# Bad packet length, ssh [SOLVED]

## jurgen69

Hi,

I'm not sure where to start so please bare with me.

I'm using a Gentoo based distro called Gen2vdr. This is as the name suggests a pre-compiled binary with VDR installed.

I am having trouble with SSH. I can connect to my boxes using Putty from a windows desktop, but I'm unable to SSH directly between each box.

I've read up about 'bad packet length' via google, this brings up loads of info, mainly to do with using different versions of openssl. I'm using the same version on both machines.

When I putty into my Qnap NAS (a linux based box) I can't connect to either box using SSH.

So to summarize, I can't connect to any linux device using SSH. I understand that this can also be caused by garbage caused by a login message.

My question is where do I start?

Thanks in advance (hopeful)Last edited by jurgen69 on Fri Jan 22, 2010 9:52 pm; edited 1 time in total

----------

## Hu

Verify with tcpdump that the systems are sending well-formed OpenSSH messages.  You will not be able to see the contents, but Wireshark can probably flag any gross violations, such as speaking a plaintext protocol where an encrypted one is expected.

Run ssh and/or sshd with the verbosity turned up.

Tell us the versions of net-misc/openssh and all its dependencies, on all the systems.

----------

## jurgen69

Hi,

Thanks for your reply, the version of net-misc/openssh is OpenSSH_5.1p1, not sure how I know which dependencies.

When I run tcpdump it returns no packets dropped by kernel

I can't emerge net-analyser/wireshark, I get this error message: Failed to emerge net-analyzer/wireshark-1.2.1

This is the output of ssh -vvv

OpenSSH_5.1p1, OpenSSL 0.9.8k 25 Mar 2009

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: identity file /root/.ssh/identity type -1

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6

debug1: match: OpenSSH_4.6 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.1

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_setup: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_setup: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 127/256

debug2: bits set: 1030/2048

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 3

debug1: Host '192.168.0.101' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:3

debug2: bits set: 1020/2048

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

Disconnecting: Bad packet length 752818811.

Can you suggest a different pack analyser to wireshark?

Thanks for your help.

----------

## Hu

 *jurgen69 wrote:*   

> the version of net-misc/openssh is OpenSSH_5.1p1, not sure how I know which dependencies.

 Your system is either a very uncommon architecture or it is very out of date.  All architectures except mips, sparc-fbsd, and x86-fbsd have a 5.2 series of openssh keyworded stable as of last week.  The easiest way to get the dependencies, though this is slightly overkill, is to run emerge --pretend --verbose --emptytree --tree net-misc/openssh.  Please also provide the output of emerge --info, so we can understand why you have an old version installed.

 *jurgen69 wrote:*   

> When I run tcpdump it returns no packets dropped by kernel

 How did you invoke it?  Did you listen on the correct interface?  Did you leave it running while you ran the ssh command?

 *jurgen69 wrote:*   

> I can't emerge net-analyser/wireshark, I get this error message: Failed to emerge net-analyzer/wireshark-1.2.1

 If you need support, please post the topmost error.  Also, that is an old version of Wireshark.  It is so old that it has been removed from the tree!  Version 1.2.5 is available and stable on all the common architectures that Wireshark supports.

 *jurgen69 wrote:*   

> Can you suggest a different pack analyser to wireshark?

 net-analyze/tcpdump can also provide hexadecimal or ASCII dumps of the traffic, but I prefer Wireshark because it can present the data in a much more readable form.

----------

## jurgen69

This is the output from emerge --pretend --verbose --emptytree --tree net-misc/openssh

```

These are the packages that would be merged, in reverse order:

Calculating dependencies  ... done!

!!! All ebuilds that could satisfy ">=sys-libs/glibc-2.7" have been masked.

!!! One of the following masked packages is required to complete your request:

- sys-libs/glibc-2.10.1 (masked by: package.mask, ~x86 keyword)

/etc/portage/package.mask:

# glibc > 2.5 will break em84xx

- sys-libs/glibc-2.9_p20081201-r3 (masked by: package.mask, ~x86 keyword)

- sys-libs/glibc-2.9_p20081201-r2 (masked by: package.mask)

- sys-libs/glibc-2.9_p20081201-r1 (masked by: package.mask, ~x86 keyword)

- sys-libs/glibc-2.9_p20081201 (masked by: package.mask, ~x86 keyword)

- sys-libs/glibc-2.8_p20080602-r1 (masked by: package.mask)

- sys-libs/glibc-2.8_p20080602 (masked by: package.mask, ~x86 keyword)

- sys-libs/glibc-2.7-r2 (masked by: package.mask, ~x86 keyword)

For more information, see the MASKED PACKAGES section in the emerge

man page or refer to the Gentoo Handbook.

(dependency required by "sys-libs/pam-1.1.0" [ebuild])

(dependency required by "sys-auth/pambase-20090620.1-r1" [ebuild])

(dependency required by "net-misc/openssh-5.2_p1-r3" [ebuild])

(dependency required by "net-misc/openssh" [argument])

```

and this is the output from emerge --info

```

Portage 2.1.6.4 (default/linux/x86/2008.0/developer, gcc-4.1.2, glibc-2.5-r4, 2.6.23.17-gentoo i686)

=================================================================

System uname: Linux-2.6.23.17-gentoo-i686-VIA_Nehemiah-with-glibc2.0

Timestamp of tree: Thu, 08 Oct 2009 14:30:17 +0000

distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]

ccache version 2.4 [enabled]

app-shells/bash:     3.2_p33

dev-java/java-config: 1.3.7, 2.1.6

dev-lang/python:     2.5.2-r7

dev-python/pycrypto: 2.0.1-r6

dev-util/ccache:     2.4-r7

dev-util/cmake:      2.4.6-r1

sys-apps/baselayout: 1.12.11.1

sys-apps/sandbox:    1.2.18.1-r2

sys-devel/autoconf:  2.61-r2

sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1

sys-devel/binutils:  2.18-r3

sys-devel/gcc-config: 1.4.0-r4

sys-devel/libtool:   1.5.26

virtual/os-headers:  2.6.23-r3

ACCEPT_KEYWORDS="x86"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer -fforce-addr -falign-functions=4 -fprefetch-loop-arrays -ffast-math"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/lib/X11/xkb"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"

CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer -fforce-addr -falign-functions=4 -fprefetch-loop-arrays -ffast-math"

DISTDIR="/usr/portage/distfiles"

FEATURES="ccache collision-protect cvs digest distlocks fixpackages multilib-strict parallel-fetch protect-owned sandbox sfperms sign strict unmerge-orphans userfetch userpriv usersandbox"

GENTOO_MIRRORS="ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp.gentoo.skynet.be/pub/gentoo/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"

LANG="en_US"

LC_ALL="en_GB"

LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s"

LINGUAS="en"

PKGDIR="/usr/portage/packages"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/usr/local/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="X a52 aac acl acpi alsa amr amrnb amrwb apache2 automount berkdb bluetooth bzip2 cardbus cddb cdr cli cracklib crypt dbus dmx dri dv dvb dvd dvdr dvdread eds emboss encode evo exif fam fbcon fbcondecor ffmpeg fftw firefox flac fortran ftp gd gdbm gif gpm gstreamer gtk hal hddtemp iconv ieee1394 imagemagick imap imlib ipod ipv6 irda isdnlog ithreads java joystick jpeg kde latin1 lcms libnotify libwww lirc lm_sensors logrotate mad mailwrapper midi mikmod mmx mp2 mp3 mp4 mp4live mpeg mplayer mudflap mysql ncurses network nls nptl ogg openmp oss pam pcre pda pdf perl php png ppds pppd python qt3 qt3support quicktime rdesktop readline reflection samba scanner sdl session slang sndfile snmp spell spl sse ssl startup-notification svg svga sysfs tcpd theora tiff transcode truetype unicode usb v4l v4l2 vcd vorbis wifi win32codecs x264 x86 xcomposite xine xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="joystick keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text cfontzpacket cwlinux eyeboxone graphlcd icpa106 imon iowarrior lcterm md8800 ms6931 mtcs16209x noritakevfd pyramid sed1330 sed1520 serialvfd sli stv5730 svga t6963 tyan xosd" LINGUAS="en" LIRC_DEVICES="all" USERLAND="GNU" VIDEO_CARDS="fbdev fglrx i810 mga nv nvidia r128 radeon s3 savage sis via v4l vesa vga vmware voodoo"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

```

I have read up on tcpdump and I'm now invoking tcpdump with the following command:

```

tcpdump -ni eth0 -w file.cap portrange 22

