HIPL 1.0.7 Release Notes ======================== Compiled 29.4.2012 by Miika Komu . The release files are signed with Miika Komu's public key available from the below URL or e.g. Veridis key server: http://www.iki.fi/miika/pgp.html Key fingerprint = 349A 564B 8041 7BD5 766E 7FEB 70FE C506 7BD0 0861 Supported Features ------------------ This release is essentially a snapshot of HIPL development tree. Before reporting of any bugs, please try the nightly binaries from hipl.hiit.fi. The following features are supported in the precompiled binaries: * Base exchange (with and without rendezvous) * Base exchange using opportunistic mode * Simple mobility (no multihoming) * HIT or public-key based access control using HIP firewall * Registration support (including rvs and relay) * Full ESP-over-UDP relay (for NAT traversal) * Userspace IPsec for legacy systems * Daemon privilege downgrade for hipd and hipfw * LSI support * IPsec heartbeat support * Changing of ESP transform order * HIT-to-IP look up using DNS (domain specific) * HI resource record support for DNS * Public key to HI record conversion * DNS proxy support (to intercept and inject LSIs and HITs to apps) * Midauth extensions * ECDSA support (disabled by default) The following features are supported, but require recompilation from the sources: * Alternative privilege separation (for maemo and openwrt) * Gprof profiling * Performance measurement support * ECDSA support for RPM-based distributions Release Contents ---------------- This release contains precompiled HIPL binary packages various Linux distributions. Since the latest Fedora and Ubuntu distributions support BEET ESP, we are not providing separate precompiled kernels anymore. Distribution independent sources: * Located in "source" directory (tarball of the HIPL software bundle) Binary packages for debian-based distributions are located in the "binaries/deb" directory: * ubuntu-precise (32 and 64-bit) Binary packages for redhat-based distributions are located in the "binaries/rpm" directory: * centos-6.2 (32 and 64-bit) * fedora-17 (32 and 64-bit) Installation ------------ At the minimum, you should install the following package: * hipl-daemon Optionally, you can install any of the following packages: * hipl-firewall * hipl-dnsproxy * hipl-doc Quick test instructions are located here: http://hipl.hiit.fi/hipl/manual/ch03.html#quick It should be noted that the release contains unmaintained, freezed version of the source code and that releases are published seldomly. Rather than using a really old release, please consider using the snapshots from the binary repositories to obtain more recent versions of the software with up-to-date bug fixes. Please see the instructions here: http://hipl.hiit.fi/index.php?index=download Release Versions ---------------- The version number of this release is 1.0.7. 1.0.0 = tla hipl--main--2.6--patch-123 1.0.1 = tla hipl--main--2.6--patch-181 1.0.2 = tla hipl--main--2.6--patch-253 1.0.3 = tla hipl--main--2.6--patch-309 1.0.4 = tla hipl--main--2.6--patch-406 1.0.5 = lp:hipl -r 4037 (without removal of libinet6 and sava code) 1.0.6 = lp:hipl -r 6129 (with the workaround from bug id 889495) 1.0.7 = lp:hipl -r 6382 Interoperability Summary ------------------------ No interoperability test report for this release. Plans for the Next Release -------------------------- We plan to continue fixing the remaining bugs. Differences to the Previous Release (1.0.6) ------------------------------------------- See ChangeLog file for full details. In a nutshell, code quality has been improved a lot mostly thanks to the contributions from folks from Aachen. Contributors for This Release ---------------------------- Since the previous release, the following developers have contributed code to make this particular release possible: * David Martin * Diego Biurrun * Fahad Aizaz * Henrik Ziegeldorf * Joakim Koskela * Miika Komu * Paul Tötterman * Rene Hummen * Samuel Richter * Stefan Götz * Xin Gu Known Bugs, Missing Features or Ideas for Improvements ------------------------------------------------------ See the details of the bugs (without any commited fix) from launchpad: https://bugs.launchpad.net/hipl #592113 NAI in the host id may be incorrectly coded #592115 