mirror of
https://github.com/opnsense/src.git
synced 2026-02-15 16:48:36 -05:00
Flip the knob added in r349154 to "enabled." The commit message from that revision and associated code comment describe the rationale, implementation, and motivation for the new default in detail. I have dog-fooded this configuration on my own systems for six months, for what that's worth. For end-users: the result is just as secure. The benefit is a faster, more responsive system when processes produce significant demand on random(4). As mentioned in the earlier commit, the prior behavior may be restored by setting the kern.random.fortuna.concurrent_read="0" knob in loader.conf(5). This scales the random generation side of random(4) somewhat, although there is still a global mutex being shared by all cores and rand_harvestq; the situation is generally much better than it was before on small CPU systems, but do not expect miracles on 256-core systems running 256-thread full-rate random(4) read. Work is ongoing to address both the generation-side (in more depth) and the harvest-side scaling problems. Approved by: csprng(delphij, markm) Tested by: markm Differential Revision: https://reviews.freebsd.org/D22879 |
||
|---|---|---|
| .. | ||
| build.sh | ||
| darn.c | ||
| fortuna.c | ||
| fortuna.h | ||
| hash.c | ||
| hash.h | ||
| ivy.c | ||
| nehemiah.c | ||
| other_algorithm.c | ||
| other_algorithm.h | ||
| random_harvestq.c | ||
| random_harvestq.h | ||
| random_infra.c | ||
| randomdev.c | ||
| randomdev.h | ||
| uint128.h | ||
| unit_test.c | ||
| unit_test.h | ||