[hipl-users] Re: Unsure about correct usage of HITs and dummy0 interface
- From: Miika Komu <miika@xxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Mon, 24 Apr 2006 16:53:50 +0300 (EEST)
On Mon, 24 Apr 2006, Stephen Herborn wrote:
I followed your advice but now I am stuck again and have no idea what I'm
doing wrong. I am using kernel version 2.6.16.5 with all the patches you
suggested. All the required security modules are available. 'hipd' is
executed when 'oops' and 'crash' startup. I can 'ping6 oops' from 'crash' and
vice-versa with no problem.
Try modprobing also xfrm6_tunnel and xfrm4_tunnel. I don't know if Diego
has tested BEET as a module.
On 'crash' my /etc/hip/hosts file had only the following line, which contains
one of the four HITs from oops dummy0, *picked at random* (is this correct?):
111f:e6e7:dbe5:2f67:5ff4:40f9:88fe:4c71 oops
On 'crash' my /etc/hosts file has the following line, which is the IPv6
address of oops:
2001:a:b:1::1234 oops
When I try running 'conntest-client-gai oops tcp 1111' on crash I get the
follwoing error output that I havn't seen previously:
name='oops' service='1111'
not IPv4 or IPv6 address, resolve name (!AI_NUMERICHOST)
no HIP_TRANSPARENT_API: AI_HIP set: get only HIT addresses
Dumping the structure
AF_INET6 in6_addr=0x11 1f e6 e7 db e5 2f 67 5f f4 40 f9 88 fe 4c 71
AF_INET in_addr=0x1fe4c71 (1.254.76.113)
AF_INET6 in6_addr=0x20 01 00 0a 00 0b 00 01 00 00 00 00 00 00 12 34
HIT: 111f:e6e7:dbe5:2f67:5ff4:40f9:88fe:4c71
IP: 2001:00a:000b:0001:0000:0000:0000:1234
HIP: AI_HIP set: remove IP addresses
Dumping the structure after removing IP addresses
AF_INET6 in6_addr=0x11 1f e6 e7 db e5 2f 67 5f f4 40 f9 88 fe 4c 71
Input some text, press enter and ctrl+d
Additionally if I try 'ping6 111f:e6e7:dbe5:2f67:5ff4:40f9:88fe:4c7', then
do a 'tcpdump -i dummy0' I see that the ICMP packets are going to the dummy0
interface, however when I do 'tcpdump -i eth0' i see no packets going out
onto the network.
Try running without the tcpdump? I had some problems on one host for
initiating connections when tcpdump set the interface on promiscuous mode.
Some weirdness with the raw sockets and the specific network device
handler... anyway, accepting HIP connections was fine.
Try also using the manual method:
hipconf add map 111f:e6e7:dbe5:2f67:5ff4:40f9:88fe:4c71 \
2001:00a:000b:0001:0000:0000:0000:1234
ping6 -I <select_a_source_HIT> 111f:e6e7:dbe5:2f67:5ff4:40f9:88fe:4c7
The ping6 might be selecting a different source HIT than hipd. You can see
this with "netstat -tan|grep 111f" and "ip xfrm policy" (or setkey -DP).
Please tell if this helps you? There might be some changes regarding to
routing in the latest kernel.
--
Miika Komu miika@xxxxxx http://www.iki.fi/miika/
Other related posts:
