HIPL 1.0.4 Release Notes ======================== 4.1.2008 by Miika Komu Supported features ------------------ The following features are supported in the precompiled binaries: * Base exchange (with and without rendezvous) * Based exchange using opportunistic mode * Base exchange fallback optimization using TCP options (experimental, disabled by default) * Simple mobility * HIT or public-key based access control using HIP firewall * Python-based web interface to HIP firewall (depracated) * Bamboo DHT support to look up hostnames, HITs and addresses * Hi3 support * Registration support (including rvs and relay) * HIP proxy * Userspace ipsec for legacy systems * Daemon privilege downgrade * Library and system-based opportunistic mode (experimental) for applications * LSI support * Multiple identities (experimental, disabled by default) * IPsec heartbeat support (experimental, disabled by default) * Locator and interfamily handover support for base exchange (experimental) * Changing of ESP transform order * HIT-to-IP lookup using DNS (domain specific) * Graphical user interface with access control support (experimental and not available on maemo platform in this release) * Experimental buddy extensions for the GUI * HI resource record support for DNS * Public key to HI record conversion * DNS proxying support (to intercept and inject LSIs and HITs to apps) * Showip firefox plugin (currently depracted) * Native API support for C- and java-based applications * PFKEY (experimental) and XFRM based access to IPsec * Patches for ethereal and tcpdump * Some command line testing tools with integrated HIP support The following features are supported, but require recompilation from the sources: * Puzzle indexing without IP addresses * Blind mode for base exchange * Alternative privilege separation (for maemo and openwrt) * Gprof profiling * Support for older linux kernels * Maemo compilation (enabled only in maemo builds) * Certificate support * Experimental key escrow extensions (depracated) * Experimental sava extensions (work in progress) * OpenWRT wlan access point port Release contents ---------------- This release contains HIPL binary packages for Ubuntu, Fedora and Nokia Tablets (maemo). As the latest Fedora and Ubuntu distributions support BEET ESP, we are not providing separate precompiled kernels anymore. If you want to use the native API, you will have to patch and precompile the kernel by yourself. No live/installation media in this release. Distribution independent sources: * noarch (vanilla kernel and hipl software tarball) Ubuntu intrepid packages for i386 and amd64: * 32-bit packages: deb/i686 * 64-bit packages: deb/amd64 Fedora 9 and 10 and CentOS 5.2 packages for i386 and amd64: * 32-bit packages: rpm/i686 * 64-bit packages: rpm/amd64 Nokia Tablet N810 (diablo) packages: * deb/maemo-armel Installation ------------ Notice: hipl-all installs the following packages: * hipl-lib * hipl-daemon * hipl-firewall * hipl-agent * hipl-dnsproxy * hipl-doc * hipl-test * hipl-tools The following installation steps have to be run as root: Ubuntu Intrepid: 1. edit /etc/apt/sources.list 2. add the following line to the end of the file: deb http://packages.infrahip.net/ubuntu/ intrepid main 3. run: apt-get update 4. run: apt-get install hipl-all Fedora 9, 10 and CentOS 5.2: 1. edit /etc/yum.conf 2. add the following lines to the end of the file [hipl] name=HIPL baseurl=http://packages.infrahip.net/fedora/base/$releasever/$basearch gpgcheck=0 enabled=1 3. run: yum install hipl-all 4. CentOS only: edit /etc/init.d/hipfw and add "i" to the OPTIONS variable: OPTIONS="-bklpFi" 5, CentOS only: restart hipfw: /etc/init.d/hipfw restart Nokia tablet N810 (maemo diablo): 1. In the Application Manager's menu, open: Tools -> Application Catalogue 2. Add a new catalogue with the following information: Catalogue name: HIPL Web address: http://packages.infrahip.net/maemo Distribution: diablo Components: main Disabled: 3. From the Application Manager, install the following packages: * hipl-lib, * hipl-daemon, * hipl-firewall * hipl-dnsproxy * hipl-test * hipl-tools Check out also maemo instructions from here (partially depracated): http://hipl.hiit.fi/MERCoNe/ Known bugs and missing features/improvements in this release ------------------------------------------------------------ See the .csv file for full list of open bugs and feature requests. See the below link for the current state of the latest version: http://hipl.hiit.fi/bugzilla The HOWTO is here, please check it first if