Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Sep 2004 19:54:26 -0700
From:      Brooks Davis <brooks@one-eyed-alien.net>
To:        jason <jason@ec.rr.com>
Cc:        current@freebsd.org
Subject:   Re: FreeBSD 5.3 Bridge performance take II
Message-ID:  <20040910025425.GA7425@odin.ac.hmc.edu>
In-Reply-To: <4141034C.1080700@ec.rr.com>
References:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA0VcX9IoJqUaXPS8MjT1PdsKAAAAQAAAAgcC6P5K6r0GGsZ6hnDUsHgEAAAAA@telia.com> <4141034C.1080700@ec.rr.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 09, 2004 at 09:28:44PM -0400, jason wrote:
> Daniel Eriksson wrote:
>=20
> >Robert Watson wrote:
> >
> >=20
> >
> >>If you're not already disabling harvesting of entropy on interrupts and
> >>in network processing, you really want to for performance purposes.
> >>  =20
> >>
> >
> >How do I disable this without causing entropy starvation for "typical" u=
se
> >cases (ssl? ssh?)? I googled a bit and found nothing at all about how to
> >disable excessive harvesting.
> >
> ># sysctl -a | grep harvest
> >kern.random.sys.harvest.ethernet: 1
> >kern.random.sys.harvest.point_to_point: 1
> >kern.random.sys.harvest.interrupt: 1
> >kern.random.sys.harvest.swi: 0
> >
> >These are the knobs I know about. Is it enough to turn
> >kern.random.sys.harvest.ethernet and kern.random.sys.harvest.interrupt t=
o=20
> >0,
> >or are there other things I need to do too?
> >
> >/Daniel Eriksson
> >=20
> >
> That is what I did.  I have not bench marked, but I did allot of=20
> searching on the web and reading man pages.  I just can't make the=20
> changes permanent.  When I put them in loader.conf they seem to be=20
> ignored.  Any suggestions to make it stick?

The values are set in the /etc/rc.d/initrandom script.  Add the
following to your rc.conf to diable interrupt and ethernet entropy
gathering:

harvest_interrupt=3D"NO"
harvest_ethernet=3D"NO"

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBQRdhXY6L6fI4GtQRAm/kAJ4/nv2oxYZ3fed5tBOSAQDUUuzMygCgmO6G
950y8iCJoQivbGYhFmRPIBA=
=leDa
-----END PGP SIGNATURE-----

--HcAYCG3uE/tztfnV--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040910025425.GA7425>