On Wednesday 04 August 2004 08:56 pm, Robert Watson wrote: > Another observation is that we seem to be doing a lot of entropy > gathering. That is to say -- a lot. On a busy system, I have to wonder > whether we're not paying a high cost to gather more entropy than we really > need. I'm not familiar with the Yarrow implementation nor harvesting > bits, but I'd pose this question to you: right now, we appear to pay four > mutex operations per packet if the fifo isn't full. Can we rate limit > entropy gathering in entropy-rich systems to avoid doing so much work? If > we're processing 25,000 or 100,000 packets a second, that's a lot of goup > passing through Yarrow. Is it possible to do lockless rate limiting so > that we gather it only once every few seconds? This might make a big > aggregate difference when processing ethernet packets at a high rate, such > as in bridging/forwarding scenarios, etc. Virtually all performance-sensitive installations will disable entropy gathering through fast paths. I've suggested for a long time that this sort of collection should be enabled only under dire circumstances and never by default. Regardless the last time I looked at the entropy harvesting it used a model where entropy was unilateraly sent for harvest and discarded when too plentiful. I term this the "push model". I've advocated a "pull model" where the PRNG requests entropy when a low water mark is hit and/or a hybrid scheme where producers have some sort of flow control or feedback mechanism. Everything that goes on inside the PRNG is a separate issue. SamReceived on Thu Aug 05 2004 - 02:40:30 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:04 UTC