```

If I look at the output "file.cap" when using SSH I get the following:

```

ÔÃ²¡^B^@^D^@^@^@^@^@^@^@^@^@`^@^@^@^A^@^@^@Y^ÓTK^È*^A^@J^@^@^@J^@^@^@^@^H^Û¬^Ò^$

^@      ýJ^@^@^@^@^A^C^C^EY^ÓTK^M+^A^@J^@^@^@J^@^@^@^@@cÙ Å^@^H^Û¬^Ò^K^H^@E^@^@$

^_\1^Ú ^R^V y^M^@^@^B^D^E´^D^B^H

^H^ß^DÌ^@       ýJ^A^C^C^BY^ÓTK<+^A^@B^@^@^@B^@^@^@^@^H^Û¬^Ò^K^@@cÙ Å^H^@E^@^@4$

^@      ýJ^H^ß^DÌY^ÓTK^Þ~^B^@V^@^@^@V^@^@^@^@@cÙ Å^@^H^Û¬^Ò^K^H^@E^@^@H³Ç@^@@^F$

^H^ß^DÕ^@       ýJSSH-2.0-OpenSSH_4.6

Y^ÓTKM^?^B^@B^@^@^@B^@^@^@^@^H^Û¬^Ò^K^@@cÙ Å^H^@E^@^@4ÌÕ@^@@^FëÔÀ¨^@dÀ¨^@eÆ³^@^$

^@      ý¡^H^ß^DÕY^ÓTKz^À^B^@W^@^@^@W^@^@^@^@^H^Û¬^Ò^K^@@cÙ Å^H^@E^@^@IÌÖ@^@@^F$

^@      ý¢^H^ß^DÕSSH-2.0-OpenSSH_5.1

Y^ÓTKè^À^B^@B^@^@^@B^@^@^@^@@cÙ Å^@^H^Û¬^Ò^K^H^@E^@^@4³É@^@@^F^DáÀ¨^@eÀ¨^@d^@^V$

^H^ß^DÕ^@       ý¢Y^ÓTKo^Ã^B^@`^@^@^@Z^C^@^@^@^H^Û¬^Ò^K^@@cÙ Å^H^@E^@^CLÌ×@^@@^$

^@      ý¢^H^ß^DÕ^@^@^C^T^H^T°l¹^ÏO¯ê^Ð$,áÔ^A^Öi©^@^@^@~diffY^ÓTK/^Ä^B^@B^@^@^@$

^H^ß^DÕ^@       ý¢Y^ÓTKë^Å^B^@`^@^@^@*^C^@^@^@@cÙ Å^@^H^Û¬^Ò^K^H^@E^@^C^\³Í@^@@$

^H^ß^DÕ^@       ý¢^@^@^Bä

^TMþ%.ªçgg¨ÅDÆ^ÂÀ^\T^@^@^@~diffY^ÓTK¦^Ç^B^@Z^@^@^@Z^@^@^@^@^H^Û¬^Ò^K^@@cÙ Å^H^@$

^@      ý£^H^ß^DÕ^@^@^@^T^F"^@^@^D^@^@^@^D^@^@^@ ^@^@^@^@^@^@^@Y^ÓTKÕ^Ð^B^@`^@^$

^H^ß^DÕ^@       ý£^@^@^A^T^H^_^@^@^A^A^@ÿÿÿÿÿÿÿÿÉ^OÚ¢!hÂ4ÄÆbY^ÓTKÎ"^C^@`^@^@^@R$

^@      ýË^H^ß^DÕ^@^@^A^L^F ^@^@^A^@^[^[U+¾@=A^Ò#¹^ÉÐ-w¶B^ÚQ^DY^ÓTK¹¶^C^@B^@^@^$

^H^ß^DÝ^@       ýËY^ÓTK²^^H^@`^@^@^@^Ò^C^@^@^@@cÙ Å^@^H^Û¬^Ò^K^H^@E^@^C^Ä³Ó@^@@$

```

There is some readable text in there, is this the problem?

There are also no dropped packets:

```

0 packets dropped by kernel

```

I've resolved my wireshark issue with:

```

emerge --sync

```

And I've emerged the current version, but I only have access to the command line on this machine, and I'm still reading about how to use this tool.

Thanks for your help with this.

----------

## Hu

It is expected that the pcap file be primarily binary.  It is possible that there will be some text in it.  You should clean up your CFLAGS and CXXFLAGS, update your system to current, and then resume chasing this problem.  Between being three months out of date and having some questionable flags, in particular -ffast-math, I am reluctant to trust that your system is in a good enough state to be worth further investigation at the moment.

