[hipl-users] Re: This connection is insecure. Please enable HIP - Binaries test problem

  • From: Miika Komu <miika.komu@xxxxxxx>
  • To: hipl-users@xxxxxxxxxxxxx
  • Date: Fri, 10 Apr 2009 01:00:12 +0300

Miika Komu wrote:

Hi,

I installed HIPL from scratch to a fresh installation of Ubuntu Intrepid and tried to connect to "crossroads.infrahip.net". I discovered that dnsproxy had a bug in returning the HIT from DHT (last zero was missing). I didn't experience this problem on my workstation because I had a different hosts file configuration there. This bug is fixed on hipl 1.0.4-25, but I am not sure if it helps you?

Happy Easter!

Philippe Foubert wrote:

Hi,

I have tried to repeat your problem but unable to do so. Currently, I am not sure anymore what the problem exactly is. So, few more questions:

* Can you repeat anymore the case where dnsproxy got stuck?
* How long is the timeout now?
* Does the browser eventually connect to crossroads? Check "hipconf get ha all" output.

Thanks for you patience. Have a nice weekend.

Hi,

Ok now my dnsproxy does not look stuck anymore.
But it gives me as results : *"Entry not found at DHT Gateway"*

And then my HIPD gives me : *"Failed to map ID to IP"*
Screenshot -> http://foubertphilippe.free.fr/eurecom/Problem_dnsproxy.png

Does it help you ?
have a nice week end

Philippe Foubert wrote:
how long was the timeout roughly?
-> To be precise (:D) the timeout happened after every 3 min and 10 seconds.

Hi,

Here is the screenshot of my DNSProxy printing results :
http://foubertphilippe.free.fr/eurecom/New_test_printing_results_dnsproxy.py.JPG

We don't see it on the screenshot, but after a while (I guess after a time-out) I have one more line written down :
*"Connection to the DHT gateway did not succeed."*
I have difficulties to understand what's wrong even with the verbose mode ...

An idea ?

Miika Komu wrote:
Philippe Foubert wrote:

Hi,

sorry, please add just one tab on the line so that "print" aligns with "start".

Hi,

1) Results of "ls -ld /usr/sbin/hipconf /usr/local/sbin/hipconf "
*root@drucifer-desktop:/etc# ls -ld /usr/sbin/hipconf /usr/local/sbin/hipconf
ls: cannot access /usr/local/sbin/hipconf: No such file or directory
-rwxr-xr-x 1 root root 425430 2009-03-26 17:46 /usr/sbin/hipconf
*
2) Sorry but when I add the line in "/usr/lib/python2.5/site-packages/hipdnsproxy/dnsproxy.py" you suggested me in your previous mail in order to print results, I have this error. Sorry I'm bad at python so I'm supposed to 'recompile' the file ? or just modify it and launch it as executable again ?

*root@drucifer-desktop:/etc# /usr/lib/python2.5/site-packages/hipdnsproxy/dnsproxy.py File "/usr/lib/python2.5/site-packages/hipdnsproxy/dnsproxy.py", line 431
   print result
       ^
IndentationError: expected an indented block*

Thanks for your patience too :D
Philippe



Miika Komu wrote:
Philippe Foubert wrote:

Hi,

it's bizzarre that the same system command works from command line but stalls when executed using a pipe in the dnsproxy. Anyway, let's narrow it further down using two steps.

1) Please show me the output of:

   ls -ld /usr/sbin/hipconf /usr/local/sbin/hipconf

2) Modify dnsproxy again and try to connect to crossroads:

    def dht_lookup(gp, nam):
        gp.fout.write("DHT look up\n")
        cmd = "hipconf dht get " + nam + " 2>&1"
        gp.fout.write("Command: %s\n" % (cmd))
        p = os.popen(cmd, "r")
        result = p.readline()
        while result:
        print result # <============ add this line
            start = result.find("2001:001")
            end = result.find('\n') -1
            if start != -1 and end != -1:
                return result[start:end]
            result = p.readline()
        return None

Thanks for your patience.

Hi,

The following command :
*hipconf dht get 2001:1b:a9be:c6a6:34e5:8361:c07f:a990
*Does not work. I got a time-out with this message :
"Connection to the DHT gateway did not succeed "
_Screenshot :_ http://foubertphilippe.free.fr/eurecom/Hipconf_dht_get_ipv6_failure

Whereas :
*hipconf get ha all
*and
*hipconf get hi all *
are working...

Philippe


Miika Komu wrote:
Philippe Foubert wrote:

Hi,

Hi,

First of all thanks for your answer.
I join you to this email some screenshots of what's going on on my
machine while trying to connect to crossroads.infrahip.net.

http://foubertphilippe.free.fr/eurecom/Dnsproxy_verbose_mode.png
http://foubertphilippe.free.fr/eurecom/HIP_daemon_starting_problem.png
http://foubertphilippe.free.fr/eurecom/hip_binary_problem.png
http://foubertphilippe.free.fr/eurecom/HIPD_problem.png

We can see in "hip_binary_problem.png" there is a Error in 'misc.c'
saying that it can't map ID to hostname ...
On the picture I sent you "HIPD_problem.png" after a little moment, we
can see another error "OpenDHT connect : Connection timed out"

can you invoke the following command from the command line and tell me what it outputs:

hipconf dht get 2001:1b:a9be:c6a6:34e5:8361:c07f:a990

Moreover, There is this mysterious IPv4 address (193.167.187.149, name 'aeris' ?) appearing many times in my HIP daemon. It is nor Felwood,
nor Crossroads or ashenvale.

It is our free DNS service to map HITs to IP addresses. You can disable it from /etc/hip/hipd_config if you want to, but I believe it's not the problem you are experiencing.

Do you see something wrong with my screenshots by any chance ?
d
Thanks for screenshots, they were helpful, but I still need more information. Particularly, I am really puzzled why hipconf does not time out because I just recently added this feature.

Thanks.
Philippe

Quoting Miika Komu <miika.komu@xxxxxxx>:

Philippe Foubert wrote:

Hi,

some more clarifications on dnsproxy below.

Hi,

I am still unsuccessful with the binaries test.

To remove the possibility that it could come from the fact I'm not using exactly the same distribution version, I installed a machine from scratch with Ubuntu 8.10 i386. On this machine, I just updated the /etc/apt/sources.list file and "apt-get install hipl-all". The packages installation has been successful.

I rebooted the machine. At boot, I have these following services started automatically and in background :
- /usr/sbin/hipfw -bklpF
- /usr/sbin/hipd -bk
- python /usr/lib/python2.5/site-packages/hipdnsproxy/dnsproxy.py -bk
- sh -c hipconf dht get ntp.ubuntu.com 2>&1
- hipconf dht get ntp.ubuntu.com

In a previous answer, you told me to kill 'stuck' hipconf processes. Every time I try to kill one of the two hipconf process, they are immeditaly recreated (with another PID). I figured out that they are controlled by the service HIPDNSPROXY.

hipconf shouldn't get stuck anymore even when hipd is busy with
something else, but it is difficult to anticipate all conditions on different operating environments. You can try the following to see if
hipd is unresponsive:

  strace -p `pidof hipd`

I have experienced unix path related problems with hipconf with dual installations (dpkg -i hipl-tools and "make install"). However, you said that you installed from scratch, so probably this isn't the reason?

Btw, what does "hipconf get ha all" tell you after you have tried to
connect to crossroads?

Moreover, when Hipdnsproxy service is running, it's playing with my DNS address (/etc/resolv.conf file) When it is running, it replaces my default DNS by "nameserver 127.0.0.53" So then when I open Firefox and try to access "crossroads.infrahip.net", it is trying to connect until the timeout of Firefox arrives and I get the error : "Server not found". Which is logical, since hipdnsproxy changes my DNS I don't know it is supposed to translate Crossroads URL into an IP address .... If during this manipulation, I stop the service Hipdnsproxy (-> /etc/init.d/hipdnsproxy stop) Immediatly my file "/etc/resolv.conf" comes back to my good DNS and I get here the blue page in Firefox with "This connection is insecure. Please enable HIP".

This is how dnsproxy is intended to behave. It replaces returns HITs when it discovers HIP-related records from hosts files or DNS. The
dnsproxy is basically a workaround because we don't have HIP
modifications in the official glibc yet :/

HIPL supports a number of other ways of using HIP as instructed in the manual. However, I'd hope we can get the dnsproxy working for you
because it's IMHO the most convenient way.

Dnsproxy doesn't support yet setting of verbose debugging dynamically on, so I uncommented some debugging lines and put a modified version of dnsproxy to web. Can you execute the following on your machine and send
me the output:

shell 1:
  wget http://infrahip.hiit.fi/hipl/temp/dnsproxy.py
  sudo /etc/init.d/hipdnsproxy stop
  sudo ./dnsproxy.py
shell 2:
  dig crossroads.infrahip.net

Thanks and have a nice weekend.

I tried to test the binaries on three different machines and I always get the same behavior, the same result. Am I missing one step ? Am I doing one thing wrong ? Isn't it supposed to work directly ?

Thanks for your support
Philippe Foubert



Miika Komu wrote:
Philippe Foubert wrote:

Hi,

we have some problems with our Bamboo DHT installation. There is a hipconf command stuck on your ps output trying to do look up via DHT. Crossroads can be found from DNS, so DHT is optional anyway.

I rolled new binaries that timeout hipconf when there is no response. Please try if they work better for you. Remember to kill the stuck hipconf processes or reboot the machine.

Hi all,

I'm still stuck on the "HIP binaries test" :-|
While I'm trying to access "crossroads.infrahip.net" via my firefox web browser, I always have as result : "This connection is insecure. Please enable HIP"

My config :
- Ubuntu 7.10 i386
- Want to use HIPL only in User-Space
- HIPL version installed : 1.0.4-19 (18th march 2009)

I installed all IPL debian packages following this tutorial -> http://infrahip.hiit.fi/index.php?index=download The installation went well. I have all the binaries and deamons look like running perfectly in background :

>>root@knoppal-desktop:~# ps -elf | grep -i hip
5 S nobody 5571 1 0 78 0 - 1380 - 11:29 ? 00:00:00 /usr/sbin/hipfw -bklpF 5 S nobody 5655 1 0 78 0 - 5607 - 11:29 ? 00:00:00 /usr/sbin/hipd -bk 5 S root 5874 1 0 78 0 - 1610 pipe_w 11:30 ? 00:00:00 python /usr/lib/python2.5/site-packages/hipdnsproxy/dnsproxy.py -bk 0 S root 5936 5874 0 77 0 - 438 wait 11:30 ? 00:00:00 sh -c hipconf dht get ntp.ubuntu.com 2>&1 4 S root 5937 5936 0 78 0 - 1267 415434 11:30 ? 00:00:00 hipconf dht get ntp.ubuntu.com 0 R root 6296 6282 0 78 0 - 743 - 11:31 pts/0 00:00:00 grep -i hip

But despite the fact that everything looks Ok according to the HIPL user Manual, I still have the error message in firefox when I try to connect to "crossroads.infrahip.net". I have no idea how to go on. How to debug. How can I check what part is going wrong ?

Thanks a lot in advance for your help.
Philippe Foubert











-------------------------------------------------------------------------------
This message was sent using Institut Eurecom Webmail:
http://webmail.eurecom.fr




































Other related posts: