Subject: Re: -current config(8) + files.opencrypto == cryptographic roulette?
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Rafal Boni <rafal@pobox.com>
List: current-users
Date: 11/22/2003 10:41:45
In message <200311220412.UAA29613@Pescadero.DSG.Stanford.EDU>, you write:
-> Could be too many cooks spoiled the cast128 broth whilst
-> rearranging sys/opencrypto, and moving (or using) crypto transforms
-> into (or from) sys/crypto/*.
To your credit (thanks for all the work on opencrypto and fast-ipsec!),
I don't think it's got much to do with opencrypto per se. but looks
like config(8) internal attribute confusion which surfaces due to the
way opencrypto/KAME ipsec use the crypto attributes; I'm still sketchy
as I didn't get a chance to do any further digging last night.
-> But sys/crypto/cast128/files.cast128 defines "cast128", and both
-> IPSEC_ESP (sys/netinet6/files.netinet6) and opencrypto
-> (sys/opencrypto/files.opencrypto) list dependencies on that
-> "cast128" attribute. So it looks to me like your config should work.
It does, but it not only fails, it seems to fail with a different set
of crypto routines missing each time I re-run config (well, there's
only a limited set to leave out, but you get the idea :-).
-> Can you send me a copy of your kernel-config file so I can try it out?
See below.
Thanks!
--rafal
#
# CYCLOPS -- kernel for my Gateway E5200 P-III box
#
include "arch/i386/conf/std.i386"
# XXX: doesn't work in MP-land: include "arch/i386/conf/largepages.inc"
maxusers 32 # estimated number of users
# CPU support. At least one is REQUIRED.
options I686_CPU
# CPU-related options.
options MATH_EMULATE # floating point emulation
options USER_LDT # user-settable LDT; used by WINE
options DUMMY_NOPS
# Misc. i386-specific options
options MTRR # memory type region registers
options MPBIOS # configure CPUs and APICs using MPBIOS
options COM_MPLOCK # com MP locking; REQUIRED on MP i386
options XSERVER # X server support in console drivers
options XSERVER_DDB # PF12 gets you into DDB when X is running
options MULTIPROCESSOR # What it says
# Standard system options
options UCONSOLE # users can use TIOCCONS (for xconsole)
options INSECURE # disable kernel security levels
options RTC_OFFSET=300 # hardware clock is this many mins. west of GMT
options NTP # NTP phase/frequency locked loop
options KTRACE # system call tracing via ktrace(1)
options SYSVMSG # System V-like message queues
options SYSVSEM # System V-like semaphores
options SYSVSHM # System V-like memory sharing
options SHMMAXPGS=4096 # 1024 pages is the default
options LKM # loadable kernel modules
# Diagnostic/debugging support options
options KMEMSTATS # kernel memory statistics (vmstat -m)
options DDB # in-kernel debugger
options DIAGNOSTIC # STRONGLY RECOMMENDED
#options LOCKDEBUG # useful for MP systems
#options MPDEBUG # useful for MP systems
options DDB_HISTORY_SIZE=100 # enable history editing in DDB
#options KGDB # remote debugger
#options "KGDB_DEVNAME=\"com\"",KGDBADDR=0x3f8,KGDBRATE=57600
#makeoptions DEBUG="-g" # compile full symbol table
# Compatibility options
options COMPAT_NOMID # compatibility with 386BSD, BSDI, NetBSD 0.8,
options COMPAT_14 # NetBSD 1.4,
options COMPAT_43 # and 4.3BSD
options COMPAT_SVR4 # binary compatibility with SVR4
options COMPAT_IBCS2 # binary compatibility with SCO and ISC
options COMPAT_LINUX # binary compatibility with Linux
options COMPAT_FREEBSD # binary compatibility with FreeBSD
# File systems
file-system FFS # UFS
file-system LFS # log-structured file system
file-system MFS # memory file system
file-system NFS # Network File System client
file-system NTFS # Windows/NT file system (experimental)
file-system FDESC # /dev/fd
file-system CD9660 # ISO 9660 + Rock Ridge file system
file-system EXT2FS # second extended file system (linux)
file-system KERNFS # /kern
file-system PROCFS # /proc
file-system MSDOSFS # MS-DOS file system
# File system options
options SOFTDEP # FFS soft updates support.
options NFSSERVER # Network File System server
options EXT2FS_SYSTEM_FLAGS # makes ext2fs file flags (append and
# immutable) behave as system flags.
# Networking options
options INET # IP + ICMP + TCP + UDP
options IPSEC # IP security
options IPSEC_ESP # IP security (encryption part; define w/IPSEC)
options IPSEC_DEBUG # debug for IP security
options PFIL_HOOKS # pfil(9) packet filter hooks
# These options enable verbose messages for several subsystems.
# Warning, these may compile large string tables into the kernel!
options MPVERBOSE
options MIIVERBOSE # verbose MII device autoconfig messages
options PCIVERBOSE # verbose PCI device autoconfig messages
options USBVERBOSE # verbose USB device autoconfig messages
options SCSIVERBOSE # human readable SCSI error messages
#
# wscons options
#
# builtin terminal emulations
options WSEMUL_VT100 # VT100 / VT220 emulation
# different kernel output - see dev/wscons/wsdisplayvar.h
options WS_KERNEL_FG=WSCOL_RED
options WS_KERNEL_BG=WSCOL_BLACK
# compatibility to other console drivers
options WSDISPLAY_COMPAT_USL # VT handling
options WSDISPLAY_COMPAT_PCVT # emulate some ioctls
options WSDISPLAY_COMPAT_SYSCONS # emulate some ioctls
options WSDISPLAY_COMPAT_RAWKBD # can get raw scancodes
# Kernel root file system and dump configuration.
config netbsd root on ? type ?
