hostapd/dev/random/dev/urandom
Posted mingyunrangwozoudaoxianzai
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了hostapd/dev/random/dev/urandom相关的知识,希望对你有一定的参考价值。
在使用hostapd做软ap时,出现了random熵不够的问题,导致节点连接不上这个ap。
下面先解释一下/dev/random和/dev/urandom
先让我们从一个工程中遇到的实际问题开始,先上log:
E/hostapd ( 100): random: Cannot readfrom /dev/random: Try again
I/hostapd ( 100): random: Only 0/20bytes of strong random data available from /dev/random
I/hostapd ( 100): random: Not enoughentropy pool available for secure operations
I/hostapd ( 100): WPA: Note[ 22.722265] RTL871X: set group key to hw: alg:2(WEP40-1 WEP104-5TKIP-2 AES-4) keyid:1
nough entropy in random pool to proceed -reject first 4-way handshake
以上是hostapd在接受一个wifi终端的接入鉴权时的一段log,该段log显示,在开始四步握手鉴权时,需要获取随机数,而此时/dev/random却未能够提供足够的随机数熵(entropy),导致鉴权不能正常进行。
那为什么/dev/random不能提供足够的随机数呢,为了解析这个,得从他们的根源分析起。
/dev/random和/dev/urandom是unix系统提供的产生随机数的设备,很多应用都需要使用random设备提供的随机数,比如ssh keys, SSL keys, TCP/IP sequence numbers等等
而random设备的random pool是从基于中断的IRQS里面取值,IRQS跟一些特殊的硬件绑定,基于这些硬件的interrupts将会提供给random设备。
以下模拟一个从/dev/random取值但是/dev/random取不到足够值的情况,这时候取值的进程将会等待,直到得到足够的random 值。
[email protected]:~$ time dd if=/dev/random of=1.dmp bs=1024k count=100 &
[1] 25398
这时dd的进程将会hang住等待足够的random值
[email protected]:~$ ps
PID TTY TIME CMD
24315 pts/11 00:00:00 bash
25398 pts/11 00:00:00 bash
25399 pts/11 00:00:00 dd
25400 pts/11 00:00:00 ps
用strace跟踪dd进程在做什么
[email protected]:~$ sudo strace -p 25399
[sudo] password for rubbitxiao:
Process 25399 attached - interrupt to quit
read(0, "256Yi3142663511366", 1048576) = 8
write(1, "256Yi3142663511366", 8) = 8
read(0, "wYyV264362K23", 1048576) = 8
write(1, "wYyV264362K23", 8) = 8
read(0, "Cm220>uy260376", 1048576) = 8
write(1, "Cm220>uy260376", 8) = 8
read(0, "365217302yk177234244", 1048576) = 8
write(1, "365217302yk177234244", 8) = 8
read(0, "24,226l216203E322", 1048576) = 8
write(1, "24,226l216203E322", 8) = 8
read(0, "t27327237
2432164", 1048576) = 8
write(1, "t27327237
2432164", 8) = 8
read(0, "232x
337M313/", 1048576) = 8
write(1, "232x
337M313/", 8) = 8
read(0, "227251212264o30~327", 1048576) = 8
write(1, "227251212264o30~327", 8) = 8
read(0, "y2120213cAS260", 1048576) = 8
write(1, "y2120213cAS260", 8) = 8
read(0, "p3553563033635350206323", 1048576) = 9
write(1, "p3553563033635350206323", 9) = 9
read(0, "&1b32262L33310", 1048576) = 9
write(1, "&1b32262L33310", 9) = 9
read(0, "O30372374 -736", 1048576) = 8
write(1, "O30372374 -736", 8) = 8
read(0, "]27722364260217254>", 1048576) = 8
write(1, "]27722364260217254>", 8) = 8
read(0, "R,�227307300275}", 1048576) = 8
write(1, "R,�227307300275}", 8) = 8
read(0, "p^356V&7223w271", 1048576) = 9
write(1, "p^356V&7223w271", 9) = 9
read(0, "t267325_7227303313", 1048576) = 8
write(1, "t267325_7227303313", 8) = 8
read(0, "216DA_340211 s", 1048576) = 8
write(1, "216DA_340211 s", 8) = 8
read(0, "jl366D125o315<", 1048576) = 9
write(1, "jl366D125o315<", 9) = 9
read(0, "37526625336234255I
", 1048576) = 8
write(1, "37526625336234255I
", 8) = 8
read(0, "h216j3046315>{", 1048576) = 8
write(1, "h216j3046315>{", 8) = 8
read(0, "27026733S314354= ", 1048576) = 8
write(1, "27026733S314354= ", 8) = 8
read(0, ");361356363316_242", 1048576) = 8
... ...
