Here is the promised next phase in the /dev/random saga. Now that Mark has
committed the entropy harvesters, it's time to make use of them. I've had
the sysctl's that enable the harvesting turned on basically since they were
committed with no noticable negative effects on my celeron 450. Others have
reported similar results. Therefore we are turning the harvesters on by
default, with the ability to easily disable them in rc.conf.
I was unable to test the ppp bits, but I've every reason to believe that
this will work. Comments and suggestions are welcome. The goal is to turn
on the appropriate harvesters for ethernet, and/or ppp/slip/tun based on
the presence of a configured device of that nature. So, the ethernet bits
check to see if there is an ethernet card configured, and turns on that
harvester if so. The same should be true for the ppp harvester, based on
the suggestions I received for detecting whether a tun device is or will be
The next phase will be to eliminate the last of the hackish pseudo-entropy
harvesting, and move the writing of the rc.shutdown entropy file to
/var/db/entropy. Obviously if you experience any problems or slowdowns with
the sysctl's enabled please speak up. I want to give this new stuff a
couple weeks to mature before removal of the hackish stuff, since other
than the mere fact that it _is_ hackish, it's not really hurting anything.
Appropriate rc.conf(5) entries will be coming in a seperate commit. I am
working on a general cleanup/update of that file, but I plan to wait till
the reality in rc.conf is closer to what we want it to be.
-------- Original Message --------
Subject: cvs commit: src/etc rc src/etc/defaults rc.conf
Date: Thu, 1 Mar 2001 05:19:50 -0800 (PST)
From: Doug Barton <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
dougb 2001/03/01 05:19:50 PST
Add code to turn on the entropy harvesting sysctl's as early as possible
during the boot process. We're turning it on by default, based on the
actual presence of a configured ethernet card, and/or ppp/tun devices.
Of course, it's easy to disable in rc.conf.
Revision Changes Path
1.253 +79 -1 src/etc/rc
1.91 +4 -1 src/etc/defaults/rc.conf
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message