HIPL 1.0.6 Release Notes ======================== Compiled 13.11.2011 by Rene Hummen and Miika Komu . The release files are signed with Miika Komu's public key available from the below URL or e.g. Veridis key server: http://www.iki.fi/miika/pgp.html Key fingerprint = 349A 564B 8041 7BD5 766E 7FEB 70FE C506 7BD0 0861 Supported Features ------------------ This release is essentially a snapshot of HIPL development tree. Please prefer the nightly binaries from hipl.hiit.fi when this release is old. The testing for this release has been community driven, and the testing of this release is therefore partially incomplete. The following features are supported in the precompiled binaries: * Base exchange (with and without rendezvous) * Base exchange using opportunistic mode * Simple mobility (no multihoming) * HIT or public-key based access control using HIP firewall * Registration support (including rvs and relay) * Full ESP-over-UDP relay (for NAT traversal) * Userspace IPsec for legacy systems * Daemon privilege downgrade for hipd and hipfw * LSI support * IPsec heartbeat support * Changing of ESP transform order * HIT-to-IP look up using DNS (domain specific) * HI resource record support for DNS * Public key to HI record conversion * DNS proxy support (to intercept and inject LSIs and HITs to apps) * Midauth and PISA extensions * ECDSA support The following features are supported, but require recompilation from the sources: * Alternative privilege separation (for maemo and openwrt) * Gprof profiling * Performance measurement support * ECDSA support for RPM-based distributions Release Contents ---------------- This release contains precompiled HIPL binary packages various Linux distributions. Since the latest Fedora and Ubuntu distributions support BEET ESP, we are not providing separate precompiled kernels anymore. Distribution independent sources: * Located in "source" directory (tarball of the HIPL software bundle) Binary packages for debian-based distributions are located in the "binaries/deb" directory: * maemo-armel-fremantle (N900) * ubuntu-lucid (32 and 64-bit) * ubuntu-oneiric (32 and 64-bit) Binary packages for redhat-based distributions are located in the "binaries/rpm" directory: * centos-6.0 (32 and 64-bit) * fedora-16 (32 and 64-bit) Binary packages for Openwrt ar71xx-based platform (backfire) are in the "binaries/ipk" directory: * openwrt_ar71xx Installation ------------ At the minimum, you should install the following package: * hipl-daemon Optionally, you can install any of the following packages: * hipl-firewall * hipl-dnsproxy * hipl-doc Quick test instructions are located here: http://hipl.hiit.fi/hipl/manual/ch03.html#quick It should be noted that the release contains unmaintained, freezed version of the source code and that releases are published seldomly. Rather than using a really old release, please consider using the snapshots from the binary repositories to obtain more recent versions of the software with up-to-date bug fixes. Please see the instructions here: http://hipl.hiit.fi/index.php?index=download Release Versions ---------------- The version number of this release is 1.0.6. 1.0.0 = tla hipl--main--2.6--patch-123 1.0.1 = tla hipl--main--2.6--patch-181 1.0.2 = tla hipl--main--2.6--patch-253 1.0.3 = tla hipl--main--2.6--patch-309 1.0.4 = tla hipl--main--2.6--patch-406 1.0.5 = lp:hipl -r 4037 (without removal of libinet6 and sava code) 1.0.6 = lp:hipl -r 6129 (with the workaround from bug id 889495) Interoperability Summary ------------------------ This version has been interoperated occasionally with OpenHIP but there are no conclusive statements on interoperability. Plans for the Next Release -------------------------- We plan to continue fixing the remaining bugs. Differences to the Previous Release (1.0.5) ------------------------------------------- See ChangeLog file for full details between the revisions 3036 and 6129. In a nutshell, code quality, testing and stability has been improved a lot mostly thanks to the contributions from folks from Aachen. Contributors for This Release ---------------------------- Since the previous release, the following developers have contributed code to make this release possible: * Andrius Bentkus * Artturi Karila * Christof Mroz * Christoph Viethen * David Martin * Diego