Compiling a kernel with HIP-related patches is optional, but there are two benefits in patching your kernel. First, the IPsec protected data traffic will be faster. Second, you can use the native programming interface for HIP to implement HIP-aware applications. The drawback of patching your kernel is that it requires some expertise and possibly installing e.g. some wireless firmware images manually. As compromise, the HIPL website has some readily built images, but you may still have to install some firmware images manually. If you are unsure, you can try the userspace ipsec as described later in this manual.
If you haven't configured linux kernel before, please use the userspace ipsec instead (as described later in this document), or at least consult linux/README. We have some example configurations files in hipl/test/configs for "typical" systems. You can use one of those as a template, and modify it to suite the needs of your system. Read hipl/test/configs/README before doing so.
The 2.6 kernel series should be compilable with both gcc 2.9x and 3.x series. We recommend the latter.
Download linux kernel 2.6.x.y. Compile the kernel with at least the following options:
Legend: [*] built-in [ ] excluded <M > module < > module capable
Code maturity level options
[*] Prompt for development and/or incomplete code/drivers
Networking support ---> Networking options
<M> Unix domain sockets
[*] Transformation user configuration interface
[*] TCP/IP networking
[*] Advanced router
[*] IP: policy routing
<M> Packet socket
[*] IPsec user configuration interface
<M> PF_KEY sockets
<M> IP tunneling
[*] IPv4: IPcomp transformation
[*] IPv4: IPsec transport mode
[*] IPv4: IPsec tunnel mode
[*] IPv4: IPsec BEET mode
<M> IP: ESP transform
[*] The IPv6 Protocol
<M> IPv6: ESP transformation
<M> IPv6: IPcomp transformation
[*] IPv6: IPsec BEET mode
<M> IPv6: IPv6-in-IPv6 tunnel
[*] IPv6: Multiple Routing Tables
Network packet filtering framework (Netfilter) Core
<M> Netfilter NFQUEUE over NFNETLINK interface
Cryptographic options
<M> Null algorithms
<M> SHA1 digest algorithm
<M> DES and Triple DES EDE cipher algorithms
<M> AES cipher algorithms
<M> AES cipher algorithms (i586)
Device Drivers ---> Network device support
<M> Dummy network device support
Security options --->
[*] Enable different security models
[M] Default Linux Capabilities
The hipd probes the necessary kernel modules automatically,