                 FreeBSD no IPsec ******wo************suruniha

  Honig David [FAMILY Given]

   <honig@sprynet.com>

   ******: 43126

   FreeBSD ha The FreeBSD Foundation no************desu._

   Motif, OSF/1 o5yobi UNIX ha A6MeRiKa*********o5yobisono***no***nio5keru
   The Open Group no************de,_ IT DialTone o5yobi The Open Group
   ha***ziku******desu._

   *********o5yobi*********ga******wo******surunoni
   ***i5tei5ru******no***kuha,_******tosaretei5masu._
   kono******ni******suru******nou5ti FreeBSD Project
   gasono******wo******sitei5rumononiha,_sono******ni***i5te <'(TM)>' mataha
   <'(R)>' ******gao5karetei5masu._

   1999 *** 5 *** 3 *** ** .
   ******

   IPsec woI6N6SuTo-6Rusita***,_
   soregakitin5to******sitei5rukadou5ka***berunihadou5sitara***i5desiyOu5?
   kokodeha,_IPsec no******wo******suru*********na******wo******simasu._

     ----------------------------------------------------------------------

   ******

   1. ******

   2. ************

   3. ******

   4. ******

   5. IPsec no******

   6. IPsec noI6N6SuTo-6Ru

   7. src/sys/i386/conf/KERNELNAME

   8. Maurer's Universal Statistical Test (BuRoTUKuSaI6Zu = 8 BiTUTo)

1. ******

   mazu,_IPsec gaI6N6SuTo-6Rusaretei5rukotowo******ni***wo***memasu._ IPsec
   gakitin5to******sitei5rukadou5ka***runihadou5sitara***i5desiyOu5?
   motiron5******ga******tUtei5rebaNeTUToWa-6Ku******ga***nae5nai5desiyOu5si,_
   ******dekitatoi5u5kotoha******ga***tUtei5rukarada,_toi5u5******ha******tUtei5masen5._
   ************ha netstat(1) KoMaN6Dode***kamerukotogadekimasu._
   sikasi,_sorewo******site******surukotoha******nanodesiyOu5ka?

2. ************

   ******ni,_******ni***waretei5ru************nitui5te***e5masu._

    1. *********saretaDe-6Taha,_******ni******sitei5ru._tumari,_
       ************SiN6BoRuha******noE6N6ToRoPi-6wo***tUtei5ru._

    2. ******,_*********noDe-6Taya******saretei5nai5De-6Taha******dea5ru._
       tumari,_************SiN6BoRunoE6N6ToRoPi-6ha******dehanai5._

   NeTUToWa-6KuI6N6Ta-6Hue6I6Suwo*********suruDe-6TanoE6N6ToRoPi-6wo******dekiruto******suruto,_
   <'*********saretei5nai5De-6Ta>'to<'*********saretaDe-6Ta>'no******ni,_
   ***i5wo***rukotogadekiruhazudesu._
   konokotoha,_PaKeTUTonoRu-6Tei6N6Guga***nawareru******no************no IP
   HeTUDanado,_ De-6Tano******ga <'*********Mo-6Do>'
   de*********sarenakatUtatositemo******simasu._

  2.1. MUST

   Ueli Maurer ***no <'Universal Statistical Test for Random Bit Generators>'
   (MUST) ha,_SaN6PuRuDe-6TanoE6N6ToRoPi-6wo******ni******simasu._
   koreniha******to***ku***taA6RuGoRiZuMuga***waretei5masu._
   ******ni***sunoha,_ ***tunoHua6I6Ru***de******suruDe-6Ta (****** 0.25
   MeGaBaI6To) wo******suruKo-6Dodesu._