#
# Device configuration
#
mainbus0 at root
ioapic* at mainbus0 apid ?
cpu* at mainbus0 apid ?
acpi0 at mainbus0
acpiec0 at acpi0
acpibut* at acpi0
# Basic Bus Support
# PCI bus support
pci* at mainbus? bus ?
pci* at pchb? bus ?
agp* at pchb?
pci* at ppb? bus ?
# Configure PCI using BIOS information
options PCIBIOS # PCI BIOS support
options PCIBIOS_BUS_FIXUP # fixup PCI bus numbering
options PCIBIOS_ADDR_FIXUP # Fix up PCI I/O addresses
options PCIBIOS_INTR_FIXUP # fixup PCI interrupt routing
# PCI bridges
pchb* at pci? dev ? function ? # PCI-Host bridges
pcib* at pci? dev ? function ? # PCI-ISA bridges
ppb* at pci? dev ? function ? # PCI-PCI bridges
# ISA bus support
isa* at mainbus?
isa* at pcib?
# ISA Plug-and-Play bus support
isapnp0 at isa?
# Math Coprocessor support
npx0 at isa? port 0xf0 irq 13 # x86 math coprocessor
# Console Devices
pckbc0 at isa? # pc keyboard controller
pckbd* at pckbc? # PC keyboard
pms* at pckbc? # PS/2 mouse for wsmouse
vga* at pci? dev ? function ?
wsdisplay* at vga? console ?
wskbd* at pckbd? console ?
wsmouse* at pms? mux 0
pcppi0 at isa?
sysbeep0 at pcppi?
# Serial Devices
# LM7[89] and compatible hardware monitors
lm0 at isa? port 0x290 # other common ports: 0x280, 0x310
# PCI SCSI controllers
ahc0 at pci? dev ? function ? # Adaptec [23]94x, aic78x0 SCSI
# SCSI bus support
scsibus0 at ahc0
# SCSI devices
cd0 at scsibus0 target 5 lun 0 # Toshiba CD-ROM
cd1 at scsibus0 target 4 lun 0 # Plextor CD-RW
sd* at scsibus? target ? lun ? # SCSI disk drives
st* at scsibus? target ? lun ? # SCSI tape drives
cd* at scsibus? target ? lun ? # SCSI CD-ROM drives
ch* at scsibus? target ? lun ? # SCSI autochangers
ss* at scsibus? target ? lun ? # SCSI scanners
uk* at scsibus? target ? lun ? # SCSI unknown
piixide* at pci? dev ? function ? # Intel IDE controllers
pciide* at pci? dev ? function ? flags 0x0000 # GENERIC pciide driver
atapibus* at atapi?
atabus* at ata?
wd* at atabus? drive ? flags 0x0000
# ATAPI devices
cd* at atapibus? drive ? flags 0x0000 # ATAPI CD-ROM drives
sd* at atapibus? drive ? flags 0x0000 # ATAPI disk drives
uk* at atapibus? drive ? flags 0x0000 # ATAPI unknown
# ISA floppy
fdc0 at isa? port 0x3f0 irq 6 drq 2 # standard PC floppy controllers
fd0 at fdc0 drive 0
# Network Interfaces
ex* at pci? dev ? function ? # 3Com 90x[BC] et al.
ti* at pci? dev ? function ? # Tigon/Tigon2 GigE cards
# MII/PHY support
bmtphy* at mii? phy ? # Broadcom Mini-Theta PHY
ukphy* at mii? phy ? # generic unknown PHYs
# USB Controller and Devices
uhci* at pci? dev ? function ? # Universal Host Controller (Intel)
usb* at uhci?
# USB Hubs
uhub* at usb?
uhub* at uhub? port ? configuration ? interface ?
# USB HID device
uhidev* at uhub? port ? configuration ? interface ?
# USB Mice
ums* at uhidev? reportid ?
wsmouse* at ums? mux 0
# USB Keyboards
ukbd* at uhidev? reportid ?
wskbd* at ukbd? console ? mux 1
# USB Generic HID devices
uhid* at uhidev? reportid ?
# USB Handspring Visor
uvisor* at uhub? port ?
ucom* at uvisor?
# USB radio tuners
udsbr* at uhub? port ?
radio* at udsbr?
# USB Generic driver
ugen* at uhub? port ?
# Plug-and-Play BIOS and attached devices
pnpbios0 at mainbus0
# com port
com* at pnpbios0 index ?
# parallel port
lpt* at pnpbios0 index ?
# Audio Devices
eap* at pci? dev ? function ? # Ensoniq AudioPCI
audio* at eap?
# MIDI support
midi* at eap? # 137[01] MIDI port
midi* at pcppi? # MIDI interface to the PC speaker
# The spkr driver provides a simple tone interface to the built in speaker.
spkr0 at pcppi? # PC speaker
# Pseudo-Devices
# disk/mass storage pseudo-devices
pseudo-device md 1 # memory disk device (ramdisk)
pseudo-device vnd 4 # disk-like interface to files
# network pseudo-devices
pseudo-device bpfilter 8 # Berkeley packet filter
pseudo-device ipfilter # IP filter (firewall) and NAT
pseudo-device loop # network loopback
pseudo-device gre 2 # generic L3 over IP tunnel
# miscellaneous pseudo-devices
pseudo-device pty 64 # pseudo-terminals
pseudo-device sequencer 1 # MIDI sequencer
pseudo-device rnd # /dev/random and in-kernel generator
# mouse & keyboard multiplexor pseudo-devices
pseudo-device wsmux 2
----
Rafal Boni rafal@pobox.com
We are all worms. But I do believe I am a glowworm. -- Winston Churchill