Chapter 6. Testing a HIP connection between two locally connected hosts

You can test HIP with any networking application, but in this section we will demonstrate few development-oriented test applications. Here we assume two machines called crash (3ffe::1) and oops (3ffe::2) that in the same network. They are used through this whole document as examples even though you probably have your own naming and addressing conventions. It is possible to use IPv4 addresses on-wire as well but the applications being used need to support IPv6 currently.

We expect that you have two hosts for testing HIP which will be referred to as "crash" and "oops". You should run these commands in the testing hosts as root. conntest-client-gai and conntest-server can also be run as a non-root user, with conntest-server using port numbers less than 1024 still requires root privileges.

oops:

Crash will act as the connection initiator, so we need to configure the hosts files of crash (note: use of IPv4 addresses is also possible):

crash:

This will setup a HIP connection between the two hosts (it may take a while if you are using virtual machines). You should replace HIT_OF_XXX with the HIT of the host XXX. The hip daemon loads (and creates if necessary) the host identities from /etc/hip automatically. If you want to know the HIT of the localhost, run "hipconf get hi default". To avoid routing problems especially with UDP, it is highly recommend to use the default HIT of the machine! You can list all HITs of the machine with "hipconf get hi all", but it is safe to use the optional HITs only with TCP connections!

Mappings between HITs and IP addresses are usually set up automatically with the hosts files. Manual configuration is also possible but not necessary:

tools/hipconf add map PEER_HIT PEER_IP

You can also add the mapping to "/etc/hip/hipd_config" and restart hipd. It is also possible to use DNS or OpenDHT (Chapter 20, OpenDHT Support (Experimental!)) for the mappings.

Link local IPv6 addresses are not supported well, so do not use them. Use global IPv6 addresses instead for testing. The reason for this is that it is hard to know if the peer belongs to the same local network as we are or not.

The log messages displayed by the hip daemon can be changed dynamically:

tools/hipconf debug none # <only HIP_DIE messages are shown>

tools/hipconf debug medium # <shows HIP_DIE, HIP_ERROR and HIP_INFO messages>

tools/hipconf debug all # <shows all messages, including HIP_DEBUG>

These options can be also set in "/etc/hip/hipd_config" to configure hipd and other libraries at startup.

See the log messages for information about the result of HIP base exchange and USAGI IPSec negotiation. Tcpdump or ethereal are good tools for dumping the network traffic during the base exchange. For tcpdump, you can use "tcpdump -n -i any esp or proto 253 or port 50500" to catch HIP-only traffic.

There is also a program called "hipsetup" in "hipl/test" directory for quick testing of the base exchange. Run it without arguments to see how it is used.

It should be noticed that starting a new hipd process automatically kills the previous one.