[hipl-users] Re: RVS
- From: Miika Komu <miika@xxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Tue, 11 Apr 2006 17:50:59 +0300 (EEST)
On Mon, 10 Apr 2006, Fernando Moreira wrote:
> Thank you.
>
>
> Miika Komu wrote:
>
> >On Fri, 7 Apr 2006, Fernando Moreira wrote:
> >
> >
> >
> >>we've installed the new source code and compiled the kernel with the new
> >>patches. Now we can't make HIPL work with RVS or without RVS :) We can't
> >>establish communication between two hosts using neither conntest*
> >>applications nor simply using ping6.
> >>
> >>When trying to manually map the peer's HIT to it's IPv6 the 2 SPDs are
> >>created - in and outbound. Pinging the peer's HIT returns no response.
> >>
> >>If we do the same procedure on the peer (mapping on both hosts the
> >>peer's HIT on it's IP) no communication is established either. What we
> >>noticed is that the SPDs on both sides don't use the same HITs. Please
> >>check the following print:
Are you running "hipconf add map" on both sides? It is required only at
the initiator, i.e. at the host where you are running ping6.
> >Can you show the output of "ifconfig dummy0" on both hosts? Also, what it
> >the output of the hipd on both hosts?
> >
> >
> >
> >>We made some quick tests with RVS but without success. We would like to
> >>guarantee basic communication first. Thank you in advance for your help.
> >>
> >>
> >
> >Let's see first what is wrong the in the configuration with a regural base
> >exchange.
>
>
> ifconfig dummy0 Host1
>
> dummy0 Link encap:Ethernet HWaddr 7A:00:97:42:41:45
> inet addr:1.75.27.174 Bcast:0.0.0.0 Mask:255.255.255.255
> inet6 addr: 117f:712c:ccff:5967:6b25:361b:3769:71f6/8 Scope:Global
> inet6 addr: fe80::7800:97ff:fe42:4145/64 Scope:Link
> inet6 addr: 117c:cbc0:cc30:416b:b16c:978b:b34b:1bae/8 Scope:Global
> inet6 addr: 11f4:eb4d:9dcd:5f41:8cb7:bdb7:a167:4d51/8 Scope:Global
> inet6 addr: 1180:9fd0:c981:8427:9c0e:5ae4:a17a:764b/8 Scope:Global
> UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:151 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:17386 (16.9 KiB)
>
> ifconfig dummy0 Host2
>
> dummy0 Encapsulamento do Link: Ethernet Endereço de HW 66:3E:E0:2D:B2:AD
> inet end.: 1.7.93.198 Bcast:0.0.0.0 Masc:255.255.255.255
> endereço inet6: fe80::643e:e0ff:fe2d:b2ad/64 Escopo:Link
> endereço inet6: 1137:8397:73bc:924:ff26:f9fc:2f07:5dc6/8
> Escopo:Global
> endereço inet6: 117b:305a:99c1:975a:b205:5a8c:148b:4395/8
> Escopo:Global
> endereço inet6: 1145:7ff3:f138:3020:66a5:1ea3:6070:d0a4/8
> Escopo:Global
> endereço inet6: 1131:4459:1440:cb84:5c58:ab33:4a41:c0e2/8
> Escopo:Global
> UP BROADCASTRUNNING NOARP MTU:1500 Métrica:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:108 errors:0 dropped:0 overruns:0 carrier:0
> colisões:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:8808 (8.6 KiB
>
> (This host is in portuguese but i think it's understandable)
>
> I'll send the output of both daemons as an attachment.
Thanks. The output of the daemons seems to show only when they are
started. After they are started, you need to run e.g. at the initiator:
ritsa:/home/mkomu/projects/hipl--main--2.6# tools/hipconf add map
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2 3ffe::3
info(hipconf.c:294@handle_map): action=1 optc=2
This will cause something to happen at the hipd:
debug(hipd.c:605@main): Receiving user message.
debug(builder.c:931@hip_check_userspace_msg): hep
debug(hadb.c:266@hip_hadb_add_peer_info): CALLED hip_hadb_add_peer_info
debug(debug.c:430@hip_print_hit): HIT:
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2
...
debug(hadb.c:246@hip_hadb_insert_state): New state added
debug(hadb.c:615@hip_hadb_add_peer_addr): SPI is 0, set address as the bex
address
debug(nlink.c:567@hip_iproute_get):
debug(debug.c:430@hip_print_hit): dst addr ::
3ffe:0000:0000:0000:0000:0000:0000:0003
error(nlink.c:993@parse_rtattr): !!!Deficit len 28, rta_len=0
debug(debug.c:430@hip_print_hit): src:
3ffe:0000:0000:0000:0000:0000:0000:0002
debug(hadb.c:308@hip_hadb_add_peer_info): Source address found
debug(hadb.c:325@hip_hadb_add_peer_info): HA: 0x8082cb0, refcnt
decremented to: 1
now if we look the IPsec configuration, it seems like this:
ritsa:/home/mkomu/projects/hipl--userspace--2.6# setkey -D
No SAD entries.
ritsa:/home/mkomu/projects/hipl--userspace--2.6# setkey -DP
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2[any]
11a9:dc24:558d:b35d:97f7:43f4:1d51:e8cc[any] any
Policy:[Invalid ipsec protocol]
created: Apr 11 19:09:08 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=208 seq=1 pid=5314
refcnt=1
11a9:dc24:558d:b35d:97f7:43f4:1d51:e8cc[any]
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2[any] any
Policy:[Invalid ipsec protocol]
created: Apr 11 19:09:08 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=217 seq=0 pid=5314
refcnt=1
The next thing is to ping the peer's HIT:
ritsa:/home/mkomu/projects/hipl--main--2.6# ping6
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2
PING
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2(11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2)
56 data bytes
64 bytes from 11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2: icmp_seq=1 ttl=64
time=19.4 ms
64 bytes from 11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2: icmp_seq=2 ttl=64
time=8.73 ms
64 bytes from 11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2: icmp_seq=3 ttl=64
time=7
This will cause the following output at initiator's hipd:
...
debug(input.c:1781@hip_handle_r2): Reached ESTABLISHED state
and now the IPsec SP/SAs look like this:
ritsa:/home/mkomu/projects/hipl--userspace--2.6# setkey -DP
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2[any]
11a9:dc24:558d:b35d:97f7:43f4:1d51:e8cc[any] any
Policy:[Invalid ipsec mode]
created: Apr 11 19:11:23 2006 lastused: Apr 11 19:11:24 2006
lifetime: 0(s) validtime: 0(s)
spid=224 seq=1 pid=5319
refcnt=2
11a9:dc24:558d:b35d:97f7:43f4:1d51:e8cc[any]
11c9:dcbd:f4d5:ff98:5f82:8344:e1eb:bce2[any] any
Policy:[Invalid ipsec mode]
created: Apr 11 19:11:23 2006 lastused: Apr 11 19:11:24 2006
lifetime: 0(s) validtime: 0(s)
spid=233 seq=0 pid=5319
refcnt=3
ritsa:/home/mkomu/projects/hipl--userspace--2.6# setkey -D
3ffe::3 3ffe::2
esp mode=3 spi=104406343(0x06391d47) reqid=0(0x00000000)
E: aes-cbc 601b24b1 5b4f09bf 9bfd280b 85caa8be
A: hmac-sha1 e60ecb4b fe189f6c 0178d69a 0fc82201 d84e02bc
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Apr 11 19:11:23 2006 current: Apr 11 19:12:29 2006
diff: 66(s) hard: 0(s) soft: 0(s)
last: Apr 11 19:11:23 2006 hard: 0(s) soft: 0(s)
current: 128(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 2 hard: 0 soft: 0
sadb_seq=1 pid=5320 refcnt=0
3ffe::2 3ffe::3
esp mode=3 spi=606981997(0x242dcf6d) reqid=0(0x00000000)
E: aes-cbc b1c13886 c9f81878 c9ed8d18 b59b2809
A: hmac-sha1 c1b36916 00f5a308 cd6dd13d 86b1f358 e055403d
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Apr 11 19:11:23 2006 current: Apr 11 19:12:29 2006
diff: 66(s) hard: 0(s) soft: 0(s)
last: Apr 11 19:11:23 2006 hard: 0(s) soft: 0(s)
current: 312(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 2 hard: 0 soft: 0
sadb_seq=0 pid=5320 refcnt=0
Can you try this again, maybe there was something new information in my
previous example? Also, make sure that you have not yet compiled the
code with rvs support:
rm config.log && ./configure && make clean all
Remember that you don't need to add mappings at the both sides.
In the case that you still have some problems, I'd like to see also the
output of hipd and "setkey -D; setkey -DP" after "hipconf add
map" and after pinging. Thanks!
--
Miika Komu miika@xxxxxx http://www.iki.fi/miika/
Other related posts:
