[hipl-users] Re: This connection is insecure. Please enable HIP - Binaries test problem

  • From: Miika Komu <miika.komu@xxxxxxx>
  • To: hipl-users@xxxxxxxxxxxxx
  • Date: Tue, 31 Mar 2009 16:07:37 +0300

Philippe Foubert wrote:


it's bizzarre that the same system command works from command line but stalls when executed using a pipe in the dnsproxy. Anyway, let's narrow it further down using two steps.

1) Please show me the output of:

   ls -ld /usr/sbin/hipconf /usr/local/sbin/hipconf

2) Modify dnsproxy again and try to connect to crossroads:

    def dht_lookup(gp, nam):
        gp.fout.write("DHT look up\n")
        cmd = "hipconf dht get " + nam + " 2>&1"
        gp.fout.write("Command: %s\n" % (cmd))
        p = os.popen(cmd, "r")
        result = p.readline()
        while result:
            print result # <============ add this line
            start = result.find("2001:001")
            end = result.find('\n') -1
            if start != -1 and end != -1:
                return result[start:end]
            result = p.readline()
        return None

Thanks for your patience.


The following command :
*hipconf dht get 2001:1b:a9be:c6a6:34e5:8361:c07f:a990
*Does not work. I got a time-out with this message :
"Connection to the DHT gateway did not succeed "
_Screenshot :_ http://foubertphilippe.free.fr/eurecom/Hipconf_dht_get_ipv6_failure

Whereas :
*hipconf get ha all
*hipconf get hi all *
are working...


Miika Komu wrote:
Philippe Foubert wrote:



First of all thanks for your answer.
I join you to this email some screenshots of what's going on on my
machine while trying to connect to crossroads.infrahip.net.


We can see in "hip_binary_problem.png" there is a Error in 'misc.c'
saying that it can't map ID to hostname ...
On the picture I sent you "HIPD_problem.png" after a little moment, we
can see another error "OpenDHT connect : Connection timed out"

can you invoke the following command from the command line and tell me what it outputs:

hipconf dht get 2001:1b:a9be:c6a6:34e5:8361:c07f:a990

Moreover, There is this mysterious IPv4 address (, name
'aeris' ?) appearing many times in my HIP daemon. It is nor Felwood,
nor Crossroads or ashenvale.

It is our free DNS service to map HITs to IP addresses. You can disable it from /etc/hip/hipd_config if you want to, but I believe it's not the problem you are experiencing.

Do you see something wrong with my screenshots by any chance ?

Thanks for screenshots, they were helpful, but I still need more information. Particularly, I am really puzzled why hipconf does not time out because I just recently added this feature.


Quoting Miika Komu <miika.komu@xxxxxxx>:

Philippe Foubert wrote:


some more clarifications on dnsproxy below.


I am still unsuccessful with the binaries test.

To remove the possibility that it could come from the fact I'm not using exactly the same distribution version, I installed a machine from scratch with Ubuntu 8.10 i386. On this machine, I just updated the /etc/apt/sources.list file and "apt-get install hipl-all". The packages installation has been successful.

I rebooted the machine. At boot, I have these following services started automatically and in background :
- /usr/sbin/hipfw -bklpF
- /usr/sbin/hipd -bk
- python /usr/lib/python2.5/site-packages/hipdnsproxy/dnsproxy.py -bk
- sh -c hipconf dht get ntp.ubuntu.com 2>&1
- hipconf dht get ntp.ubuntu.com

In a previous answer, you told me to kill 'stuck' hipconf processes. Every time I try to kill one of the two hipconf process, they are immeditaly recreated (with another PID).
I figured out that they are controlled by the service HIPDNSPROXY.

hipconf shouldn't get stuck anymore even when hipd is busy with
something else, but it is difficult to anticipate all conditions on
different operating environments. You can try the following to see if
hipd is unresponsive:

  strace -p `pidof hipd`

I have experienced unix path related problems with hipconf with dual
installations (dpkg -i hipl-tools and "make install"). However, you
said that you installed from scratch, so probably this isn't the reason?

Btw, what does "hipconf get ha all" tell you after you have tried to
connect to crossroads?

Moreover, when Hipdnsproxy service is running, it's playing with my DNS address (/etc/resolv.conf file) When it is running, it replaces my default DNS by "nameserver" So then when I open Firefox and try to access "crossroads.infrahip.net", it is trying to connect until the timeout of Firefox arrives and I get the error : "Server not found". Which is logical, since hipdnsproxy changes my DNS I don't know it is supposed to translate Crossroads URL into an IP address .... If during this manipulation, I stop the service Hipdnsproxy (-> /etc/init.d/hipdnsproxy stop) Immediatly my file "/etc/resolv.conf" comes back to my good DNS and I get here the blue page in Firefox with "This connection is insecure. Please enable HIP".

This is how dnsproxy is intended to behave. It replaces returns HITs
when it discovers HIP-related records from hosts files or DNS. The
dnsproxy is basically a workaround because we don't have HIP
modifications in the official glibc yet :/

HIPL supports a number of other ways of using HIP as instructed in the
manual. However, I'd hope we can get the dnsproxy working for you
because it's IMHO the most convenient way.

Dnsproxy doesn't support yet setting of verbose debugging dynamically
on, so I uncommented some debugging lines and put a modified version of
dnsproxy to web. Can you execute the following on your machine and send
me the output:

shell 1:
  wget http://infrahip.hiit.fi/hipl/temp/dnsproxy.py
  sudo /etc/init.d/hipdnsproxy stop
  sudo ./dnsproxy.py
shell 2:
  dig crossroads.infrahip.net

Thanks and have a nice weekend.

I tried to test the binaries on three different machines and I always get the same behavior, the same result. Am I missing one step ? Am I doing one thing wrong ? Isn't it supposed to work directly ?

Thanks for your support
Philippe Foubert

Miika Komu wrote:
Philippe Foubert wrote:


we have some problems with our Bamboo DHT installation. There is a hipconf command stuck on your ps output trying to do look up via DHT. Crossroads can be found from DNS, so DHT is optional anyway.

I rolled new binaries that timeout hipconf when there is no response. Please try if they work better for you. Remember to kill the stuck hipconf processes or reboot the machine.

Hi all,

I'm still stuck on the "HIP binaries test" :-|
While I'm trying to access "crossroads.infrahip.net" via my firefox web browser, I always have as result : "This connection is insecure. Please enable HIP"

My config :
- Ubuntu 7.10 i386
- Want to use HIPL only in User-Space
- HIPL version installed : 1.0.4-19 (18th march 2009)

I installed all IPL debian packages following this tutorial -> http://infrahip.hiit.fi/index.php?index=download The installation went well. I have all the binaries and deamons look like running perfectly in background :

>>root@knoppal-desktop:~# ps -elf | grep -i hip
5 S nobody 5571 1 0 78 0 - 1380 - 11:29 ? 00:00:00 /usr/sbin/hipfw -bklpF 5 S nobody 5655 1 0 78 0 - 5607 - 11:29 ? 00:00:00 /usr/sbin/hipd -bk 5 S root 5874 1 0 78 0 - 1610 pipe_w 11:30 ? 00:00:00 python /usr/lib/python2.5/site-packages/hipdnsproxy/dnsproxy.py -bk 0 S root 5936 5874 0 77 0 - 438 wait 11:30 ? 00:00:00 sh -c hipconf dht get ntp.ubuntu.com 2>&1 4 S root 5937 5936 0 78 0 - 1267 415434 11:30 ? 00:00:00 hipconf dht get ntp.ubuntu.com 0 R root 6296 6282 0 78 0 - 743 - 11:31 pts/0 00:00:00 grep -i hip

But despite the fact that everything looks Ok according to the HIPL user Manual, I still have the error message in firefox when I try to connect to "crossroads.infrahip.net". I have no idea how to go on. How to debug. How can I check what part is going wrong ?

Thanks a lot in advance for your help.
Philippe Foubert

This message was sent using Institut Eurecom Webmail:

Other related posts: