or none
iptables
Chain INPUT (policy ACCEPT)
target prot opt source destination
HIPFW-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
HIPFW-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
HIPFW-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destination
Chain HIPFW-OUTPUT (1 references)
target prot opt source destination
QUEUE all -- 0.0.0.0/0 1.0.0.0/8
ip6tables
Chain INPUT (policy ACCEPT)
target prot opt source destination
HIPFW-INPUT all ::/0 ::/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
HIPFW-FORWARD all ::/0 ::/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
HIPFW-OUTPUT all ::/0 ::/0
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destination
QUEUE all ::/0 2001:10::/28
ps aux|grep hip
nobody 3615 0.0 0.0 14668 2504 pts/0 S+ 11:30 0:00 hipd
root 4916 0.0 0.0 3336 788 pts/3 R+ 11:43 0:00 grep hip
ps aux|grep dns
root 4918 0.0 0.0 3336 788 pts/3 R+ 11:43 0:00 grep dns
Initiator's info
Sending user message 22 to HIPD on socket 3
Sent 40 bytes
Waiting to receive daemon info.
216 bytes received from HIP daemon
HA is ESTABLISHED
Local HIT: 2001:001a:c2da:a601:1cfd:e9dd:5719:37dc
Peer HIT: 2001:0018:ea59:a472:459f:ec45:0cdc:7113
Local LSI: 1.0.0.1
Peer LSI: 1.0.0.2
Local IP: 3ffe:0000:0000:0000:0000:0000:0000:0004
Local NAT traversal UDP port: 0
Peer IP: 3ffe:0000:0000:0000:0000:0000:0000:0002
Peer NAT traversal UDP port: 0
Peer hostname: vault101
src 3ffe::4 dst 3ffe::2
proto esp spi 0xdfcd7423 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0x01db34f498c91be1ad6aa858dd765f484d69fc52
enc cbc(aes) 0x10a036d9e3558f9dbc1ff00e4e0f28e5
sel src 2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128 dst
2001:18:ea59:a472:459f:ec45:cdc:7113/128
src 3ffe::2 dst 3ffe::4
proto esp spi 0x70e176a1 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0xbd7c623ba16ee3b08c0cfd0619d0f003940d4cec
enc cbc(aes) 0x82cc95e7d55624bb2dca3ae8302a6fc4
sel src 2001:18:ea59:a472:459f:ec45:cdc:7113/128 dst
2001:1a:c2da:a601:1cfd:e9dd:5719:37dc/128
Linux vault113 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009
i686 GNU/Linux
# Format of this file is as with hipconf, but without hipconf prefix
# add hi default # add all four HITs (see bug id 522)
# add map HIT IP # preload some HIT-to-IP mappings to hipd
# add service rvs # the host acts as HIP rendezvous (see also
/etc/hip/relay_config)
# add server rvs [RVS-HIT] <RVS-IP-OR-HOSTNAME> <lifetime-secs> # register
to rendezvous server
hit-to-ip on # resolve HITs to locators in dynamic DNS zone
# hit-to-ip set hit-to-ip.infrahip.net. # resolve HITs to locators in
dynamic DNS zone
nsupdate on # send dynamic DNS updates
# heartbeat 10 # send ICMPv6 messages inside HIP tunnels
# add server rvs hiprvs.infrahip.net 50000 # Register to free RVS at
infrahip
opendht on # turn DHT support on (use /etc/hip/dhtservers to define the used
server)
# locator on # host sends all of its locators in base exchange
# opp normal|advanced|none
# transform order 213 # crypto preference order (1=AES, 2=3DES, 3=NULL)
nat plain-udp # use UDP capsulation (for NATted environments)
debug medium # debug verbosity: all, medium or none
iptable
Chain INPUT (policy ACCEPT)
target prot opt source destination
HIPFW-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111
Chain FORWARD (policy ACCEPT)
target prot opt source destination
HIPFW-FORWARD all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
HIPFW-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destination
Chain HIPFW-OUTPUT (1 references)
target prot opt source destination
QUEUE all -- 0.0.0.0/0 1.0.0.0/8
ip6table
Chain INPUT (policy ACCEPT)
target prot opt source destination
HIPFW-INPUT all ::/0 ::/0
ACCEPT tcp ::/0 ::/0 tcp dpt:1111
Chain FORWARD (policy ACCEPT)
target prot opt source destination
HIPFW-FORWARD all ::/0 ::/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
HIPFW-OUTPUT all ::/0 ::/0
Chain HIPFW-FORWARD (1 references)
target prot opt source destination
Chain HIPFW-INPUT (1 references)
target prot opt source destination
QUEUE all ::/0 2001:10::/28
Chain HIPFW-OUTPUT (1 references)
target prot opt source destination
nobody 13663 0.0 0.0 14792 2792 pts/0 S+ 11:36 0:00 hipd
root 14735 0.0 0.0 3336 788 pts/2 R+ 11:52 0:00 grep hip
root 14737 0.0 0.0 3336 792 pts/2 R+ 11:52 0:00 grep dns
thanks,
Adrian
On Mon, Jun 8, 2009 at 10:09 AM, Miika Komu <miika.komu@xxxxxxx> wrote:
> Adrian Alvarez wrote:
>
> Hi,
>
> I got connection refused, but after allowing tcp port 1111 in
> iptables/ip6tables it started working.
>
> I added some bug reporting instructions to bugzilla. Please give all
> information for us to try to reproduce the problem:
>
> http://infrahip.hiit.fi/hipl/manual/ch08.html
>
> Are you running kernel version >= 2.6.27?
>
> Hi all,
>> We are having some problems trying establish communications between two
>> hosts using hip. We have followed the instruction of the manual very
>> closely, however, it is impossible to transfer some date from one host to
>> another using hip.
>>
>> We are using wireshark to monitor the exchange, and we were able to
>> observe the following:
>>
>> 1) HIP base exchange between the two hosts is completed.
>> 2) TCP data transfer via HIP is not realized.
>> 3) The initiator node sends a TCP SYN with the HIT info, but the responder
>> node fails to send an ACK back.
>>
>> This seems similar to Shashank's issue.
>> Any light on this matter would be useful.
>>
>> Thank you all.
>> Adrian.
>>
>> On Sun, Jun 7, 2009 at 3:56 PM, shashank m <shashanm@xxxxxxxxx <mailto:
>> shashanm@xxxxxxxxx>> wrote:
>>
>> Hello,
>>
>> I was trying to connect two systems locally using hip with an
>> IPV6 application given in the manual.*Conntest-client* and
>> *conntest-server*.I have disabled opendht support as I have
>> given the mapping between the HIT s and Ipv6 addresses manually
>> using *hipconf*.
>>
>>
>> after executing "Conntest-client-hip [HIT_server] tcp 1111"
>>
>> it prints the mapping with the hit and IPV6 address of the
>> server and the base exchange happens but the messages are not
>> transmitted to the server .I think that the mapping is not
>> working properly in the code .Please do solve the problem
>>
>>
>> in the client console i often see this messsae
>>
>>
>> """------State established not triggering bex--------" this
>> message comes repeatedly .I think this is only because of the
>> mapping problem .Correct me if I am wrong.
>>
>>
>>
>> Thanks in advance,
>>
>> Regards,
>> Shashank.M.
>>
>>
>>
>
>
Other related posts:
