From owner-freebsd-net@FreeBSD.ORG Fri Apr 7 17:51:46 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0551A16A405 for ; Fri, 7 Apr 2006 17:51:46 +0000 (UTC) (envelope-from ericx_lists@vineyard.net) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9642A43D46 for ; Fri, 7 Apr 2006 17:51:45 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 7247E9154A for ; Fri, 7 Apr 2006 13:51:42 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 94785-01-36 for ; Fri, 7 Apr 2006 13:51:42 -0400 (EDT) Received: from [204.17.195.113] (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 36DEE9152C for ; Fri, 7 Apr 2006 13:51:42 -0400 (EDT) Message-ID: <4436A7AF.2040101@vineyard.net> Date: Fri, 07 Apr 2006 13:55:59 -0400 From: "Eric W. Bates" Organization: Vineyard.NET, Inc. User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051212) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <44313943.1060300@vineyard.net> <44314957.4020800@errno.com> In-Reply-To: <44314957.4020800@errno.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET Subject: Re: hifn errors on console X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2006 17:51:46 -0000 Sam Leffler wrote: > Eric W. Bates wrote: > >> I'm running pfsense (an embedded FreeBSD 6.1) on a wrap2C. I recently >> added a Soekris vpn1411 and am now getting infrequent errors: >> >> hifn0: rndtest: ones interval 4 failed (382, 251-373) >> hifn0: rndtest: ones interval 1 failed (2663, 2343-2657) >> hifn0: rndtest: zeros interval 5 failed (206, 111-201) >> hifn0: rndtest: ones interval 2 failed (1385, 1135-1365) >> hifn0: rndtest: zeros interval 3 failed (718, 542-708) >> hifn0: rndtest: zeros interval 4 failed (243, 251-373) >> hifn0: rndtest: zeros interval 3 failed (717, 542-708) >> >> IPSec works fine. However, I do not know how to tell whether the hifn >> is being used. >> >> I had no luck with Google. Can anyone enlighten me? > > > man rndtest(4). pfSense has configured the FIPS rng testing module to > monitor the entropy sent by the h/w to the system prng. Looks like > > sysctl kern.rdntest.verbose=0 > > will turn off console msgs. I guess I want to follow up on this a bit. It seems that rndtest is unsatisfied with the degree of randomness presented by the card. Is that randomness used to produce /dev/random? Is this an indication of a fault with the card? How does such a card "create"/"collect" entropy? Is there anything I can do to improve the situation? Thanks. btw: adding a similar card (Soekris VPN 1410 -- PCI not mini-pci) to a full size motherboard running 6.0-RELEASE-p6 produces the same errors. > Sam > >