OpenBSD 4.2 / Soekris net4801 / vpn1411 - No More 'Corrupted MAC on input' Using OpenSSH
With the release of 4.2 I thought I would check again to see if the vpn1411 still fails with 'Corrupted MAC on input' on a Soekris net4801. I am happy to say that I can no longer reproduce the error using the GENERIC kernel. In the past I could pop up the error within minutes using this simple script: --- #!/bin/sh while true do cat /var/log/messages done --- Last night after about 10 minutes my ssh window was still happily spitting out text, so I opened up four more windows and ran an instance of the script in each window. Eight hours later and there was not a single failure. I was curious if something was recently changed in the Hifn driver. CVS shows that there were two patches put in in the last six weeks, but neither of those are in 4.2. The latest release of OpenBSD appears to be using version 1.152 of the driver, which has been in use for 16 months as far back as OpenBSD 4.0. Does anyone know if this was intentionally fixed, or is this an unintentional byproduct of code being cleaned up somewhere else? Breeno
Re: OpenBSD 4.2 / Soekris net4801 / vpn1411 - No More 'Corrupted MAC on input' Using OpenSSH
Hi, Breen Ouellette schrieb: With the release of 4.2 I thought I would check again to see if the vpn1411 still fails with 'Corrupted MAC on input' on a Soekris net4801. I am happy to say that I can no longer reproduce the error using the GENERIC kernel. Noticed that too, maybe it's this change: * New MAC algorithm available for data integrity in ssh(1), UMAC-64. About 20% faster than HMAC-MD5. See: http://openbsd.org/plus42.html Michael
Re: OpenBSD 4.2 / Soekris net4801 / vpn1411 - No More 'Corrupted MAC on input' Using OpenSSH
Breen Ouellette [EMAIL PROTECTED] wrote: With the release of 4.2 I thought I would check again to see if the vpn1411 still fails with 'Corrupted MAC on input' on a Soekris net4801. I am happy to say that I can no longer reproduce the error using the GENERIC kernel. Does anyone know if this was intentionally fixed, or is this an unintentional byproduct of code being cleaned up somewhere else? There has been no fix for this, on account of nobody having diagnosed the problem in the first place. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: OpenBSD 4.2 / Soekris net4801 / vpn1411 - No More 'Corrupted MAC on input' Using OpenSSH
Michael [EMAIL PROTECTED] wrote: Noticed that too, maybe it's this change: * New MAC algorithm available for data integrity in ssh(1), UMAC-64. About 20% faster than HMAC-MD5. ssh still defaults to hmac-md5. umac-64 isn't used unless you explicitly configure it. -- Christian naddy Weisgerber [EMAIL PROTECTED]
