FreeBSD 5.3 Bridge performance take II

Brooks Davis brooks at one-eyed-alien.net
Thu Sep 9 20:02:30 PDT 2004


On Thu, Sep 09, 2004 at 09:28:44PM -0400, jason wrote:
> Daniel Eriksson wrote:
> 
> >Robert Watson wrote:
> >
> > 
> >
> >>If you're not already disabling harvesting of entropy on interrupts and
> >>in network processing, you really want to for performance purposes.
> >>   
> >>
> >
> >How do I disable this without causing entropy starvation for "typical" use
> >cases (ssl? ssh?)? I googled a bit and found nothing at all about how to
> >disable excessive harvesting.
> >
> ># sysctl -a | grep harvest
> >kern.random.sys.harvest.ethernet: 1
> >kern.random.sys.harvest.point_to_point: 1
> >kern.random.sys.harvest.interrupt: 1
> >kern.random.sys.harvest.swi: 0
> >
> >These are the knobs I know about. Is it enough to turn
> >kern.random.sys.harvest.ethernet and kern.random.sys.harvest.interrupt to 
> >0,
> >or are there other things I need to do too?
> >
> >/Daniel Eriksson
> > 
> >
> That is what I did.  I have not bench marked, but I did allot of 
> searching on the web and reading man pages.  I just can't make the 
> changes permanent.  When I put them in loader.conf they seem to be 
> ignored.  Any suggestions to make it stick?

The values are set in the /etc/rc.d/initrandom script.  Add the
following to your rc.conf to diable interrupt and ethernet entropy
gathering:

harvest_interrupt="NO"
harvest_ethernet="NO"

-- Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040909/8cb677dc/attachment.bin


More information about the freebsd-current mailing list