Subject: Re: /dev/random often empty
To: None <port-xen@netbsd.org>
From: None <fukumoto@imasy.or.jp>
List: port-xen
Date: 03/21/2007 04:04:58
Greg Troxel wrote:
>> Also, I wanted to understand how entropy was used; it seems it's
>> always used up and I know of know way to know what the consumers
>> were. I suspect it's a combination of sshd and racoon (I use
>> transport-mode IPsec on coda traffic).
>>
grep'ed through kernel code, and I think every TCP connection consumes
entropy by the second rnd_extract_data() in
netinet/tcp_subr.c:tcp_new_iss1(), which I think is called for every
TCP connect(2). Changing sysctl net.inet.tcp.iss_hash to non-0 might
help.
(tcp_new_iss1() looks iffy...)
FUKUMOTO Atsushi
fukumoto@imasy.or.jp