You need to modify your kernel and install HIPL userspace software along with its dependencies in order to run HIP. You can patch your kernel by installing the binary kernel images (Ubuntu and Fedora) from here: http://hipl.hiit.fi/hipl/release/. The binary kernel images are based on vanilla kernel and therefore do not include any proprietary drivers or firmware images. As a result, you may have to install software for your WLAN interface manually.
This section describes how to build a custom kernel image with HIP-related patches and how to build the HIPL userspace software manually. If you don't want to build the HIPL software manually, you can install the userspace binary images from the release. Before reporting any bugs with last release, please build the bleeding edge software from the source because your issue may have been already resolved there.
As the first requirement, you also need know the basics on Linux kernel compilation and usage. Refer to linux/README for further instructions.
You need the following software to build and run the HIPL software bundle:
Mandatory:
Linux Operating System
OpenSSL-library and developer headers
libxml2 and its development headers for OpenDHT support
GNU make
the latest versions of autoconf, automake, autoreconf and libtool
iproute
gtk2 library and development headers
Check that you DON'T have libpthread-dev installed (Ubuntu/debian) because at least in Ubuntu Feisty it messes up the compilation.
Optional Software Requirements:
A BEET patched Linux 2.6 kernel with the modules listed in Chapter 4, Compiling the Kernel. Otherwise, you can use userspace ipsec.
iputils-ping (or netkit-ping): ping, ping6
ipsec-tools: setkey
ip6tables userspace tools and IPv6 netfilter in the kernel (for the HIP firewall only)
iptables development headers (HIP firewall)
glib (www.gtk.org) and development headers (HIP firewall)
netcat6
latex, dvips, dvipdf, fig2dev, doxygen (for building the HIPL source code documentation)
java compiler for "jip" (java hip resolver) if you want to build HIP enabled java programs
Network Requirements
Make sure that the end-host firewall does not block HIP and ESP traffic (try "iptables -L") or otherwise you won't get any traffic through. As a workaround, you try enabling the NAT mode at the end-host.
Make sure that a middlebox is not blocking HIP traffic. If there is firewall between the machines, it might have been configured to block HIP or ESP traffic. If there is a NAT between the machines, it might also be blocking traffic. Either make sure that the middlebox allows HIP and ESP traffic, or you can try enabling the NAT mode at the end-host.
As an example, this was what was required to type in Ubuntu Gutsy Gibbon for compiling the kernel and userspace software:
apt-get install bazaar libncurses5-dev kernel-package autoreconf automake autoconf libtool g++ libgtk2.0-dev libssl-dev libxml2-dev xmlto doxygen iproute netcat6 iptables-dev libcap-dev libsqlite3-dev uuid-dev
On Fedora 8: yum install bazaar openssl-devel libxml2-devel autoconf automake libtool iproute gtk2-devel xmlto doxygen iptables-devel libcap-devel sqlite-devel uuid-devel
On 64-bit Fedora 8, ln -s /usr/lib64/libipq.a /usr/lib/libipq.a was necessary. This has not been fixed in the HIPL build properly yet.
You should allow also HIP related traffic in your firewall. For example:
iptables -A INPUT -p 139 -j ACCEPT
iptables -A OUTPUT -p139 -j ACCEPT
iptables -A INPUT -p udp --sport 50500 -j ACCEPT
iptables -A OUTPUT -p udp --dport 50500 -j ACCEPT
iptables -A INPUT -p 50 -j ACCEPT
iptables -A OUTPUT -p 50 -j ACCEPT
ip6tables -A INPUT -s 2001:0010::/28 -d 2001:0010::/28 -j ACCEPT
ip6tables -A OUTPUT -s 2001:0010::/28 -d 2001:0010::/28 -j ACCEPT
The last two rules basically allow the whole orchid namespace. You can set up more specific rules for HITs or use the hipfw to filter traffic (as explained in a later section).