Subject: Re: -current config(8) + files.opencrypto == cryptographic roulette?
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Rafal Boni <rafal@pobox.com>
List: current-users
Date: 11/22/2003 10:41:45
In message <200311220412.UAA29613@Pescadero.DSG.Stanford.EDU>, you write: 

-> Could be too many cooks spoiled the cast128 broth whilst
-> rearranging sys/opencrypto, and moving (or using) crypto transforms
-> into (or from) sys/crypto/*.

To your credit (thanks for all the work on opencrypto and fast-ipsec!),
I don't think it's got much to do with opencrypto per se. but looks
like config(8) internal attribute confusion which surfaces due to the
way opencrypto/KAME ipsec use the crypto attributes; I'm still sketchy
as I didn't get a chance to do any further digging last night.

-> But sys/crypto/cast128/files.cast128 defines "cast128", and both
-> IPSEC_ESP (sys/netinet6/files.netinet6) and opencrypto
-> (sys/opencrypto/files.opencrypto) list dependencies on that
-> "cast128" attribute. So it looks to me like your config should work.

It does, but it not only fails, it seems to fail with a different set
of crypto routines missing each time I re-run config (well, there's
only a limited set to leave out, but you get the idea :-).

-> Can you send me a copy of your kernel-config file so I can try it out?

See below.

Thanks!
--rafal

#
#	CYCLOPS -- kernel for my Gateway E5200 P-III box
#

include "arch/i386/conf/std.i386"
# XXX: doesn't work in MP-land: include "arch/i386/conf/largepages.inc"

maxusers	32		# estimated number of users

# CPU support.  At least one is REQUIRED.
options 	I686_CPU

# CPU-related options.
options 	MATH_EMULATE	# floating point emulation
options 	USER_LDT	# user-settable LDT; used by WINE
options 	DUMMY_NOPS

# Misc. i386-specific options
options		MTRR		# memory type region registers
options 	MPBIOS		# configure CPUs and APICs using MPBIOS
options 	COM_MPLOCK	# com MP locking; REQUIRED on MP i386
options 	XSERVER		# X server support in console drivers
options 	XSERVER_DDB	# PF12 gets you into DDB when X is running
options		MULTIPROCESSOR	# What it says

# Standard system options
options 	UCONSOLE	# users can use TIOCCONS (for xconsole)
options 	INSECURE	# disable kernel security levels

options 	RTC_OFFSET=300	# hardware clock is this many mins. west of GMT
options 	NTP		# NTP phase/frequency locked loop

options 	KTRACE		# system call tracing via ktrace(1)

options 	SYSVMSG		# System V-like message queues
options 	SYSVSEM		# System V-like semaphores
options 	SYSVSHM		# System V-like memory sharing
options 	SHMMAXPGS=4096	# 1024 pages is the default

options 	LKM		# loadable kernel modules

# Diagnostic/debugging support options
options 	KMEMSTATS	# kernel memory statistics (vmstat -m)
options 	DDB		# in-kernel debugger
options 	DIAGNOSTIC	# STRONGLY RECOMMENDED
#options 	LOCKDEBUG	# useful for MP systems
#options 	MPDEBUG		# useful for MP systems
options 	DDB_HISTORY_SIZE=100	# enable history editing in DDB
#options 	KGDB		# remote debugger
#options 	"KGDB_DEVNAME=\"com\"",KGDBADDR=0x3f8,KGDBRATE=57600
#makeoptions	DEBUG="-g"	# compile full symbol table

# Compatibility options
options 	COMPAT_NOMID	# compatibility with 386BSD, BSDI, NetBSD 0.8,
options 	COMPAT_14	# NetBSD 1.4,
options 	COMPAT_43	# and 4.3BSD

options 	COMPAT_SVR4	# binary compatibility with SVR4
options 	COMPAT_IBCS2	# binary compatibility with SCO and ISC
options 	COMPAT_LINUX	# binary compatibility with Linux
options 	COMPAT_FREEBSD	# binary compatibility with FreeBSD

# File systems
file-system 	FFS		# UFS
file-system 	LFS		# log-structured file system
file-system 	MFS		# memory file system
file-system 	NFS		# Network File System client
file-system 	NTFS		# Windows/NT file system (experimental)
file-system 	FDESC		# /dev/fd
file-system 	CD9660		# ISO 9660 + Rock Ridge file system
file-system 	EXT2FS		# second extended file system (linux)
file-system 	KERNFS		# /kern
file-system 	PROCFS		# /proc
file-system 	MSDOSFS		# MS-DOS file system

# File system options
options 	SOFTDEP         # FFS soft updates support.
options 	NFSSERVER	# Network File System server
options 	EXT2FS_SYSTEM_FLAGS # makes ext2fs file flags (append and
				# immutable) behave as system flags.

# Networking options
options 	INET		# IP + ICMP + TCP + UDP
options 	IPSEC		# IP security
options 	IPSEC_ESP	# IP security (encryption part; define w/IPSEC)
options 	IPSEC_DEBUG	# debug for IP security
options 	PFIL_HOOKS	# pfil(9) packet filter hooks

# These options enable verbose messages for several subsystems.
# Warning, these may compile large string tables into the kernel!
options 	MPVERBOSE
options 	MIIVERBOSE	# verbose MII device autoconfig messages
options 	PCIVERBOSE	# verbose PCI device autoconfig messages
options 	USBVERBOSE	# verbose USB device autoconfig messages
options 	SCSIVERBOSE	# human readable SCSI error messages

#
# wscons options
#
# builtin terminal emulations
options 	WSEMUL_VT100		# VT100 / VT220 emulation
# different kernel output - see dev/wscons/wsdisplayvar.h
options 	WS_KERNEL_FG=WSCOL_RED
options 	WS_KERNEL_BG=WSCOL_BLACK

# compatibility to other console drivers
options 	WSDISPLAY_COMPAT_USL		# VT handling
options 	WSDISPLAY_COMPAT_PCVT		# emulate some ioctls
options 	WSDISPLAY_COMPAT_SYSCONS	# emulate some ioctls
options 	WSDISPLAY_COMPAT_RAWKBD		# can get raw scancodes

# Kernel root file system and dump configuration.
config		netbsd	root on ? type ?

#
# Device configuration
#
mainbus0 at root

ioapic*	at mainbus0 apid ?
cpu* 	at mainbus0 apid ?

acpi0	at mainbus0
acpiec0 at acpi0
acpibut* at acpi0

# Basic Bus Support

# PCI bus support
pci*	at mainbus? bus ?
pci*	at pchb? bus ?
agp* 	at pchb?
pci*	at ppb? bus ?

# Configure PCI using BIOS information
options 	PCIBIOS			# PCI BIOS support
options 	PCIBIOS_BUS_FIXUP	# fixup PCI bus numbering
options 	PCIBIOS_ADDR_FIXUP	# Fix up PCI I/O addresses
options 	PCIBIOS_INTR_FIXUP	# fixup PCI interrupt routing

# PCI bridges
pchb*	at pci? dev ? function ?	# PCI-Host bridges
pcib*	at pci? dev ? function ?	# PCI-ISA bridges
ppb*	at pci? dev ? function ?	# PCI-PCI bridges

# ISA bus support
isa*	at mainbus?
isa*	at pcib?

# ISA Plug-and-Play bus support
isapnp0	at isa?

# Math Coprocessor support
npx0	at isa? port 0xf0 irq 13	# x86 math coprocessor

# Console Devices
pckbc0		at isa?			# pc keyboard controller
pckbd*		at pckbc?		# PC keyboard

pms*		at pckbc?		# PS/2 mouse for wsmouse

vga*		at pci? dev ? function ?
wsdisplay*	at vga? console ?

wskbd* 		at pckbd? console ?
wsmouse*	at pms? mux 0

pcppi0		at isa?
sysbeep0	at pcppi?

