Date: Wed, 4 Aug 2004 21:39:52 -0700 From: Sam Leffler <sam@errno.com> To: freebsd-current@freebsd.org Cc: Robert Watson <rwatson@freebsd.org> Subject: Re: So much entropy it's coming out of our ears? Message-ID: <200408042139.52577.sam@errno.com> In-Reply-To: <Pine.NEB.3.96L.1040804234812.19039J-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1040804234812.19039J-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 04 August 2004 08:56 pm, Robert Watson wrote: > Another observation is that we seem to be doing a lot of entropy > gathering. That is to say -- a lot. On a busy system, I have to wonder > whether we're not paying a high cost to gather more entropy than we really > need. I'm not familiar with the Yarrow implementation nor harvesting > bits, but I'd pose this question to you: right now, we appear to pay four > mutex operations per packet if the fifo isn't full. Can we rate limit > entropy gathering in entropy-rich systems to avoid doing so much work? If > we're processing 25,000 or 100,000 packets a second, that's a lot of goup > passing through Yarrow. Is it possible to do lockless rate limiting so > that we gather it only once every few seconds? This might make a big > aggregate difference when processing ethernet packets at a high rate, such > as in bridging/forwarding scenarios, etc. Virtually all performance-sensitive installations will disable entropy gathering through fast paths. I've suggested for a long time that this sort of collection should be enabled only under dire circumstances and never by default. Regardless the last time I looked at the entropy harvesting it used a model where entropy was unilateraly sent for harvest and discarded when too plentiful. I term this the "push model". I've advocated a "pull model" where the PRNG requests entropy when a low water mark is hit and/or a hybrid scheme where producers have some sort of flow control or feedback mechanism. Everything that goes on inside the PRNG is a separate issue. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408042139.52577.sam>