write(1, "V261373h267�104+", 8) = 8
read(0, "4327335S30424243362", 1048576) = 8
write(1, "4327335S30424243362", 8) = 8
read(0, "0�b27363\217"", 1048576) = 8
write(1, "0�b27363\217"", 8) = 8
close(0) = 0
close(1) = 0
write(2, "0+100 records in
0+100 records o"..., 350+100 records in
0+100 records out
) = 35
write(2, "807 bytes (807 B) copied", 24807 bytes (807 B) copied) = 24
write(2, ", 1407.68 s, 0.0 kB/s
", 22, 1407.68 s, 0.0 kB/s
) = 22
close(2) = 0
exit_group(0) = ?
Process 25399 detached
real 23m27.695s
user 0m0.012s
sys 0m0.000s
[1]+ Done time dd if=/dev/random of=1.dmp bs=1024k count=100
以上可以看出,从/dev/random读取(100*1024K个)随机数,由于中间会阻塞(dd hang),所以总计花了23分钟27秒才完成。为什么会花费这么长的时间,因为它的随机数的提供是依赖与外部中断事件的,如果没有足够多中断事件,就会阻塞,其实为了加速/dev/random提供随机数的速度,你可以通过操作设备的外设,让其产生大量的中断(如网络传输数据,按键,移动鼠标等)。
是否有足够的熵来用于产生随机数,可以通过如下命令来查看:
cat /proc/sys/kernel/random/entropy_avail
[email protected]:~$ cat /proc/sys/kernel/random/entropy_avail
277
接下来我们看/dev/urandom,从它那里取同样多的随机数,
[email protected]:~$
[email protected]:~$ time dd if=/dev/urandom of=1.dmp bs=1024k count=100
100+0 records in
100+0 records out
104857600 bytes (105 MB) copied, 6.38387 s, 16.4 MB/s
real 0m6.385s
user 0m0.000s
sys 0m6.364s
[email protected]:~$
却只需要花费6.385秒,同样的机器上,/dev/urandom不受interrupts的限制,即使没有足够的interrupt它也能通过 random number generator产生足够的输出值,所以它不会导致dd hang
至此可以看出/dev/urandom与/dev/random的区别,前者不受外部中断的影响,照样可以产生随机数,而后者则受系统外部中断的影响,所以如果取较多随机数,可能会导致应用会hang住。在我们开篇的那个log,就是属于这个问题。
还遇见了这个问题,log如下
Configuration file: /etc/hostapd/hostapd.conf
Using interface wlp4s0 with hwaddr 3c:33:00:f6:67:2b and ssid "Codz"
random: Cannot read from /dev/random: Resource temporarily unavailable
random: Only 0/20 bytes of strong random data available from /dev/random
random: Not enough entropy pool available for secure operations
WPA: Not enough entropy in random pool for secure operations - update keys later when the first station connects
wlp4s0: interface state UNINITIALIZED->ENABLED
wlp4s0: AP-ENABLED
总得来说都是random出了问题,最终的解决方法是:
mv /dev/random /dev/random.orig
ln -s /dev/urandom /dev/random
使用urandom产生随机数
本文摘录了https://blog.csdn.net/xiaojsj111/article/details/24366127的一些内容
以上是关于hostapd/dev/random/dev/urandom的主要内容,如果未能解决你的问题,请参考以下文章