Page MenuHomeFreeBSD
Differential D21591

avoid unneeded call to arc4random() in syncache_add()
ClosedPublic
Actions

Authored by gallatin on Sep 10 2019, 7:47 PM.
Tags
None
Referenced Files
F136354580: D21591.diff
Mon, Nov 17, 9:38 AM
F136351323: D21591.id61940.diff
Mon, Nov 17, 9:10 AM
F136340702: D21591.diff
Mon, Nov 17, 7:43 AM
Unknown Object (File)
Thu, Nov 13, 8:24 AM
Unknown Object (File)
Tue, Nov 11, 6:26 AM
Unknown Object (File)
Tue, Nov 4, 5:46 AM
Unknown Object (File)
Mon, Nov 3, 11:56 PM
Unknown Object (File)
Sun, Nov 2, 3:01 PM
View All 95 Files
Subscribers
imp

Details

Reviewers
rrs
tuexen
bz
Group Reviewers
transport
Commits
rS352228: Avoid unneeded call to arc4random() in syncache_add()
Summary

We currently call arc4random() unconditionally to initialize sc_iss, but then when syncookies are enabled, we overwrite it with the return value from from syncookie_generate(). It would seem to make more sense to only call arc4random() when syncookies are not enabled.

Note that on a system under a syn flood attack, arc4random() becomes quite expensive, and the chacha_poly crypto that it calls is one of the more expensive things happening on the system. Removing this unneeded arc4random() call reduces CPU from about 40% to about 35% in my test scenario (Broadwell Xeon, 6Mpps syn flood attack).

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netinet/
3 lines

Diff 61940

View Options

head/sys/netinet/tcp_syncache.c

Loading...