  2.2. Tcpdump

   sate***ni,_******ni***e5teNeTUToWa-6Ku***no***De-6Tawo******surutameno******mo******ninarimasu._
   sorewo******suruPuRoGuRaMuni,_tcpdump(1) to***barerumonogaa5rimasu._
   tadasi,_tcpdump wo***u5niha,_ Ka-6NeRuKoN6Hui6GuRe-6SiYON6Hua6I6Runio5i5te
   Berkeley Packet Filter
   I6N6Ta-6Hue6I6Suga*********saretei5nakerebanarimasen5._

   ***noKoMaN6Do:

 tcpdump -c 4000 -s 10000 -w dumpfile.bin

   ha,_4000 ***no***PaKeTUTowo******si,_dumpfile.bin ni******simasu._
   kono***nodeha 10,000 BaI6To******noPaKeTUTonomi******saremasu._

3. ******

   deha,_******sitemimasiyOu5._

    1. IPsec HoSuToto IPsec
       wo***tUtei5nai5HoSuTono******niNeTUToWa-6Ku******sitekudasai5._

    2. sosite PaKeTUTono****** wo******simasu._

    3. ***ni,_<'IPsec wo***tUtei5ru>' ******de yes(1) toi5u5 UNIX(R)
       KoMaN6Dowo******simasu._ koreha,_y
       toi5u5******no******De-6Tawo******surumonodesu._
       sibarakusitaraKoMaN6Dowo******sase,_IPsec
       wo***tUtei5nai5******ni***site***ziKoMaN6Dowo******simasu._
       kotiramo,_sibarakusitaraKoMaN6Dowo******sasetekudasai5._

    4. kokode,_MUST
       wo******sitaPaKeTUToni******suruto,_***noyou5na******ga***rareruhazudesu._
       kono***de******nanoha,_********* (7.18) ni***site,_ IPsec
       wo***tUta******ga 93% (6.7),_ <'******no>'******ga 29% (2.1)
       toi5u5******ninatUtei5rukotodesu._

 % tcpdump -c 4000 -s 10000 -w ipsecdemo.bin
 % uliscan ipsecdemo.bin

 Uliscan 21 Dec 98
 L=8 256 258560
 Measuring file ipsecdemo.bin
 Init done
 Expected value for L=8 is 7.1836656
 6.9396 --------------------------------------------------------
 6.6177 -----------------------------------------------------
 6.4100 ---------------------------------------------------
 2.1101 -----------------
 2.0838 -----------------
 2.0983 -----------------

4. ******

   kono******ha*********no******ga***sutoo5ri,_IPsec
   wo***tUta******deha***kaniPeI6Ro-6Do***noDe-6Tani***mareruSiN6BoRuno************ga******ni******suru,_
   toi5u5kotowo***sitei5masu._
   sikasi,_kokode***sita******dehaSiSuTeMu***no******
   (a5runokadou5ka***rimasen5ga) wo******surukotohadekimasen5._
   kokode***u5<'******>'toha,_tatoe5ba***************ya******no******ya,_
   De-6Taya*********ga******ni***raretei5nai5kadou5katoi5tUta******,_
   a5rui5haA6RuGoRiZuMuno******hadou5ka,_
   Ka-6NeRunoBa-6ZiYON6ha***tUtei5rukatoi5tUtakotodesu._
   korerahaSo-6Suwo***bereba***kamerukotogadekimasu._

5. IPsec no******

   I6N6Ta-6NeTUToPuRoToKoRu SeKiYURiTei6****** (Internet Protocol security
   extensions) ha IP v4 to IP v6 ni******sare,_IP v6
   heno******ha******tonatUtei5masu._ konoPuRoToKoRuha IP (HoSuTo***)
   ReBeRude*********to******wo******surutamenomonodesu._ tatoe5ba SSL
   ha***tunoA6PuRiKe-6SiYON6SoKeTUTo,_SSH haRoGuI6N6,_ PGP
   ha******noHua6I6RuyaMeTUSe-6Zinomini***sitesorezore*********wo******simasuga,_
   IPsec ha 2 HoSuTo***nosubeteno******wo*********simasu._

