The translation is temporarily closed for contributions due to maintenance, please come back later.
Context English State
_ translator-credits
<personname><firstname>David</firstname><surname>Honig</surname></personname><affiliation> <_:address-1/> </affiliation>
FreeBSD is a registered trademark of the FreeBSD Foundation.
Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries.
$FreeBSD: head/en_US.ISO8859-1/articles/ipsec-must/article.xml 52227 2018-09-06 01:30:47Z ebrandi $
First, lets assume you have <link linkend="ipsec-install"> installed <emphasis>IPsec</emphasis></link>. How do you know it is <link linkend="caveat">working</link>? Sure, your connection will not work if it is misconfigured, and it will work when you finally get it right. <citerefentry><refentrytitle>netstat</refentrytitle><manvolnum>1</manvolnum></citerefentry> will list it. But can you independently confirm it?
Ueli Maurer's <quote>Universal Statistical Test for Random Bit Generators</quote>(<link xlink:href="https://web.archive.org/web/20011115002319/http://www.geocities.com/SiliconValley/Code/4704/universal.pdf"> <acronym>MUST</acronym></link>) quickly measures the entropy of a sample. It uses a compression-like algorithm. <link linkend="code">The code is given below</link> for a variant which measures successive (~quarter megabyte) chunks of a file.
Tcpdump
We also need a way to capture the raw network data. A program called <citerefentry><refentrytitle>tcpdump</refentrytitle><manvolnum>1</manvolnum></citerefentry> lets you do this, if you have enabled the <emphasis>Berkeley Packet Filter</emphasis> interface in your <link linkend="kernel">kernel's config file</link>.
<userinput>tcpdump -c 4000 -s 10000 -w <replaceable>dumpfile.bin</replaceable></userinput>
<prompt>%</prompt> <userinput>tcpdump -c 4000 -s 10000 -w <replaceable>ipsecdemo.bin</replaceable></userinput>
<prompt>%</prompt> <userinput>uliscan <replaceable>ipsecdemo.bin</replaceable></userinput>

Uliscan 21 Dec 98
L=8 256 258560
Measuring file ipsecdemo.bin
Init done
Expected value for L=8 is 7.1836656
6.9396 --------------------------------------------------------
6.6177 -----------------------------------------------------
6.4100 ---------------------------------------------------
2.1101 -----------------
2.0838 -----------------
2.0983 -----------------
src/sys/i386/conf/KERNELNAME
device bpf
/*
ULISCAN.c ---blocksize of 8

1 Oct 98
1 Dec 98
21 Dec 98 uliscan.c derived from ueli8.c

This version has // comments removed for Sun cc

This implements Ueli M Maurer's "Universal Statistical Test for Random
Bit Generators" using L=8

Accepts a filename on the command line; writes its results, with other
info, to stdout.

Handles input file exhaustion gracefully.

Ref: J. Cryptology v 5 no 2, 1992 pp 89-105
also on the web somewhere, which is where I found it.

-David Honig
honig@sprynet.com

Usage:
ULISCAN filename
outputs to stdout
*/

#define L 8
#define V (1&lt;&lt;L)
#define Q (10*V)
#define K (100 *Q)
#define MAXSAMP (Q + K)

#include &lt;stdio.h&gt;
#include &lt;math.h&gt;

int main(argc, argv)
int argc;
char **argv;
{
FILE *fptr;
int i,j;
int b, c;
int table[V];
double sum = 0.0;
int iproduct = 1;
int run;

extern double log(/* double x */);

printf("Uliscan 21 Dec 98 \nL=%d %d %d \n", L, V, MAXSAMP);

if (argc &lt; 2) {
printf("Usage: Uliscan filename\n");
exit(-1);
} else {
printf("Measuring file %s\n", argv[1]);
}

fptr = fopen(argv[1],"rb");

if (fptr == NULL) {
printf("Can't find %s\n", argv[1]);
exit(-1);
}

for (i = 0; i &lt; V; i++) {
table[i] = 0;
}

for (i = 0; i &lt; Q; i++) {
b = fgetc(fptr);
table[b] = i;
}

printf("Init done\n");

printf("Expected value for L=8 is 7.1836656\n");

run = 1;

while (run) {
sum = 0.0;
iproduct = 1;

if (run)
for (i = Q; run &amp;&amp; i &lt; Q + K; i++) {
j = i;
b = fgetc(fptr);

if (b &lt; 0)
run = 0;

if (run) {
if (table[b] &gt; j)
j += K;

sum += log((double)(j-table[b]));

table[b] = i;
}
}

if (!run)
printf("Premature end of file; read %d blocks.\n", i - Q);

sum = (sum/((double)(i - Q))) / log(2.0);
printf("%4.4f ", sum);

for (i = 0; i &lt; (int)(sum*8.0 + 0.50); i++)
printf("-");

printf("\n");

/* refill initial table */
if (0) {
for (i = 0; i &lt; Q; i++) {
b = fgetc(fptr);
if (b &lt; 0) {
run = 0;
} else {
table[b] = i;
}
}
}
}
}