# Serial Devices

# LM7[89] and compatible hardware monitors
lm0	at isa?	port 0x290		# other common ports: 0x280, 0x310

# PCI SCSI controllers
ahc0	at pci? dev ? function ?	# Adaptec [23]94x, aic78x0 SCSI

# SCSI bus support
scsibus0 at ahc0

# SCSI devices
cd0	at scsibus0 target 5 lun 0	# Toshiba CD-ROM
cd1	at scsibus0 target 4 lun 0	# Plextor CD-RW

sd*	at scsibus? target ? lun ?	# SCSI disk drives
st*	at scsibus? target ? lun ?	# SCSI tape drives
cd*	at scsibus? target ? lun ?	# SCSI CD-ROM drives
ch*	at scsibus? target ? lun ?	# SCSI autochangers
ss*	at scsibus? target ? lun ?	# SCSI scanners
uk*	at scsibus? target ? lun ?	# SCSI unknown

piixide* at pci? dev ? function ?	# Intel IDE controllers
pciide*	 at pci? dev ? function ? flags 0x0000	# GENERIC pciide driver
atapibus* at atapi?
atabus*   at ata?

wd*	at atabus? drive ? flags 0x0000

# ATAPI devices
cd*	at atapibus? drive ? flags 0x0000	# ATAPI CD-ROM drives
sd*	at atapibus? drive ? flags 0x0000	# ATAPI disk drives
uk*	at atapibus? drive ? flags 0x0000	# ATAPI unknown

# ISA floppy
fdc0	at isa? port 0x3f0 irq 6 drq 2	# standard PC floppy controllers
fd0	at fdc0 drive 0

# Network Interfaces
ex*	at pci? dev ? function ?	# 3Com 90x[BC] et al.
ti*	at pci? dev ? function ?	# Tigon/Tigon2 GigE cards

# MII/PHY support
bmtphy*	at mii? phy ?			# Broadcom Mini-Theta PHY
ukphy*	at mii? phy ?			# generic unknown PHYs

# USB Controller and Devices
uhci*	at pci?	dev ? function ?	# Universal Host Controller (Intel)
usb*	at uhci?

# USB Hubs
uhub*	at usb?
uhub*	at uhub? port ? configuration ? interface ?

# USB HID device
uhidev*	at uhub? port ? configuration ? interface ?

# USB Mice
ums*	at uhidev? reportid ?
wsmouse*	at ums? mux 0

# USB Keyboards
ukbd*	at uhidev? reportid ?
wskbd*	at ukbd? console ? mux 1

# USB Generic HID devices
uhid*	at uhidev? reportid ?

# USB Handspring Visor
uvisor*	at uhub? port ?
ucom*	at uvisor?

# USB radio tuners
udsbr* 	at uhub? port ?
radio* 	at udsbr?

# USB Generic driver
ugen*	at uhub? port ?

# Plug-and-Play BIOS and attached devices
pnpbios0 at mainbus0

# com port
com*	at pnpbios0 index ?

# parallel port
lpt*	at pnpbios0 index ?

# Audio Devices
eap*	at pci? dev ? function ?	# Ensoniq AudioPCI
audio*	at eap?

# MIDI support
midi*	at eap?			# 137[01] MIDI port
midi*	at pcppi?		# MIDI interface to the PC speaker

# The spkr driver provides a simple tone interface to the built in speaker.
spkr0	at pcppi?		# PC speaker

# Pseudo-Devices

# disk/mass storage pseudo-devices
pseudo-device	md		1	# memory disk device (ramdisk)
pseudo-device	vnd		4	# disk-like interface to files

# network pseudo-devices
pseudo-device	bpfilter	8	# Berkeley packet filter
pseudo-device	ipfilter		# IP filter (firewall) and NAT
pseudo-device	loop			# network loopback
pseudo-device	gre		2	# generic L3 over IP tunnel

# miscellaneous pseudo-devices
pseudo-device	pty		64	# pseudo-terminals
pseudo-device	sequencer	1	# MIDI sequencer

pseudo-device	rnd			# /dev/random and in-kernel generator

# mouse & keyboard multiplexor pseudo-devices
pseudo-device	wsmux		2

----
Rafal Boni                                                     rafal@pobox.com
  We are all worms.  But I do believe I am a glowworm.  -- Winston Churchill