Biurrun * Henrik Ziegeldorf * Hu Weiwei * Joakim Koskela * Miika Komu * Mircea Gherzan * Rene Hummen * Samuel Richter * Samu Varjonen * Stefan Goetz * Tim Just * Tobias Heer Known Bugs, Missing Features or Ideas for Improvements ------------------------------------------------------ See the details of the bugs (without any commited fix) from launchpad: https://bugs.launchpad.net/hipl 592113 NAI in the host id may be incorrectly coded 592115 handle SA expiration properly 728937 hipfw does not always remove iptables rules on exit 592119 handling of UPDATE retransmissions 592127 multiple identities 592143 testing of different hipfw options with mobility 592157 binary packages and log files 592189 hipfw and memory leaks 677041 broken certificate inclusion and verification in BEX and UPDATE 728938 Overly long heartbeat timeouts 790487 HIPL generates type 1 locators without SPI 592170 hipconf improvements 592194 midauth documentation 592196 Removing dead code obsoleted by new mobility code 592197 Adding more comments to the new mobility code 592213 namespace pollution 592225 absurd APIs 644160 Use more efficient hash for hash tables 653325 Use boolean type defined in stdbool.h 680836 ECC in HIPL 682323 licensing and lib/tool/checksum.c 693834 maintain configuration files as separate files 697214 licensing and lib/tool/nlink.c 697216 licensing and lib/tool/xfrmapi.c 697223 licensing and lib/tool/pk.c 704513 Netlink Transactions for IPsec control operations 736698 tcpdump reports encapsulation error 790489 HIPL generates UPDATE without setting preferred bit 848882 LSIs and FTP 592123 input packet queue 592167 userspace ipsec and udp checksums 592190 document hchain use 592206 symbols needlessly declared in header files 592223 unnecessary casts 648684 Misuage of hip_hit_t 652196 Inconsistent use of namespaces 654226 lsi processing with ICMPv4 681356 DNS proxy, "host" command and hosts files 682745 lib/tool/checksum.c fails to compile with -O3 694775 build and runtime dependency on libconfig 697522 OpenSSL 1.0.0 697562 Functions to convert type numbers etc. to descriptive strings 697564 Nits from handling of a HIT that does not belong to the host 701873 Remove hip_in6_ntop and use inet_ntop instead 705840 align hi-related functionality in hipconf 706820 Rename dummy network interface 724180 -fstrict-aliasing warnings 802479 more doxygen warnings 592117 refresh keymaterial periodically 592133 Porting effort to make HIPL run non non-Linux UNIX systems 592134 creation of hipd user/group 592160 hipl and selinux 592181 reverse queries and dnsproxy 715126 HIPL on Android 886522 DNS proxy and twisted 886525 DNS proxy and improvements to packaging 592125 shotgun-style mobility 592135 registration and update 592138 improve mtu setting in hipd 592164 handling multiple addresses in hit-to-ip code and .. 592166 hipconf outputs to standard error 592171 man pages for hipl 592172 RVS HMAC 592173 multiple dns servers 592179 dnsproxy and serviceconf 592198 add rendezvous hooks to the mobility code 592200 client-side mobility in natted environments 592218 global variables 592219 redundant linked lists 647681 a problematic hostname for dnsproxy 691406 ttl in rvs/relay services 691410 ESP relay initialization 701869 SPKI signature fails in encoding of B64 736114 Perl install dependencies unavailable for Maemo 5 736158 nsupdate tries to establish connection indefinitely 769627 ./configure fails with python 3.2 783955 invalid reads from hipd reported by Valgrind 788799 RSA host identities of particular lengths are broken 793408 document hipconf usage 793430 Long timeout between hipd base exchange initiations 886509 HIPv2: cryptoagility for DNS proxy 886511 DNS proxy and TTL 889491 "make check" fails with 32-bit machines 889495 cross-compilation with scratchbox is brokenl Reporting of Bug Fixes ---------------------- Please check first if you have misconfigured the software: http://hipl.hiit.fi/hipl/manual/index.htm If you discover problems with this release, please try the latest sources if your problem has been fixed already upstream: http://hipl.hiit.fi/index.php?index=download To report a bug, please check the bug reporting instructions first and report the problem on the mailing list: http://hipl.hiit.fi/hipl/manual/ch03.html#quick http://www.freelists.org/list/hipl-dev