you have troubles in using the software: http://infrahip.hiit.fi/hipl/manual/index.html Before reporting any new bugs for this release, please make sure that.. i. your linux distribution is the latest one ii. you are tracking the right distibution version in yum/apt configuration iii. you are using the latest version of the HIPL software Below are instructions for upgrading the HIPL software bundle on Ubuntu, Fedora and maemo distributions: Ubuntu: 1. run: apt-get update 2. run: apt-get install hipl-all Fedora and CentOS: 1. run: yum update hipl-all Nokia Tablets: 1. run: apt-get update 2. run: apt-get install hipl-all To report a bug, please subscribe to the hipl-users mailing list and report the bug there: http://www.freelists.org/list/hipl-users Release versions ---------------- The version number of this release is 1.0.4. 1.0.0 = hipl--main--2.6--patch-123 1.0.1 = hipl--main--2.6--patch-181 1.0.2 = hipl--main--2.6--patch-253 1.0.3 = hipl--main--2.6--patch-309 1.0.4 = hipl--main--2.6--patch-406 Interoperability Summary ------------------------ This version has not been interoperated. Differences to previous release ------------------------------- 2009-01-04 hipl--main--2.6--patch-406 * Nsupdate code fixes from Oleg Ponomarev and Miika Komu * Daemon loopback UDP port changed by Miika * RPM and DEB packaging improvements by Miika * Bug ids 603, 679, 681, 694, 699, 703, 707, 714, 716 by Miika * LSI caching improvements by Blerta Bishaj * Updates to the manual and HACKING by Miika * Java-based native API works again (by Artturi Karila) * Dnsproxy bug fixes compatibility with dnsmasq and resolvconf by Miika and Antti Louko * Hi3 is not built in anymore (Joakim Koskela) * Uuid dependency removed and alternative priviledge separation mode by Joakim * Maemo packaging bug fixes by Joakim * Opportunistic mode bug fixes by Blerta * Linux kernel 2.6.26 patch added by Joakim * hipconf crash with too many args bug fixes by Joakim * Maintainer info in packages updated by Miika * New wireshark patches by Dongsu Park * Nsupdate improvements from Oleg Ponomarev * OpenWRT documentation updates by Dongsu Park * DHT bug fixes from Artturi * OpenWRT portability improvements from Dongsu Park * Bug id 709 by Oleg 2008-11-24 hipl--main--2.6--patch-378 * Userspace IPsec improvements and optimizations by Rene Hummen * OpenWRT documentation improvements by Dongsu Park * Manual updates by Miika Komu, Samu Varjonen and Oleg Ponomarev * Bug fixes to HIP control packet broadcast by Miika * LSI-related bug fixes and optimizations by Blerta Bishaj and Miika * DNS-related bug fixes to libinet6 by Miika * VNC documentation in the manul by Samu * Scripts to automatize handover testing by Samu * Hipconf documentation updates by Dongsu Park * Bug ids 502, 503, 662, 666 and 668 by Miika * Teredo compatibility testing by Samu * Bug id 663 by Samu * Example configuration file updates by Blerta and Miika * Privilege dowgrade fixes by Miika, Dongsu and Joakim Koskela * Improvements to autogen.sh by Miika * Registration with opportunistic mode by Dmitriy Kuptsov * Daemontools improvements by Antti Louko * Dnsproxy improvements by Antti Louko and Blerta Bishaj * Mobility-related bug fixes to hipfw by Thomas Jansen * Bug id 646 by Blerta * Native HIP API fixes and synchronization with latest draft by Artturi Karila * Firewall caching improvements by Blerta Bishaj * DHT and GUI updates by Pardeep Maheshwaree * DHT integration and testing by Blerta * Puzzle management improvements by Blerta * Hi3 code improvements by Blerta * Experimental nsupdate extension from Oleg Ponomarev 2008-10-03 hipl--main--2.6--patch-359 * Code clean ups by Lauri Silvennoinen and Miika Komu * New wireshark patches from Samu Varjonen * Testing on Fedora by Andrei Gurtov * Testing on CentOS by Robert Moskowitz * Bug fixes on Fedora and CentOS by Miika * Integration with 2.6.26 kernels by Miika * UDP-related bug fixes by Samu and Miika * Userspace IPsec code and performance improvements and extensions by Rene Hummen * Bug fixes to LSI code by Teresa Finez and Miika * MTU improvements by Miika and Rene. For example VLC is working fully now. * Separate rulesets for hipfw by Miika * Capability-related bug fixes by Miika and Samu * Portability improvements and bug fixes for OpenWRT by Dongsu Park and Dmitriy Kuptsov * Maemo portability fixes from Andrey Khurri * HIP proxy bug fixes and code improvements by Weiwei Hu and Miika * Cerficate support for HIP by Samu * End-to-end NAT traversal bug fixes from Xiang Liu * Only single HIT