handle SA expiration properly #728937 hipfw does not always remove iptables rules on exit #592119 handling of UPDATE retransmissions #592127 multiple identities #592143 testing of different hipfw options with mobility #592157 binary packages and log files #592189 hipfw and memory leaks #677041 broken certificate inclusion and verification in BEX and UPDATE #728938 Overly long heartbeat timeouts #592170 hipconf improvements #592194 midauth documentation #592196 Removing dead code obsoleted by new mobility code #592197 Adding more comments to the new mobility code #592213 namespace pollution #592225 absurd APIs #644160 Use more efficient hash for hash tables #653325 Use boolean type defined in stdbool.h #680836 ECC in HIPL #682323 licensing and lib/tool/checksum.c #693834 maintain configuration files as separate files #697214 licensing and lib/tool/nlink.c #697216 licensing and lib/tool/xfrmapi.c #697223 licensing and lib/tool/pk.c #704513 Netlink Transactions for IPsec control operations #736698 tcpdump reports encapsulation error #790489 HIPL generates UPDATE without setting preferred bit #848882 LSIs and FTP #592123 input packet queue #592167 userspace ipsec and udp checksums #592190 document hchain use #592206 symbols needlessly declared in header files #592223 unnecessary casts #648684 Misuage of hip_hit_t #652196 Inconsistent use of namespaces #654226 lsi processing with ICMPv4 #681356 DNS proxy, "host" command and hosts files #682745 lib/tool/checksum.c fails to compile with -O3 #694775 build and runtime dependency on libconfig #697522 OpenSSL 1.0.0 #697562 Functions to convert type numbers etc. to descriptive strings #697564 Nits from handling of a HIT that does not belong to the host #701873 Remove hip_in6_ntop and use inet_ntop instead #705840 align hi-related functionality in hipconf #706820 Rename dummy network interface #724180 -fstrict-aliasing warnings #802479 more doxygen warnings #954771 refactor hipd/cert.c #954803 HIPLv2, HIT_SUITE_LIST and SHA256 #592117 refresh keymaterial periodically #592133 Porting effort to make HIPL run non non-Linux UNIX systems #592134 creation of hipd user/group #592160 hipl and selinux #592181 reverse queries and dnsproxy #715126 HIPL on Android #886522 DNS proxy and twisted #886525 DNS proxy and improvements to packaging #955582 Prefer struct bitfields rather than bitshifting and -masking #592125 shotgun-style mobility #592135 registration and update #592138 improve mtu setting in hipd #592164 handling multiple addresses in hit-to-ip code and .. #592166 hipconf outputs to standard error #592171 man pages for hipl #592172 RVS HMAC #592173 multiple dns servers #592179 dnsproxy and serviceconf #592198 add rendezvous hooks to the mobility code #592200 client-side mobility in natted environments #592218 global variables #592219 redundant linked lists #647681 a problematic hostname for dnsproxy #691406 ttl in rvs/relay services #691410 ESP relay initialization #701869 SPKI signature fails in encoding of B64 #736114 Perl install dependencies unavailable for Maemo 5 #736158 nsupdate tries to establish connection indefinitely #769627 ./configure fails with python 3.2 #783955 invalid reads from hipd reported by Valgrind #788799 RSA host identities of particular lengths are broken #793408 document hipconf usage #793430 Long timeout between hipd base exchange initiations #886509 HIPv2: cryptoagility for DNS proxy #886511 DNS proxy and TTL #889491 "make check" fails with 32-bit machines #913205 dns proxy returns sometimes IP addresses #913516 HIPLv2: Duality of version number #913518 HIPLv2: Diffie Hellman Negotiations #913519 HIPLv2: ECC DH #919672 hipd.lock is not deleted on hipd termination #990025 side-channel attack with I1 through firewall Reporting of Bug Fixes ---------------------- Please check first if you have misconfigured the software: http://hipl.hiit.fi/hipl/manual/index.htm If you discover problems with this release, please try the latest sources if your problem has been fixed already upstream: http://hipl.hiit.fi/index.php?index=download To report a bug, please check the bug reporting instructions first and report the problem on the mailing list: http://hipl.hiit.fi/hipl/manual/ch03.html#quick http://www.freelists.org/list/hipl-dev