For Wireshark, you can run it over X forwarding if you have a GUI elsewhere.

----------

## jurgen69

Hi,

I've update my Portage tree & profile, I've also replaced the out of date configuration files in /etc.

I've changed my CFLAGS/CXXFLAGS (I hope I've got some more sensible flags in here), & emerged -e world, I've also emerge net-misc/openssh and now have net-misc/openssh-5.2_p1-r3

This appears to have cured the problem. 

Is there anything else that I should be looking to update?

Here is my latest emerge --info:

```

Portage 2.1.6.13 (default/linux/x86/10.0/developer, gcc-4.1.2, glibc-2.5-r4, 2.6.23.17-gentoo i686)

=================================================================

System uname: Linux-2.6.23.17-gentoo-i686-VIA_Nehemiah-with-glibc2.0

Timestamp of tree: Tue, 19 Jan 2010 23:00:01 +0000

distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]

ccache version 2.4 [enabled]

app-shells/bash:     3.2_p33

dev-java/java-config: 1.3.7, 2.1.6

dev-lang/python:     2.5.2-r7

dev-python/pycrypto: 2.0.1-r6

dev-util/ccache:     2.4-r7

dev-util/cmake:      2.4.6-r1

sys-apps/baselayout: 1.12.11.1

sys-apps/sandbox:    1.2.18.1-r2

sys-devel/autoconf:  2.61-r2

sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1

sys-devel/binutils:  2.18-r3

sys-devel/gcc-config: 1.4.0-r4

sys-devel/libtool:   1.5.26

virtual/os-headers:  2.6.23-r3

ACCEPT_KEYWORDS="x86"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-march=c3-2 -O2 -pipe -fomit-frame-pointer"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/lib/X11/xkb"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"

CXXFLAGS="-march=c3-2 -O2 -pipe -fomit-frame-pointer"

DISTDIR="/usr/portage/distfiles"

FEATURES="ccache collision-protect cvs digest distlocks fixpackages multilib-strict parallel-fetch protect-owned sandbox sfperms sign strict test unmerge-orphans userfetch userpriv usersandbox"

GENTOO_MIRRORS="ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp.gentoo.skynet.be/pub/gentoo/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"

LANG="en_US"

LC_ALL="en_GB"

LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s"

LINGUAS="en"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/usr/local/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="X a52 aac acl acpi alsa amr amrnb amrwb apache2 automount berkdb bluetooth bzip2 cardbus cddb cdr cli cracklib crypt cxx dbus dmx dri dts dv dvb dvd dvdr dvdread eds emboss encode evo exif fam fbcon fbcondecor ffmpeg fftw firefox flac fortran ftp gd gdbm gif gpm gstreamer gtk hal hddtemp iconv ieee1394 imagemagick imap imlib ipod ipv6 irda ithreads java joystick jpeg kde latin1 lcms libnotify libwww lirc lm_sensors logrotate mad mikmod mmx mng modules mp2 mp3 mp4 mp4live mpeg mplayer mudflap mysql ncurses network nls nptl ogg openmp oss pam pcre pda pdf perl php png ppds pppd python qt3 qt3support quicktime rdesktop readline reflection samba scanner sdl session slang sndfile snmp spell spl sse ssl startup-notification svg svga sysfs tcpd theora thunar tiff transcode truetype unicode usb v4l v4l2 vcd vorbis wifi win32codecs x264 x86 xcomposite xine xml xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="joystick keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text cfontzpacket cwlinux eyeboxone graphlcd icpa106 imon iowarrior lcterm md8800 ms6931 mtcs16209x noritakevfd pyramid sed1330 sed1520 serialvfd sli stv5730 svga t6963 tyan xosd" LINGUAS="en" LIRC_DEVICES="all" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev fglrx i810 mga nv nvidia r128 radeon s3 savage sis via v4l vesa vga vmware voodoo"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

```

Many Thanks for your help in steering me in the right direction.

----------

## Hu

Those flags look much better.  Some of the ones you used before can break some forms of valid code, but are provided because there also exists valid code which benefits from the change.  In particular, -ffast-math can improve performance by deviating from standard IEEE rules, at the price of correctness for some algorithms.

I think your system is in good shape now.  I suggest trying to update world at least once every couple of months.

----------

## jurgen69

Thanks Hu, You've helped me loads with this.

----------

