Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Sep 2004 19:54:26 -0700
From:      Brooks Davis <brooks@one-eyed-alien.net>
To:        jason <jason@ec.rr.com>
Cc:        current@freebsd.org
Subject:   Re: FreeBSD 5.3 Bridge performance take II
Message-ID:  <20040910025425.GA7425@odin.ac.hmc.edu>
In-Reply-To: <4141034C.1080700@ec.rr.com>
References:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA0VcX9IoJqUaXPS8MjT1PdsKAAAAQAAAAgcC6P5K6r0GGsZ6hnDUsHgEAAAAA@telia.com> <4141034C.1080700@ec.rr.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On Thu, Sep 09, 2004 at 09:28:44PM -0400, jason wrote:
> Daniel Eriksson wrote:
> 
> >Robert Watson wrote:
> >
> > 
> >
> >>If you're not already disabling harvesting of entropy on interrupts and
> >>in network processing, you really want to for performance purposes.
> >>   
> >>
> >
> >How do I disable this without causing entropy starvation for "typical" use
> >cases (ssl? ssh?)? I googled a bit and found nothing at all about how to
> >disable excessive harvesting.
> >
> ># sysctl -a | grep harvest
> >kern.random.sys.harvest.ethernet: 1
> >kern.random.sys.harvest.point_to_point: 1
> >kern.random.sys.harvest.interrupt: 1
> >kern.random.sys.harvest.swi: 0
> >
> >These are the knobs I know about. Is it enough to turn
> >kern.random.sys.harvest.ethernet and kern.random.sys.harvest.interrupt to 
> >0,
> >or are there other things I need to do too?
> >
> >/Daniel Eriksson
> > 
> >
> That is what I did.  I have not bench marked, but I did allot of 
> searching on the web and reading man pages.  I just can't make the 
> changes permanent.  When I put them in loader.conf they seem to be 
> ignored.  Any suggestions to make it stick?

The values are set in the /etc/rc.d/initrandom script.  Add the
following to your rc.conf to diable interrupt and ethernet entropy
gathering:

harvest_interrupt="NO"
harvest_ethernet="NO"

-- Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBQRdhXY6L6fI4GtQRAm/kAJ4/nv2oxYZ3fed5tBOSAQDUUuzMygCgmO6G
950y8iCJoQivbGYhFmRPIBA=
=leDa
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040910025425.GA7425>