From owner-freebsd-net@FreeBSD.ORG  Mon Apr  3 16:12:09 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA18116A425
	for <freebsd-net@freebsd.org>; Mon,  3 Apr 2006 16:12:09 +0000 (UTC)
	(envelope-from sam@errno.com)
Received: from ebb.errno.com (ebb.errno.com [69.12.149.25])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CE65443D53
	for <freebsd-net@freebsd.org>; Mon,  3 Apr 2006 16:12:08 +0000 (GMT)
	(envelope-from sam@errno.com)
Received: from [10.0.0.248] (trouble.errno.com [10.0.0.248])
	(authenticated bits=0)
	by ebb.errno.com (8.13.6/8.12.6) with ESMTP id k33GC7No080444
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 3 Apr 2006 09:12:08 -0700 (PDT) (envelope-from sam@errno.com)
Message-ID: <44314957.4020800@errno.com>
Date: Mon, 03 Apr 2006 09:12:07 -0700
From: Sam Leffler <sam@errno.com>
User-Agent: Thunderbird 1.5 (X11/20060210)
MIME-Version: 1.0
To: "Eric W. Bates" <ericx_lists@vineyard.net>
References: <44313943.1060300@vineyard.net>
In-Reply-To: <44313943.1060300@vineyard.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: hifn errors on console
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2006 16:12:09 -0000

Eric W. Bates wrote:
> I'm running pfsense (an embedded FreeBSD 6.1) on a wrap2C.  I recently
> added a Soekris vpn1411 and am now getting infrequent errors:
> 
> hifn0: rndtest: ones interval 4 failed (382, 251-373)
> hifn0: rndtest: ones interval 1 failed (2663, 2343-2657)
> hifn0: rndtest: zeros interval 5 failed (206, 111-201)
> hifn0: rndtest: ones interval 2 failed (1385, 1135-1365)
> hifn0: rndtest: zeros interval 3 failed (718, 542-708)
> hifn0: rndtest: zeros interval 4 failed (243, 251-373)
> hifn0: rndtest: zeros interval 3 failed (717, 542-708)
> 
> IPSec works fine.  However, I do not know how to tell whether the hifn
> is being used.
> 
> I had no luck with Google.  Can anyone enlighten me?

man rndtest(4).  pfSense has configured the FIPS rng testing module to 
monitor the entropy sent by the h/w to the system prng.  Looks like

sysctl kern.rdntest.verbose=0

will turn off console msgs.

	Sam