Abstract
In this section, we show how to edit the configuration file: "/etc/hip/relay_config".
The rendezvous server and the HIP relay server are configured using a configuration file: "/etc/hip/relay_config". Note, that this file is server side configuration file i.e. you only need to configure the file at the relay or rendezvous server, not at the client. This file is shared between the RVS and the HIP relay because both of these services use the same internal database to store the HIT to IP address mappings. A default configuration file is created once the HIP daemon is started the first time, thus if the daemon has not been started before, please start and stop the daemon once to create the default file.
In the configuration file we have the following options:
whitelist_enabled = "yes" whitelist = "" minimum_lifetime = "60" maximum_lifetime = "3600"
HIPL supports RVS / HIP relay server client white listing which means that only those clients whose HITs are listed in the white list are allowed to register to the RVS / HIP relay server. Before R can register with the server, R's HIT must be added to the white list. To do this, please start the HIP daemon at the responder and use the "hipconf" tool from another shell at the responder to get the default hi:
tools/hipconf get hi default
Now, add this HIT in between the white list quotation marks in the configuration file of the RVS / HIP relay server:
whitelist = "2001:0018:8321:4e1a:c009:1ff8:fed4:8e9c"
,where 2001:0018:8321:4e1a:c009:1ff8:fed4:8e9c is the HIT of the responder. Multiple HITs are separated with commas:
whitelist = "2001:0018:8321:4e1a:c009:1ff8:fed4:8e9c","2001:11:91e3:528e:7c41:9560:82ae:630f"
Alternatively you can add multiple HITs by adding multiple "whitelist" stanzas:
whitelist = "2001:0018:8321:4e1a:c009:1ff8:fed4:8e9c" whitelist = "2001:0011:91e3:528e:7c41:9560:82ae:630f"
If you do not wish to filter the clients who are granted access to the rendezvous and HIP relay services, you can disable the white list:
whitelist_enabled = "no"
When the white list is disabled, it does not matter if you have HITs listed in the white list or not since every HIT is allowed to register. Finally, you can set the boundary values for the time window limiting the service lifetime:
minimum_lifetime = "60" maximum_lifetime = "3600"
These values are seconds. The registration extension, however, uses an 8-bit encoding to represent the lifetimes. See notes for details on the lifetime formula.
Server side commands i.e. commands run on the server.
If you have already started a HIP daemon that functions as an RVS or a HIP relay server and you have to add values to the white list or otherwise modify the configuration file, you can reinitialize the server without restarting the daemon itself using the "hipconf" tool:
tools/hipconf reinit service rvs
or
tools/hipconf reinit service relay
The reinitialization does not have any effect on the existing RVS / HIP relay server clients, but only affects clients registering after the reinitialization.
The values that are given in the configuration file are used to calculate the real life time and therefore do not represent the exact life time as such. The formula for the calculations is given in RFC 5203: Host Identity Protocol (HIP) Registration Extension:
seconds = 2^((lifetime - 64)/8)
Using this formula we can get the lifetime value:
lifetime = (8 * (log(seconds) / log(2))) + 64
For the aforementioned default values in seconds (60 and 3600) we get lifetime values 112 and 158 (using ceil() for lower boundary and floor() for higher boundary). These lifetime values correspond to 64 and 3444 respectively. Therefore, when you have values 60 and 3600 seconds in the configuration file, you will effectively end up having lifetime value boundaries of 64 and 3444 seconds.
17th of July 2008