is now enabled by default per host (Blerta Bishaj and Miika) * Dnsproxy packaging improvements by Miika * Larger message size for internal messages by Blerta * HIP firewall bug fixing and improvements by Dongsu, Miika, Rene, Blerta and Teresa * Dnsproxy improvements by Antti Louko * System-based opportunistic mode by Blerta and bug fixes from Miika * Heart-beat mechanism by Samu and bug fixes from Miika * LDAP/HIP documentation updates by Samu * Hipconf ESP transformation support by Samu * Bug fix to conntest-server udp handling (bug id 623) by Miika * HIP agent bug fixes by Samu and Miika * Radvd/hipfw compability fixes by Miika * HIT loopback bug fixes by Miika * Handover-improvement patch for radvd by Javier Melero * Mobility testing by Samu 2008-07-23 hipl--main--2.6--patch-338 * Bug fixes and improvements to tools/dnsproxy (it is a replacement to "hipconf run") by Antti Louko. Replaces itself automatically to resolv.conf and removes itself in exit. * Djbdns imported and patches by Antti Louko. Djbdns speeds up the DNS proxy. * Iperf multihoming patches from Dmitriy Kuptsov. * Improvements to the "opportunistic TCP" mode by Blerta Bishaj. * Improvements to the Relay, RVS and registration code by Lauri Silvennoinen. * OpenDHT/Bamboo IPv6 patch by Lu Xiaopeng * Revised wireshar patches from Samu Varen * A number of bug fixes from Thomas JansJuha Jylhakoski * Broadcast problem bug fix (id 490) by Juha Juha Jylhakoski * Deb/rpm binary compilation improvements by Juha JylhÃoski, Miika Komu and Johnny Hugh * BEET patches for linux 2.6.25/26 by Joakim Koskela * Native HIP API kernel patches by Miika Komu * Bug fixes to OpenDHT code by Samu Varjonen * UDP encapsulation changes for HIP and ESP by Miika Komu. Incompatible with previous release. * Hipconf checks now priviledges of the user. Implemented by Juha Jylhakoski and Miika Komu * Some code documentation and quality improvements (especially the test software) by Lauri Silvennoinen * Host id parameter alignments to RFC5201 by Samu Varjonen * Firewall redesigned and reimplemented by Miika Komu and Rene Hummen * HIP Proxy by Weiwei Hu * Userspace IPsec by Rene Hummen and Tao Wan * Porting fixes by Dmitriy Kuptsov and Dongsu Park * Compilation fixes by Dongsu Park * Capability 64-bit fix by Oleg Ponomarev * OpenVPN compatibility documentation by Blerta Bishaj * LSI support by Teresa Finez * Initial P2P NAT traversal support by Xiang Liu (experimental) * Updated HOWTO (Miika) * Variable length Host Identities by Artturi Karila * System information printed to logs by Artturi Karila * Priviledge downgrade for GUI and firewall by Artturi Karila * Mobility code maintenance by Samu Varjonen * Opportunistic mode support in the firewall by Blerta Bishaj * Imported pjsip project to HIPL (Miika) 2008-05-07 hipl--main--2.6--patch-320 * Iperf and nc6 multihoming patch by Dmitriy Nikolaevich Kuptsov * Advanced opportunistic mode by Blerta Bishaj * Firewall improvements by Blerta Bishaj * Clean ups to software documentation and test software by Lauri Silvennoinen * Bug id 418, 321, 384 solved (Lauri) * Relay/RVS whitelisting, cancellation and registration improvements by Lauri * IPv6 patch for OpenDHT by Lu Xiaopeng * Miscellaneous bug and compilation fixes by Thomas Jansen * Wireshark 1.0.0 HIP patches by Thomas Jansen and Samu Varjonen * Deb/rpm binary compilation improvements by Juha JylhÃoski * BEET patch for 2.6.25 by Joakim Koskela * Bug fixing to mobility by Samu Varjonen and Miika Komu * Bug id 508, 509 by Miika 2008-03-28 hipl--main--2.6--patch-317: * patches/2.6.24/orchid-router-src-addr-sel.patch helps the use of HIP in routers (Juha-Matti Tapio). * Updates in HOWTO (Miika Komu, Samu Varjonen, Antti Louko) * Deb/rpm packaging improvements (Juha JylhÃoski) * Bugfixes to mobility (Samu Varjonen) * Improvements to UDP-HIP broadcasts (Miika Komu) * A bug fix to HIP broadcasts (Juha JylhÃoski) * Internal API for triggering base exchange (Miika Komu) * Hi3 related improvements (Andrey Lukyanenko) * Python based DNS proxy reduces the need for libinet6. Can be run also at the client and server side. (Antti Louko) 2008-02-12 hipl--main--2.6--patch-314: * Updates to manual (Miika Komu) * Loopback improvements (Miika) * Firewall improvements and bug fixes (Miika, Blerta Bishaj) * HIP protocol number changed from 253 to 139 (Miika) * Kernel patches for 2.6.24 (Joakim Koskela) * Bug fixes to debugging functions (Miika Komu) * Hi3 bug fixes and handling of multiple locators (Andrey Lukyanenko) -- InfraHIP development team