6. IPsec noI6N6SuTo-6Ru

   FreeBSD no******noBa-6ZiYON6deha IPsec
   noSaPo-6Toga******noSo-6SuKo-6Doni***maretei5masu._
   sore***,_a5natahao5soraku IPSEC
   O6PuSiYON6woKa-6NeRuKoN6Hui6GuHua6I6Runi******si,_
   Ka-6NeRuwo*********/***I6N6SuTo-6Rusite setkey(8) KoMaN6Dode IPsec
   ******wo******surebayoi5hazudesu._

   FreeBSD de IPsec wo******suru*********naGaI6Doha FreeBSD
   HaN6DoBuTUKude******saretei5masu._

7. src/sys/i386/conf/KERNELNAME

   NeTUToWa-6KuDe-6Tawo tcpdump(1)
   de******surutamenihaKa-6NeRuKoN6Hui6GuHua6I6Runiha******no***ga******desu._
   ********* config(8) wo******siKa-6NeRuno*********/***I6N6SuTo-6Ruwo
   ***natUtekudasai5._

 device  bpf

8. Maurer's Universal Statistical Test (BuRoTUKuSaI6Zu = 8 BiTUTo)

   ******noKo-6Dowo konoRiN6Kukara******surukotogadekimasu._

 /*
   ULISCAN.c   ---blocksize of 8

   1 Oct 98
   1 Dec 98
   21 Dec 98       uliscan.c derived from ueli8.c

   This version has // comments removed for Sun cc

   This implements Ueli M Maurer's "Universal Statistical Test for Random
   Bit Generators" using L=8

   Accepts a filename on the command line; writes its results, with other
   info, to stdout.

   Handles input file exhaustion gracefully.

   Ref: J. Cryptology v 5 no 2, 1992 pp 89-105
   also on the web somewhere, which is where I found it.

   -David Honig
   honig@sprynet.com

   Usage:
   ULISCAN filename
   outputs to stdout
 */

 #define L 8
 #define V (1<<L)
 #define Q (10*V)
 #define K (100   *Q)
 #define MAXSAMP (Q + K)

 #include <stdio.h>
 #include <math.h>

 int main(argc, argv)
 int argc;
 char **argv;
 {
   FILE *fptr;
   int i,j;
   int b, c;
   int table[V];
   double sum = 0.0;
   int iproduct = 1;
   int run;

   extern double   log(/* double x */);

   printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP);

   if (argc < 2) {
     printf("Usage: Uliscan filename\n");
     exit(-1);
   } else {
     printf("Measuring file %s\n", argv[1]);
   }

   fptr = fopen(argv[1],"rb");

   if (fptr == NULL) {
     printf("Can't find %s\n", argv[1]);
     exit(-1);
   }

   for (i = 0; i < V; i++) {
     table[i] = 0;
   }

   for (i = 0; i < Q; i++) {
     b = fgetc(fptr);
     table[b] = i;
   }

   printf("Init done\n");

   printf("Expected value for L=8 is 7.1836656\n");

   run = 1;

   while (run) {
     sum = 0.0;
     iproduct = 1;

     if (run)
       for (i = Q; run && i < Q + K; i++) {
         j = i;
         b = fgetc(fptr);

         if (b < 0)
           run = 0;

         if (run) {
           if (table[b] > j)
             j += K;

           sum += log((double)(j-table[b]));

           table[b] = i;
         }
       }

     if (!run)
       printf("Premature end of file; read %d blocks.\n", i - Q);

     sum = (sum/((double)(i - Q))) /  log(2.0);
     printf("%4.4f ", sum);

     for (i = 0; i < (int)(sum*8.0 + 0.50); i++)
       printf("-");

     printf("\n");

     /* refill initial table */
     if (0) {
       for (i = 0; i < Q; i++) {
         b = fgetc(fptr);
         if (b < 0) {
           run = 0;
         } else {
           table[b] = i;
         }
       }
     }
   }
 }
