Page MenuHomeFreeBSD

avoid unneeded call to arc4random() in syncache_add()
ClosedPublic

Authored by gallatin on Tue, Sep 10, 7:47 PM.

Details

Summary

We currently call arc4random() unconditionally to initialize sc_iss, but then when syncookies are enabled, we overwrite it with the return value from from syncookie_generate(). It would seem to make more sense to only call arc4random() when syncookies are not enabled.

Note that on a system under a syn flood attack, arc4random() becomes quite expensive, and the chacha_poly crypto that it calls is one of the more expensive things happening on the system. Removing this unneeded arc4random() call reduces CPU from about 40% to about 35% in my test scenario (Broadwell Xeon, 6Mpps syn flood attack).

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

gallatin created this revision.Tue, Sep 10, 7:47 PM
rrs accepted this revision.Tue, Sep 10, 7:48 PM
This revision is now accepted and ready to land.Tue, Sep 10, 7:48 PM
tuexen accepted this revision.Tue, Sep 10, 9:12 PM
bz accepted this revision.Wed, Sep 11, 1:39 PM
This revision was automatically updated to reflect the committed changes.