mirror of
https://github.com/opnsense/src.git
synced 2026-02-15 16:48:36 -05:00
548dca90ae
Flip the knob added in r349154 to "enabled." The commit message from that revision and associated code comment describe the rationale, implementation, and motivation for the new default in detail. I have dog-fooded this configuration on my own systems for six months, for what that's worth. For end-users: the result is just as secure. The benefit is a faster, more responsive system when processes produce significant demand on random(4). As mentioned in the earlier commit, the prior behavior may be restored by setting the kern.random.fortuna.concurrent_read="0" knob in loader.conf(5). This scales the random generation side of random(4) somewhat, although there is still a global mutex being shared by all cores and rand_harvestq; the situation is generally much better than it was before on small CPU systems, but do not expect miracles on 256-core systems running 256-thread full-rate random(4) read. Work is ongoing to address both the generation-side (in more depth) and the harvest-side scaling problems. Approved by: csprng(delphij, markm) Tested by: markm Differential Revision: https://reviews.freebsd.org/D22879 |
||
|---|---|---|
| .. | ||
| build.sh | ||
| darn.c | ||
| fortuna.c | ||
| fortuna.h | ||
| hash.c | ||
| hash.h | ||
| ivy.c | ||
| nehemiah.c | ||
| other_algorithm.c | ||
| other_algorithm.h | ||
| random_harvestq.c | ||
| random_harvestq.h | ||
| random_infra.c | ||
| randomdev.c | ||
| randomdev.h | ||
| uint128.h | ||
| unit_test.c | ||
| unit_test.h | ||