equivalents. name change suggested by Klaus Klein <kjk@netbsd.org>
- change defined(BSD4_4) || HAVE_SIN_LEN tests into HAVE_SOCKADDR_SA_LEN,
and set the latter if BSD4_4 exists
reject the following sources:
0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 255.0.0.0/8
ff00::/8 ::/128
::ffff:0.0.0.0/96 and ::0.0.0.0/96 obeys IPv4 rule.
hint from deraadt.
- print-telnet.c: do not print control character
- print-icmp6.c: improve icmp6 node information printing
(we need to at least meet our kernel code!)
- update dhcp6 printing to 15 draft (14 and 15 are totally incompatible)
- add safeputc() and safeputs() into util.c
fine as was, the result was the line `start_precmd=start_precmd' which
looked odd. Pointed out by Bernd Ernesti.
While here, add NetBSD RCS Id.
BTW, to clarify, as people have asked: this script does not support
pkgsrc/security/sshd -- that package comes with a perfectly fine rc script
which in addition to supporting /etc/rc.d can also be used with 1.4.X.
This script will not trivially work with the ssh package as it a.) calls
the ssh commands at the pathnames they will be installed at by usr.bin/ssh,
and b.) generates a DSA key as well as an RSA key.
fails, return EIO instead.
- iplioctl(): If performing a NAT operation, and IP Filter is not
yet initialized (e.g. by `ipf -E'), enable it implicitly before
doing the NAT operation.
on ${SSHDIST}, as with usr.bin/ssh itself.
This script includes a `keygen' target for regenerating RSA and DSA host keys,
and invokes this if these keys are not present when sshd is started up.
routines from OpenSSL. Speeds up DSA significantly. A similar
gain should also be seen for RSA.
Before:
Doing 512 bit sign dsa's for 10s: 965 512 bit DSA signs in 9.97s
Doing 512 bit verify dsa's for 10s: 766 512 bit DSA verify in 9.93s
Doing 1024 bit sign dsa's for 10s: 276 1024 bit DSA signs in 9.99s
Doing 1024 bit verify dsa's for 10s: 217 1024 bit DSA verify in 9.93s
sign verify sign/s verify/s
dsa 512 bits 0.0103s 0.0130s 96.8 77.1
dsa 1024 bits 0.0362s 0.0458s 27.6 21.9
After:
Doing 512 bit sign dsa's for 10s: 3742 512 bit DSA signs in 9.88s
Doing 512 bit verify dsa's for 10s: 3065 512 bit DSA verify in 9.92s
Doing 1024 bit sign dsa's for 10s: 1357 1024 bit DSA signs in 9.99s
Doing 1024 bit verify dsa's for 10s: 1094 1024 bit DSA verify in 9.83s
sign verify sign/s verify/s
dsa 512 bits 0.0026s 0.0032s 378.7 309.0
dsa 1024 bits 0.0074s 0.0090s 135.8 111.3
Before:
Doing rmd160 for 3s on 8 size blocks: 778828 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 430214 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 182108 rmd160's in 3.00s
Doing rmd160 for 3s on 1024 size blocks: 55050 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 7339 rmd160's in 3.00s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
rmd160 2076.87k 9177.90k 15539.88k 18790.40k 20040.36k
After:
Doing rmd160 for 3s on 8 size blocks: 1084941 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 617966 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 267381 rmd160's in 2.99s
Doing rmd160 for 3s on 1024 size blocks: 82001 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 10974 rmd160's in 3.00s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
rmd160 2893.18k 13183.27k 22892.82k 27989.67k 29966.34k
