The translation is temporarily closed for contributions due to maintenance, please come back later.

Source string Read only

(itstool) path: legalnotice/para
Context English State
_ translator-credits
Independent Verification of IPsec Functionality in FreeBSD
<personname><firstname>David</firstname><surname>Honig</surname></personname><affiliation> <_:address-1/> </affiliation>
FreeBSD is a registered trademark of the FreeBSD Foundation.
Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the <quote>™</quote> or the <quote>®</quote> symbol.
$FreeBSD: head/en_US.ISO8859-1/articles/ipsec-must/article.xml 52227 2018-09-06 01:30:47Z ebrandi $
You installed IPsec and it seems to be working. How do you know? I describe a method for experimentally verifying that IPsec is working.
The Problem
First, lets assume you have <link linkend="ipsec-install"> installed <emphasis>IPsec</emphasis></link>. How do you know it is <link linkend="caveat">working</link>? Sure, your connection will not work if it is misconfigured, and it will work when you finally get it right. <citerefentry><refentrytitle>netstat</refentrytitle><manvolnum>1</manvolnum></citerefentry> will list it. But can you independently confirm it?
The Solution
First, some crypto-relevant info theory:
Encrypted data is uniformly distributed, i.e., has maximal entropy per symbol;
Raw, uncompressed data is typically redundant, i.e., has sub-maximal entropy.
Suppose you could measure the entropy of the data to- and from- your network interface. Then you could see the difference between unencrypted data and encrypted data. This would be true even if some of the data in <quote>encrypted mode</quote> was not encrypted---as the outermost IP header must be if the packet is to be routable.
Ueli Maurer's <quote>Universal Statistical Test for Random Bit Generators</quote>(<link xlink:href=""> <acronym>MUST</acronym></link>) quickly measures the entropy of a sample. It uses a compression-like algorithm. <link linkend="code">The code is given below</link> for a variant which measures successive (~quarter megabyte) chunks of a file.
We also need a way to capture the raw network data. A program called <citerefentry><refentrytitle>tcpdump</refentrytitle><manvolnum>1</manvolnum></citerefentry> lets you do this, if you have enabled the <emphasis>Berkeley Packet Filter</emphasis> interface in your <link linkend="kernel">kernel's config file</link>.
The command:
Component Translation Difference to current string
This translation Translated FreeBSD Doc (Archived)/articles_ipsec-must
The following strings have the same context and source.
Translated FreeBSD Doc (Archived)/articles_explaining-bsd
Translated FreeBSD Doc (Archived)/books_faq
Translated FreeBSD Doc (Archived)/articles_freebsd-questions
Translated FreeBSD Doc (Archived)/books_developers-handbook
Translated FreeBSD Doc (Archived)/books_handbook
Translated FreeBSD Doc (Archived)/articles_fonts
Translated FreeBSD Doc (Archived)/articles_new-users
Translated FreeBSD Doc (Archived)/articles_pam
Translated FreeBSD Doc (Archived)/articles_vm-design


No matching activity found.

Browse all component changes

Things to check

Multiple failing checks

Following checks are failing:
Unchanged translation: Spanish, Portuguese (Brazil)


Source information

Source string comment
(itstool) path: legalnotice/para
Source string location
String age
a year ago
Source string age
a year ago
Translation file
articles/ipsec-must.pot, string 7