diff options
author | Gabor Kovesdan <gabor@FreeBSD.org> | 2013-11-07 15:39:28 +0000 |
---|---|---|
committer | Gabor Kovesdan <gabor@FreeBSD.org> | 2013-11-07 15:39:28 +0000 |
commit | 24d129e8d1984a0b46a543bc523b63d216813bb0 (patch) | |
tree | 7dd0501c857c6f2139f4a71191c93bf19136412a /en_US.ISO8859-1/articles/ipsec-must | |
parent | 35f1d6c78be90eb13320d655cd68f94333a0ab26 (diff) | |
download | doc-24d129e8d1984a0b46a543bc523b63d216813bb0.tar.gz doc-24d129e8d1984a0b46a543bc523b63d216813bb0.zip |
- Definitively upgrade to DocBook 5.0
Notes
Notes:
svn path=/projects/db5/; revision=43125
Diffstat (limited to 'en_US.ISO8859-1/articles/ipsec-must')
-rw-r--r-- | en_US.ISO8859-1/articles/ipsec-must/article.xml | 71 |
1 files changed, 30 insertions, 41 deletions
diff --git a/en_US.ISO8859-1/articles/ipsec-must/article.xml b/en_US.ISO8859-1/articles/ipsec-must/article.xml index 80abb023d0..492170a30d 100644 --- a/en_US.ISO8859-1/articles/ipsec-must/article.xml +++ b/en_US.ISO8859-1/articles/ipsec-must/article.xml @@ -1,29 +1,22 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V4.5-Based Extension//EN" - "../../../share/xml/freebsd45.dtd"> - +<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V5.0-Based Extension//EN" + "../../../share/xml/freebsd50.dtd"> <!-- The FreeBSD Documentation Project $FreeBSD$ --> +<article xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:lang="en"> + <info><title>Independent Verification of IPsec Functionality in FreeBSD</title> + -<article lang='en'> - <articleinfo> - <title>Independent Verification of IPsec Functionality in FreeBSD</title> - - <author> - <firstname>David</firstname> - <surname>Honig</surname> - - <affiliation> + <author><personname><firstname>David</firstname><surname>Honig</surname></personname><affiliation> <address><email>honig@sprynet.com</email></address> - </affiliation> - </author> + </affiliation></author> - <pubdate>3 May 1999</pubdate> + <pubdate>1999-05-03</pubdate> - <legalnotice id="trademarks" role="trademarks"> + <legalnotice xml:id="trademarks" role="trademarks"> &tm-attrib.freebsd; &tm-attrib.opengroup; &tm-attrib.general; @@ -36,9 +29,9 @@ know? I describe a method for experimentally verifying that IPsec is working.</para> </abstract> - </articleinfo> + </info> - <sect1 id="problem"> + <sect1 xml:id="problem"> <title>The Problem</title> <para>First, lets assume you have <link linkend="ipsec-install"> @@ -49,7 +42,7 @@ But can you independently confirm it?</para> </sect1> - <sect1 id="solution"> + <sect1 xml:id="solution"> <title>The Solution</title> <para>First, some crypto-relevant info theory:</para> @@ -73,20 +66,18 @@ not encrypted---as the outermost IP header must be if the packet is to be routable.</para> - <sect2 id="MUST"> + <sect2 xml:id="MUST"> <title>MUST</title> <para>Ueli Maurer's <quote>Universal Statistical Test for Random - Bit Generators</quote>(<ulink - url="http://www.geocities.com/SiliconValley/Code/4704/universal.pdf"> - <acronym>MUST</acronym></ulink>) quickly measures the entropy - of a sample. It uses a compression-like algorithm. <link - linkend="code">The code is given below</link> for a variant + Bit Generators</quote>(<link xlink:href="http://www.geocities.com/SiliconValley/Code/4704/universal.pdf"> + <acronym>MUST</acronym></link>) quickly measures the entropy + of a sample. It uses a compression-like algorithm. <link linkend="code">The code is given below</link> for a variant which measures successive (~quarter megabyte) chunks of a file.</para> </sect2> - <sect2 id="tcpdump"> + <sect2 xml:id="tcpdump"> <title>Tcpdump</title> <para>We also need a way to capture the raw network data. A @@ -97,7 +88,7 @@ <para>The command:</para> - <screen><userinput><command>tcpdump</command> -c 4000 -s 10000 -w <replaceable>dumpfile.bin</replaceable></userinput></screen> + <screen><userinput>tcpdump -c 4000 -s 10000 -w dumpfile.bin</userinput></screen> <para>will capture 4000 raw packets to <replaceable>dumpfile.bin</replaceable>. Up to 10,000 bytes per @@ -105,7 +96,7 @@ </sect2> </sect1> - <sect1 id="experiment"> + <sect1 xml:id="experiment"> <title>The Experiment</title> <para>Here is the experiment:</para> @@ -136,8 +127,8 @@ the <quote>normal</quote> connection has 29% (2.1) of the expected value.</para> - <screen>&prompt.user; <userinput>tcpdump -c 4000 -s 10000 -w <replaceable>ipsecdemo.bin</replaceable></userinput> -&prompt.user; <userinput>uliscan <replaceable>ipsecdemo.bin</replaceable></userinput> + <screen>&prompt.user; <userinput>tcpdump -c 4000 -s 10000 -w ipsecdemo.bin</userinput> +&prompt.user; <userinput>uliscan ipsecdemo.bin</userinput> Uliscan 21 Dec 98 L=8 256 258560 @@ -154,7 +145,7 @@ Expected value for L=8 is 7.1836656 </procedure> </sect1> - <sect1 id="caveat"> + <sect1 xml:id="caveat"> <title>Caveat</title> <para>This experiment shows that IPsec <emphasis>does</emphasis> @@ -168,7 +159,7 @@ Expected value for L=8 is 7.1836656 code.</para> </sect1> - <sect1 id="IPsec"> + <sect1 xml:id="IPsec"> <title>IPsec---Definition</title> <para>Internet Protocol security extensions to IPv4; required for @@ -179,7 +170,7 @@ Expected value for L=8 is 7.1836656 message. IPsec encrypts everything between two hosts.</para> </sect1> - <sect1 id="ipsec-install"> + <sect1 xml:id="ipsec-install"> <title>Installing IPsec</title> <para>Most of the modern versions of FreeBSD have IPsec support @@ -189,12 +180,11 @@ Expected value for L=8 is 7.1836656 &man.setkey.8; command.</para> <para>A comprehensive guide on running IPsec on FreeBSD is - provided in <ulink - url="&url.books.handbook;/ipsec.html">FreeBSD - Handbook</ulink>.</para> + provided in <link xlink:href="&url.books.handbook;/ipsec.html">FreeBSD + Handbook</link>.</para> </sect1> - <sect1 id="kernel"> + <sect1 xml:id="kernel"> <title>src/sys/i386/conf/KERNELNAME</title> <para>This needs to be present in the kernel config file in order @@ -205,13 +195,12 @@ Expected value for L=8 is 7.1836656 <programlisting>device bpf</programlisting> </sect1> - <sect1 id="code"> + <sect1 xml:id="code"> <title>Maurer's Universal Statistical Test (for block size=8 bits)</title> - <para>You can find the same code at <ulink - url="http://www.geocities.com/SiliconValley/Code/4704/uliscanc.txt"> - this link</ulink>.</para> + <para>You can find the same code at <link xlink:href="http://www.geocities.com/SiliconValley/Code/4704/uliscanc.txt"> + this link</link>.</para> <programlisting>/* ULISCAN.c ---blocksize of 8 |