From owner-freebsd-current@FreeBSD.ORG Fri Sep 10 03:02:30 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 557E516A4CE; Fri, 10 Sep 2004 03:02:30 +0000 (GMT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FA8343D53; Fri, 10 Sep 2004 03:02:30 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id i8A2sQT6007945; Thu, 9 Sep 2004 19:54:26 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id i8A2sQkB007944; Thu, 9 Sep 2004 19:54:26 -0700 Date: Thu, 9 Sep 2004 19:54:26 -0700 From: Brooks Davis To: jason Message-ID: <20040910025425.GA7425@odin.ac.hmc.edu> References: <4141034C.1080700@ec.rr.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline In-Reply-To: <4141034C.1080700@ec.rr.com> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu cc: 'Robert Watson' cc: Daniel Eriksson cc: current@freebsd.org Subject: Re: FreeBSD 5.3 Bridge performance take II X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Sep 2004 03:02:30 -0000 --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 09, 2004 at 09:28:44PM -0400, jason wrote: > Daniel Eriksson wrote: >=20 > >Robert Watson wrote: > > > >=20 > > > >>If you're not already disabling harvesting of entropy on interrupts and > >>in network processing, you really want to for performance purposes. > >> =20 > >> > > > >How do I disable this without causing entropy starvation for "typical" u= se > >cases (ssl? ssh?)? I googled a bit and found nothing at all about how to > >disable excessive harvesting. > > > ># sysctl -a | grep harvest > >kern.random.sys.harvest.ethernet: 1 > >kern.random.sys.harvest.point_to_point: 1 > >kern.random.sys.harvest.interrupt: 1 > >kern.random.sys.harvest.swi: 0 > > > >These are the knobs I know about. Is it enough to turn > >kern.random.sys.harvest.ethernet and kern.random.sys.harvest.interrupt t= o=20 > >0, > >or are there other things I need to do too? > > > >/Daniel Eriksson > >=20 > > > That is what I did. I have not bench marked, but I did allot of=20 > searching on the web and reading man pages. I just can't make the=20 > changes permanent. When I put them in loader.conf they seem to be=20 > ignored. Any suggestions to make it stick? The values are set in the /etc/rc.d/initrandom script. Add the following to your rc.conf to diable interrupt and ethernet entropy gathering: harvest_interrupt=3D"NO" harvest_ethernet=3D"NO" -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBQRdhXY6L6fI4GtQRAm/kAJ4/nv2oxYZ3fed5tBOSAQDUUuzMygCgmO6G 950y8iCJoQivbGYhFmRPIBA= =leDa -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV--