Changeset View
Changeset View
Standalone View
Standalone View
sys/conf/NOTES
Show First 20 Lines • Show All 2,987 Lines • ▼ Show 20 Lines | |||||
#options RANDOM_YARROW # Yarrow CSPRNG (old default) | #options RANDOM_YARROW # Yarrow CSPRNG (old default) | ||||
#options RANDOM_LOADABLE # Allow the algorithm to be loaded as | #options RANDOM_LOADABLE # Allow the algorithm to be loaded as | ||||
# a module. | # a module. | ||||
# Select this to allow high-rate but potentially expensive | # Select this to allow high-rate but potentially expensive | ||||
# harvesting of Slab-Allocator entropy. In very high-rate | # harvesting of Slab-Allocator entropy. In very high-rate | ||||
# situations the value of doing this is dubious at best. | # situations the value of doing this is dubious at best. | ||||
options RANDOM_ENABLE_UMA # slab allocator | options RANDOM_ENABLE_UMA # slab allocator | ||||
# Select this to allow high-rate but potentially expensive | |||||
# harvesting of of the m_next pointer in the mbuf. Note that | |||||
# the m_next pointer is NULL except when receiving > 4K | |||||
# jumbo frames or sustained bursts by way of LRO. Thus in | |||||
# the common case it is stirring zero in to the entropy | |||||
# pool. In cases where it is not NULL it is pointing to one | |||||
# of a small (in the thousands to 10s of thousands) number | |||||
# of 256 byte aligned mbufs. Hence it is, even in the best | |||||
# case, a poor source of entropy. And in the absence of actual | |||||
# runtime analysis of entropy collection may mislead the user in | |||||
# to believe that substantially more entropy is being collected | |||||
# than in fact is - leading to a different class of security | |||||
# risk. In high packet rate situations ethernet entropy | |||||
# collection is also very expensive, possibly leading to as | |||||
# much as a 50% drop in packets received. | |||||
options RANDOM_ENABLE_ENTROPY # slab allocator | |||||
# Module to enable execution of application via emulators like QEMU | # Module to enable execution of application via emulators like QEMU | ||||
options IMAGACT_BINMISC | options IMAGACT_BINMISC | ||||
# zlib I/O stream support | # zlib I/O stream support | ||||
# This enables support for compressed core dumps. | # This enables support for compressed core dumps. | ||||
options GZIO | options GZIO | ||||
# zstd I/O stream support | # zstd I/O stream support | ||||
Show All 15 Lines |